Values for content-security-policy:
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 8,272
upgrade-insecure-requests 7,702
upgrade-insecure-requests; 3,994
frame-ancestors 'self' 2,383
block-all-mixed-content 1,581
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 936
frame-ancestors 'self'; 577
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 499
frame-ancestors 'none' 415
340
block-all-mixed-content; 310
default-src https: data: 'unsafe-inline' 'unsafe-eval' 296
frame-ancestors 'none'; 261
frame-ancestors 'self' https://*.ally.ac; 192
img-src https: data:; upgrade-insecure-requests 171
frame-ancestors 'self' ; 168
default-src * data: 'unsafe-eval' 'unsafe-inline' 165
report-uri /report-csp-violation 143
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests; 135
frame-ancestors 'self' http://webvisor.com 107
upgrade-insecure-requests; frame-ancestors 'self' 102
frame-ancestors 'self' https://app.kajabi.com 98
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 96
frame-ancestors 'self'; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 93
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 90
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 73
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 66
frame-ancestors 'self' *.google.com *.googleusercontent.com 56
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 53
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://bam.nr-data.net https://chaturbateapps.disqus.com https://*.disquscdn.com https://disqus.com https://certify-js.alexametrics.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.disquscdn.com ;  img-src 'self' data: https://*.highwebmedia.com https://*stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://bam.nr-data.net https://*.disquscdn.com https://links.services.disqus.com https://referrer.disqus.com https://certify.alexametrics.com https://stats.g.doubleclick.net ;  font-src 'self' data: https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://bam.nr-data.net https://*.chaturbate.com https://chaturbate.com wss://recommend.chaturbate.com:8443 https://www.google-analytics.com https://links.services.disqus.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://disqus.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 48
frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com 47
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 45
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 44
frame-ancestors about: 'self' 43
frame-ancestors 'self' live.sagepay.com 42
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 37
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 37
frame-ancestors https://*.poki.io http://localhost:1234 36
script-src 'self'    35
self 34
default-src 'self'; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 34
default-src 'self' 34
default-src 'self' http: https: data: blob: 'unsafe-inline' 34
* 32
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net; 32
frame-ancestors https://cue.forum.cue.cloud 31
frame-ancestors 'self'; upgrade-insecure-requests 30
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js 30
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 30
upgrade-insecure-requests; block-all-mixed-content; 28
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 28
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 26
upgrade-insecure-requests; block-all-mixed-content 25
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net *.bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net; 25
frame-ancestors 'self' azeu.marketing.adobe.com 25
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:;  24
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 24
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 21
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 21
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 21
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 21
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 21
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 21
default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net  *.bing.com  *.ccmp.eu  *.cookiebot.com  *.edge-cdn.net   *.google-analytics.com  *.googletagmanager.com  *.lidl  *.lidl-flyer.com  *.lidl.com  *.lidl.net  *.multichannelacd.de  *.secrz.de  *.virtualearth.net  ads.yahoo.com  advdl.ammadv.it  assets.zendesk.com  c.imedia.cz  cm.g.doubleclick.net  connect.facebook.net  d.adroll.com  d.adroll.mgr.consensu.org  form.lidl.com  lidl.media01.eu  lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz  s.adroll.com  s.ytimg.com  tagmanager.google.com  track.adform.net  us-u.openx.net  www.dwin1.com  www.googleadservices.com www.google.com www.youtube.com; img-src 'self' data: *.bing.com *.ccmp.eu *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net appgateway.lidlplus.com content.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net; frame-ancestors 'self' *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net; 20
frame-ancestors * 20
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 20
policy-definition 20
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 19
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 18
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 18
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 18
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 17
report-uri /report-csp-violation; upgrade-insecure-requests 17
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 17
script-src 'unsafe-inline' 'unsafe-eval' http: https: 17
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 17
frame-ancestors https:; 17
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 17
frame-ancestors https://*.ionos.at https://*.ionos.co.uk https://*.ionos.com https://*.ionos.de https://*.ionos.it https://*.ionos.mx https://*.ionos.fr https://*.ionos.es https://*.ionos.ca https://*.ionos.us 17
default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.socialengagementcoaching.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 17
frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 16
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 16
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 16
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 16
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob: https://apis.google.com; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://accounts.google.com/; object-src 'none'; upgrade-insecure-requests 16
default-src https: 'unsafe-inline' 'unsafe-eval' 16
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob: *.readspeaker.com *.speechstream.net; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 16
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; 15
frame-ancestors 'self' https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwqa.nvidia.com https://preview.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in; 15
img-src data: https: 15
script-src *; 15
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 15
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 15
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net 'self' blob:; frame-src *; 15
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 14
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 14
frame-ancestors 'self' https://*.adobe.com 14
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.ads-twitter.com *.twitter.com *.cloudfront.net *.google-analytics.com *.hotjar.com *.googletagmanager.com *.jnhuigao1.cn *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.geetest.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 14
'self' https://ajax.googleapis.com 14
frame-ancestors none; 14
frame-ancestors 'self' https://preview.citynavigator.nl 14
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 13
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 13
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 13
frame-ancestors self 13
frame-ancestors 'self' https://sage.pathfactory.com; 13
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 13
frame-ancestors 'self' *.facebook.com *.vk.com 13
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 12
frame-ancestors none 12
default-src 'self'; script-src 'self' 'unsafe-inline' 12
default-src http://ip-api.com/ 'self' 'unsafe-inline' 'unsafe-eval' https: data: 12
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js  https://ajax.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com;frame-src 'self' https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://cdn.quantummetric.com/qscripts/quantum-seaworld.js https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 12
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 12
default-src 'self'; 12
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 12
none 12
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 12
default-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://cdn1.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://f1-eu.readspeaker.com https://monitoring.echobot.de https://event.beyondwork2020.com https://walls.io https://streaming.talk42.de 'unsafe-inline' blob:; img-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://*.tile.openstreetmap.org/ https://api.mapbox.com/ 'unsafe-inline' data:;font-src 'self' data:; 12
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 12
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 12
frame-ancestors 'self' *.roomlynx.net  12
child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv https://content.uplynk.com/; worker-src 'self' blob:; frame-ancestors 'self' https://b2b.verizonmedia.com 11
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 11
report-uri //report-csp-violation 11
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 11
default-src 'none' 11
default-src http: data: 'unsafe-inline' 'unsafe-eval' 11
img-src * data: blob:; 11
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com  https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com  https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' *.indeed.com  data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://pt.ispot.tv; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net d3fw5vlhllyvee.cloudfront.net https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed https://rs.fullstory.com/rec/; 11
frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 11
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 11
frame-ancestors 'self' *.freshworks.com *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 10
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.timeweb.net *.timeweb.ru *.yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com onthe.io *.onthe.io i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org yastatic.net blob: staging.timeweb.com 10
frame-ancestors 'self' https://*.expo-ip.com ; 10
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ 10
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 10
block-all-mixed-content; upgrade-insecure-requests; 10
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 10
frame-ancestors 10
default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com; img-src 'self' https: data: blob:; 10
frame-ancestors 'self' sun.eduzz.com *.monetizze.com.br *.hotmart.com; 10
prefetch-src *.metartnetwork.com; default-src 'self' blob: *.metartnetwork.com; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metartnetwork.com *.metart.network *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 10
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru www.google-analytics.com *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net megatimer.ru stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' megatimer.ru mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru anycaster.tv *.anycaster.tv livezvezda.mediacdn.ru *.livezvezda.mediacdn.ru newapp.bonus-tv.ru *.newapp.bonus-tv.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru yandex.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://vuz.mil.ru https://www.mil.ru https://*.mil.ru https://anycaster.tv https://livezvezda.mediacdn.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 10
object-src 'self' 10
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 10
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 10
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com; 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' https: data:; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://www.facebook.com https://*.fls.doubleclick.net https://optimize.google.com www.snapengage.com https://www.expresvpn-private-analytics.net; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.snapengage.com https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 9
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 9
frame-ancestors 'self' hubpages.com tatring.com marinascats.com pethelpful.com bellatory.com delishably.com dengarden.com axleaddict.com levelskip.com exemplore.com reelrundown.com toughnickel.com caloriebee.com stylemountain.com feltmagnet.com spinditty.com wehavekids.com kindredbond.com healdove.com turbofuture.com wanderwisdom.com letterpile.com holidappy.com pairedlife.com owlcation.com soapboxie.com hobbylark.com skyaboveus.com howtheyplay.com hubpageshelp.com remedygrove.com equalstyle.com healthproadvice.com youmemindbody.com patientslounge.com 9
frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com 9
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com; object-src 'self' 9
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com; style-src 'self' 'unsafe-inline' https://*.jwpcdn.com; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com; frame-ancestors 'self'; 9
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 9
default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 9
referrer no-referrer 9
frame-ancestors 'self' https://immobilier.jll.be https://jll.maps.arcgis.com; 9
default-src * 'unsafe-inline' 'unsafe-eval' data: blob 9
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline' ;img-src * 'self' data: ;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; worker-src  * 'self' blob: ; connect-src * 'self' blob:; font-src * 'self' data: ; frame-src * 'self' ;media-src * 'self' blob: ;object-src * 'self'; report-uri https://paxil3koxi.execute-api.eu-central-1.amazonaws.com/prod/report; 9
default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 9
frame-ancestors 'self' *.vergic.com 9
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 9
default-src 'none' ; child-src 'self' *.ihk.de  ; connect-src 'self' *.ihk.de live.c3networking.de ihk-ar.ycms.rocks wss://chat.userlike.com/chat/ *.etracker.de b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com *.cdn.office.net cdn.contentful.com pam.ihk-schleswig-holstein.de *.microsoft.com *.google-analytics.com *.dvinci-hr.com *.ihk24.de *.userlike.com *.twitter.com expertenpool.automatisierungsregion.de static.dvinci-easy.com *.googleapis.com *.b-ite.com *.newsletter2go.com www.powr.io  ; default-src *.ihk.de  ; font-src 'self' data: ihk-ar.ycms.rocks *.cdn.office.net d3dc1lgancj6l0.cloudfront.net *.googleapis.com dq4irj27fs462.cloudfront.net *.gstatic.com  ; form-action 'self' *.ihk.de *.highcharts.com *.twitter.com www.tfaforms.com www.forschungsfinder-hessen.de routenplaner.bus-bahn-thueringen.de *.wirecard.com *.ihk24.de web.ihk-pfalz.net  ; frame-src 'self' www.ihk-lehrstellenboerse.de  24703.online-adventskalender.de www.etermin.net www.forschungsfinder-hessen.de cdn.podigee.com livestream.watch/vp/nachhaltigkeitsdialog.html *.wahlplus.de *.google.de *.bitkomplex.de www.berufe.tv hk24.perbit-job.de *.twitter.com ihk.selbstdenker.com walls.io *.bright-guide.de www.leg-thueringen.de detmold.ihk-beitragsrechner.de www.ihk-ecofinder.de www.hk24.de covid19.webtvcampus.de www.ihkac-anwendungen.de *.ihk.de consentcdn.cookiebot.com *.vimeo.com b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com dbaw.specials-bahn.de ihk-schwerin.wahlplus.de www.onlinebewerbungsserver.de hk24.perbit-job.de  www.gatewatch.eu www.ihk-praktikumsportal.de *.flickr.com geoportal-hamburg.de w.soundcloud.com static-exp1.licdn.com *.xing-events.com vimeo.com *.exmap.de isi.hdb-hamburg.de *.highcharts.com *.facebook.com www.plattform-i40.de www.finest-jobs.com link.webropolsurveys.com *.youtube.com ihk-potsdam.perbit-job.de handelskammer-bremen.appointmind.net cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.azubi-magdeburg-ihk.de cottbus-ihk-pruefungen.de www.youtube-nocookie.com www.powr.io inx.odav.de www.unikam.de ihkob.wekando.eu www.ausbildungslauf.de app.cituro.com e.video-cdn.net static.issuu.com html5-player.libsyn.com con.arbeitsagentur.de www.iwd.de start.video-stream-hosting.de tuerchen.com www.vvs.de corona.conterra.de live.c3networking.de www.praktikum.info dihk.imageplant.de ihk-weiterbildung-oldenburg.de cdn.contentful.com ihk-darmstadt-portal.rexx-recruitment.com umap.openstreetmap.fr www.ihk-magdeburg.de iframe.wvd-portfolio.de www.ihk-berlin.org kvg-kassel.widget-generator.de e.issuu.com www.instagram.com komsis.inecos.de code.createjs.com www.ihk-bw.digital berufsausbildung-aachen-ihk.de expertenpool.automatisierungsregion.de roundme.com bc.pressmatrix.com doo.net www.terminland.de www.giu-kalender.org *.b-ite.com www.kandidatenmanagement.de  ; img-src 'self' data: ihk-ar.ycms.rocks userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.etracker.de www.forschungsfinder-hessen.de *.etracker.com editor.signavio.com *.google.de pam.ihk-schleswig-holstein.de *.userlike.com www.ihk-berlin.de *.twitter.com www.hvv.de d3dc1lgancj6l0.cloudfront.net www.rmv.de dq4irj27fs462.cloudfront.net *.staticflickr.com www.ihk-wiesbaden.de *.newsletter2go.com *.ihk.de live.c3networking.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-lueneburg.de *.google-analytics.com www.ihk-rlp.de static-exp1.licdn.com infographic.statista.com *.ihk24.de *.gstatic.com *.exmap.de kvg-kassel.widget-generator.de *.facebook.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.finest-jobs.com expertenpool.automatisierungsregion.de roundme.com www.ihk-ostbrandenburg.de www.bso-hessen.de *.googleapis.com *.twimg.com *.google.com *.b-ite.com vstdbv3 www.ihk-koblenz.de www.ihk-gfi.de www.bahn.de  ; manifest-src *.ihk.de  ; media-src 'self' d3dc1lgancj6l0.cloudfront.net *.youtube.com dq4irj27fs462.cloudfront.net ims-files-cdn.net www.ihk-ecofinder.de  ; object-src 'self' www.berufe.tv  ; script-src 'unsafe-inline' 'unsafe-eval' 'self' ihk-ar.ycms.rocks  24703.online-adventskalender.de *.cdn.office.net www.etermin.net www.forschungsfinder-hessen.de cdn.podigee.com editor.signavio.com cdn.rlets.com *.twitter.com walls.io *.bright-guide.de www.ihkac-anwendungen.de *.ihk.de *.flickr.com *.google-analytics.com connect.facebook.net static-exp1.licdn.com *.xing-events.com *.exmap.de *.highcharts.com *.facebook.com www.finest-jobs.com *.linkedin-ei.com *.youtube.com *.googleapis.com *.twimg.com cdn.doo.net/assets/js/viovendi-embed-static-1.js *.google.com www.powr.io *.etracker.de *.etracker.com pam.ihk-schleswig-holstein.de *.userlike.com www.tfaforms.com d3dc1lgancj6l0.cloudfront.net www.googletagmanager.com static.dvinci-easy.com dq4irj27fs462.cloudfront.net imagemarker.com www.google.analytics.com *.newsletter2go.com tuerchen.com live.c3networking.de *.cookiebot.com www.ihk-magdeburg.de code.jquery.com/jquery-3.1.1.min.js *.ihk24.de kvg-kassel.widget-generator.de userlike-cdn-widgets.s3-eu-west-1.amazonaws.com www.instagram.com code.createjs.com expertenpool.automatisierungsregion.de routenplaner.bus-bahn-thueringen.de doo.net *.b-ite.com  ; style-src 'self'  'unsafe-inline' *.ihk.de live.c3networking.de ihk-ar.ycms.rocks *.etracker.de *.cdn.office.net editor.signavio.com maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de static-exp1.licdn.com *.ihk24.de *.twitter.com www.tfaforms.com www.finest-jobs.com expertenpool.automatisierungsregion.de static.dvinci-easy.com cdnjs.cloudflare.com routenplaner.bus-bahn-thueringen.de *.googleapis.com *.twimg.com imagemarker.com *.b-ite.com  ; worker-src *.ihk.de  ; report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  9
base-uri 'self'; 9
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' 9
frame-ancestors 'self' https://*.etracker.com 9
upgrade-insecure-requests; base-uri 'self' 9
frame-ancestors 'self' *.radio.com 9
block-all-mixed-content; frame-ancestors 'self' 9
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org; upgrade-insecure-requests 8
frame-ancestors 'self' http://localhost:* https://*.bustle.com 8
frame-ancestors https://*.marketo.com 8
frame-ancestors https://nurture.solarwinds.com 8
frame-src *; 8
upgrade-insecure-requests ; 8
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 8
referrer origin 8
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw; frame-ancestors 'self' vznrw-piwik.init-ag.de; 8
frame-ancestors 'self' *.nhanh.vn 8
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com http://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ; frame-ancestors 'self' https://trustseal.enamad.ir 8
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 8
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 8
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 8
default-src 'self' http: https: *.yandex.ru *.google.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://a24help.ru/ https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com; img-src 'self'  data: *.gstatic.com  *.yandex.ru *.yandex.net https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com  securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com; font-src 'self' *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 8
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' *.royal-canin.de; 8
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri 'none' 7
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 7
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 7
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 7
frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us 7
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 7
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 7
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm https://api.mapbox.com https://*.tiles.mapbox.com;block-all-mixed-content;upgrade-insecure-requests; 7
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 7
frame-ancestors 'self' *.ci360.sas.com 7
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 7
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 7
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 7
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 7
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src  https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src  https:  'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 7
img-src * 7
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de api.permutive.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be player.vimeo.com secureframe.doubleclick.net universe.queue-it.net www.google.com www.universe.com www.youtube.com youtu.be;worker-src 'self' blob: 7
default-src 'self' *.cscglobal.com *.swiftypecdn.com  *.swiftype.com *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com; script-src 'self' ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com  *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' ocp.cscglobal.com ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.swiftype.com *.cscglobal.com  *.googletagmanager.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 7
default-src * data: 'unsafe-inline' 'unsafe-eval' 7
default-src 'self' 'unsafe-inline' 7
frame-ancestors cuedev.ece.ksml.fi cue.media.fi; 7
frame-ancestors *; 7
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 7
reflected-xss block 7
frame-ancestors 'self' https://*.facebook.com; 7
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 7
frame-src * 7
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 6
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com www.google.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 6
media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 6
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 6
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 6
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 6
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 6
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 6
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com  https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com  https://benzinga.com https://www.benzinga.com https://m.benzinga.com  https://bz.benzinga.com https://zingbot.bz https://www.zingbot.bz https://m.zingbot.bz https://bz.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://stage.barchart.com https://www.barchart.com https://www.infinityfutures.com https://datamineuat.cmegroup.com https://next.benzinga.com https://quotes.benzinga.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com https://uatm.cqg.com  https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com *.straitsfinancial.gate39tech.com us.straitsfinancial.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org; 6
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 6
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com; 6
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://*.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 6
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com d.la2-c2-cdg.salesforceliveagent.com d.la2-c1cs-cdg.salesforceliveagent.com c.la2-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 6
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 6
default-src 'self' data: blob:; connect-src * blob:; font-src 'self' * 'unsafe-inline' data:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; media-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: *.stripe.com fullstory.com; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; child-src 'self' data: blob: *.stripe.com *.paddle.com hotjar.com *.hotjar.com *.google.com headway-widget.net trustpilot.com *.trustpilot.com embed.neomam.com fullstory.com resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; frame-ancestors 'self' vwo.com *.vwo.com 6
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.telerain.com:* 6
base-uri 'self' 6
frame-ancestors 'self' https://*.adventhealth.com 6
frame-ancestors 'self' *.psplugin.com 6
frame-ancestors *.nordangliaeducation.com *.tfaforms.net 'self' 6
<options and value> 6
frame-ancestors *.benq.com *.benq.eu 6
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 6
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 6
Content-Security-Policy-Report-Only 6
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 6
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 6
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://collector-medium.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 6
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 6
frame-ancestors 'self' http://*.elsevier.es/ 6
default-src 'self' http://tribeca.vidavee.com https://www.facebook.com https://assets.adobedtm.com https://connect.facebook.net https://ad.doubleclick.net https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com https://*.map2.ssl.hwcdn.net https://feeds.standardbank.com https://noembed.com; font-src 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://www.homeloans1.standardbank.co.za https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://i.ytimg.com https://developers.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://www.youtube.com https://connect.facebook.net https://ad.doubleclick.net https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net https://tpc.googlesyndication.com https://snap.licdn.com https://px.ads.linkedin.com https://s.ytimg.com; style-src 'unsafe-inline' 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self'; 6
default-src: https: 'unsafe-inline' 6
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com forms.logiforms.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com iadvize.com lc.iadvize.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com 6
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 6
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 6
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 6
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 6
frame-ancestors https://my.bigcartel.com; 6
base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none' 5
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net clients.opinary.com compass.pressekompass.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 5
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net *.bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net; 5
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5
frame-ancestors 'self' *.wellsfargo.com 5
frame-ancestors 'self' *.wildberries.ru 5
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 5
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 5
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; object-src 'none'; upgrade-insecure-requests 5
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz; 5
frame-ancestors https://app.c-spanbus.org https://*.c-span.org 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg; frame-src 'self' https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/; font-src 'self' data: https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com 5
block-all-mixed-content;frame-ancestors *.mail.com 5
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 5
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 5
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au 5
frame-ancestors 'self' https://app.brandwatch.com https://login.brandwatch.com https://app.stage.brandwatch.net https://auth-gateway.platform-stage.gcp0.bwcom.net https://login.brndwt.ch; 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
upgrade-insecure-requests;connect-src * 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self'; report-uri //report-csp-violation 5
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 5
nosniff 5
form-action https: 5
block-all-mixed-content; upgrade-insecure-requests 5
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com *.optimizely.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.salesforceliveagent.com *.sanzone.io api.dpx.northwell.io *.yimg.com *.yahoo.com tags.srv.stackadapt.com; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com *.syllable.ai *.force.com *.salesforce.com api.dpx.northwell.io *.yimg.com *.srv.stackadapt.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad *.syllablecdn.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.sanzone.dev *.northwell.io api.dpx.northwell.io *.yimg.com *.googleusercontent.com; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' blob: cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com *.optimizely.com *.force.com *.salesforce.com *.pledgeling.com *.adsrvr.org *.healthgrades.com *.podbean.com *.libsyn.com *.simplecast.com; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com api.dpx.northwell.io *.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com *.mktoresp.com *.nr-data.net *.optimizely.com *.syllable.ai *.locationiq.com *.conveythis.com *.force.com *.sanzone.io *.sanzone.dev *.northwell.io *.yimg.com *.srv.stackadapt.com; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 5
frame-ancestors 'self' https://www.growingio.com 5
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 5
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://www.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: https://web-elb https://*.online-metrix.net https://*.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com http://origin-st.redbus.in https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://*.firebaseapp.com https://*.firebaseio.com  https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://*.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://*.facebook.com https://www.youtube.com https://dis.as.criteo.com; object-src 'self' 5
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org 5
script-src 'unsafe-inline' 'unsafe-eval' * 5
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 5
frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 5
connect-src *; default-src 'self'; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5
default-src https: data: 'unsafe-inline' 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 5
frame-ancestors 'self' nurture.solarwinds.com; 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 5
frame-ancestors 'self' *.betssongroupaffiliates.com 5
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com code.jquery.com sentry.io stats.g.doubleclick.net sumo.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com themes.googleusercontent.com wrss-2c7e.kxcdn.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.libsyn.com *.twitter.com sumo.com twitter.com; img-src 'self' *.bbb.org *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com about: assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net extended-validation-ssl.thawte.com https://seal.verisign.com pubads.g.doubleclick.net seal.thawte.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com syndication.twitter.com twitter.com verify.authorize.net wrss-2c7e.kxcdn.com; manifest-src ammo.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com wrss-2c7e.kxcdn.com www.ammoforsale.com www.ammoman.com www.ammunitiontogo.com www.bulkammo.com www.cheapammo.com www.luckygunner.com www.targetbarn.com www.wideners.com; media-src 'self' *.facebook.com; object-src 'self' *.facebook.com www.luckyreferrals.com; report-uri https://sentry.io/api/1201369/security/?sentry_key=66651cc2476b475987e75acc58880acc; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.bbb.org *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com api.bufferapp.com assets.targetbarn.com blob: browser.sentry-cdn.com buttons.reddit.com cdn-secure.luckygunner.com cdn.ravenjs.com code.jquery.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net reddit.com seal.thawte.com seal.verisign.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com verify.authorize.net widgets.pinterest.com wrss-2c7e.kxcdn.com www.linkedin.com www.luckyreferrals.com www.reddit.com; style-src 'self' 'unsafe-inline' *.bbb.org *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net sload.sumo.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com sumo.b-cdn.net wrss-2c7e.kxcdn.com 5
; 5
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline';  5
default-src * 'unsafe-inline' 'unsafe-eval'; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn; object-src 'self' 5
frame-ancestors 'self' weleda.sabio.de 5
child-src * blob: 5
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; object-src 'none'; base-uri 'self'; 5
default-src 'self'; img-src 'self' https://d300tb5wusuhi2.cloudfront.net https://assets.abenity.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://abs.twimg.com https://api.mapbox.com https://b.tiles.mapbox.com https://bam.nr-data.net https://bat.bing.com https://chart.apis.google.com https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://i.ytimg.com https://img.youtube.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://syndication.twitter.com https://www.google-analytics.com https://www.gstatic.com; font-src 'self' https://cloud.typography.com https://fast.wistia.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com; object-src 'self' https://embedwistia-a.akamaihd.net; connect-src 'self' 'unsafe-eval' https://d300tb5wusuhi2.cloudfront.net https://a.tiles.mapbox.com https://api.abenity.com https://api.mapbox.com https://bam.nr-data.net https://bat.bing.com https://distillery.wistia.com https://distillery.wistia.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://events.mapbox.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://app.wistia.com https://bam.nr-data.net https://bat.bing.com https://cdn.walkme.com https://distillery.wistia.com https://fast.wistia.com https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://use.fontawesome.com; media-src 'self'  https://d300tb5wusuhi2.cloudfront.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net blob:; frame-src 'self'  https://abenityinc.freshdesk.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://platform.twitter.com https://www.google.com https://www.youtube.com; report-uri https://api.abenity.com/public/csp-logger.json 5
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' 'unsafe-inline'; 5
frame-ancestors 'self' *.facebook.com 5
script-src * 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors *.ivanti.com https://dash.cloudflare.com 5
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 5
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 5
object-src 'none' 5
frame-ancestors *.plentymarkets-cloud-de.com 5
default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://bam.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://www.facebook.com https://*.kampyle.com https://static.zdassets.com https://www.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com; connect-src *; 5
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 5
form-action 'self' 5
frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 'self' 5
frame-ancestors 'self' https://api.opentlv.com 5
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 5
frame-src files.akenatechnologies.com *.trustpilot.com *.facebook.com *.petitfute.com cdn.jsdelivr.net cdn.ravenjs.com *.bootstrapcdn.com sentry.akenatechnologies.com *.akenatechnologies.com *.mediavacances.com *.mediavacanze.com *.mediavacaciones.com *.mediaferias.com *.mediaferienportal.com *.mediavakanties.com *.mediahols.com *.mediavacationrentals.com https://rmg.li http://www.facebook.com/plugins/like.php https://www.google.com/recaptcha/ https://www.google.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net www.googleadservices.com www.google.fr cdn.hometogo.net cdn2.hometogo.net cdn.jsdelivr.net cdn.ravenjs.com *.bootstrapcdn.com sentry.akenatechnologies.com *.akenatechnologies.com xiti.com *.mediavacances.com *.mediaferienportal.com *.mediahols.com *.mediavacationrentals.com *.mediavakanties.com *.mediavacanze.com *.mediavacaciones.com *.mediaferias.com http://widget.sunz.com https://www.googletagmanager.com https://api.mapbox.com *.openstreetmap.org  *.proskilab.fr *.google-analytics.com *.apis.google.com https://ajax.googleapis.com http://ajax.googleapis.com *.googleapis.com http://maps.gstatic.com http://maps.google.com https://maps.googleapis.com https://fonts.gstatic.com http://fonts.gstatic.com http://www.google.com *.facebook.net https://connect.facebook.net *.facebook.com https://tpeweb.paybox.com https://tpeweb1.paybox.com *.xiti.com http://csi.gstatic.com *.sports-hiver.com cse.google.com pagead2.googlesyndication.com www.hometogo.de tc.hometogo.com www.hometogo.com www.meteofrance.com static.criteo.net widget.criteo.com https://www.google.com https://www.gstatic.com *.trustpilot.com www.petitfute.com pro.petitfute.com https://www.facebook.com https://staticxx.facebook.com files.akenatechnologies.com data: 5
default-src * data: blob: about:;script-src 'self' https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 4
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 4
style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com ad.doubleclick.net; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/ 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob:; object-src https://*.engadget.com https://s.yimg.com; worker-src 'self'; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://www.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 4
frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 4
base-uri 'self'; connect-src *; default-src 'self' *.meetup.com *.dev.meetup.com:8001; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: ;script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 4
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 4
upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 4
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 4
frame-ancestors 'self' https://*.adobe.com; 4
frame-ancestors *.motor1.com 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https:  4
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 4
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; object-src 'self' 4
frame-ancestors 'self' *.windy.com:* 4
frame-ancestors https://*.complex.com 4
script-src 'self' 4
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 4
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com; 4
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 4
base-uri 'self'; frame-ancestors 'self' 4
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 4
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com api-js.datadome.co s.ytimg.com www-widgetapi.js googlesyndication.com youtube.com teads.tv; 4
frame-ancestors  myos.banggood.com 4
frame-ancestors 'self' http://*.bbt.com https://*.bbt.com; 4
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 4
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru http://webvisor.com 4
frame-ancestors 'self' http://*.mybigcommerce.com; 4
frame-ancestors https://*.ptc.com https://tenantname.seismic.com 4
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 4
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 4
frame-ancestors 'self' www.haier.com *.haier.com cnwcm.haier.com http://cnwcm.haier.com https://mgta.trs.cn http://mgta.trs.cn http://devta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.recaptcha.net https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://*.ads-twitter.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://px-cdn.net https://*.px-cloud.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://p2a.co https://code.jquery.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com https://*.voteamerica.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://*.px-client.net https://*.px-cloud.net https://pxchk.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://api.stripe.com https://api.soundcloud.com https://api.airbrake.io https://www.voteamerica.com; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; img-src * blob: data:; form-action 'self'; 4
frame-ancestors 'self' *.blackbaud.com; 4
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com  https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io; connect-src 'self' https://*.oebb.at https://obc.rola.at https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com  https://at.cloud.fabasoft.com https://roundme.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 4
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 4
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mediastream:; connect-src 'self' https:; font-src 'self' 'unsafe-inline' https: data:; media-src 'self' 'unsafe-inline' https:; child-src *; form-action 'self' 'unsafe-inline' https:; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; base-uri *; upgrade-insecure-requests 4
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com; report-uri /report-csp-violation 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 4
default-src 'none'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://createsend.com/t/getsecuresubscribelink; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com; form-action 'self' https://agilemail.createsend.com https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe https://start.1password.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 4
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 4
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.inside-graph.com https://use.typekit.net https://p.typekit.net; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 4
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; report-to https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; 4
default-src 'self' vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.ytimg.com *.twimg.com *.coinbase.com fullstory.com *.fullstory.com *.zdassets.com cdn.sift.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.stripe.com www.google.com *.coinbase.com object-detection.now.sh serverless-vrs.now.sh github.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' stream.mux.com *.fastly.net *.stackpathdns.com *.hwcdn.net blob: vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;connect-src *;font-src *.zeit.co *.vercel.com *.gstatic.com *.intercomcdn.com;worker-src blob: 4
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://info.atlascopco.us https://info.atlascopcoupdates.com 4
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com;  font-src    'self' data: *.googleapis.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com;  object-src  'self' ;  frame-src   'self' data: *.facebook.com https://platform.twitter.com/ *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be;  form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io; 4
default-src  https: *.willistowerswatson data: blob: 'unsafe-eval' 'unsafe-inline' 4
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: 4
frame-ancestors *.bilimal.kz *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.elumiti.kz *.fpp.kz *.presidentfoundation.kz 4
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *;frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 4
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 4
font-src * 4
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 4
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 4
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 4
frame-ancestors 'self'; report-uri /report-csp-violation 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 4
frame-ancestors 'self' *.lovecrafts.com 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 4
frame-ancestors 'self' https://*.experiencecloud.adobe.com https://experiencecloud.adobe.com https://experience.adobe.com 4
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl;object-src 'self' cdn-vsh.prague.eu 4
frame-ancestors 'none' ; 4
default-src 'self'; connect-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; font-src 'self' http://script.hotjar.com https://script.hotjar.com; frame-src https://vars.hotjar.com; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com *.hotjar.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 4
font-src *;img-src * data:;  4
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 4
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
default-src 'self' *.readspeaker.com data:; base-uri 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com; script-src 'self' 'unsafe-eval' *.google.com piwik.itzbund.de *.readspeaker.com;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org; child-src *.itzbund.de *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com piwik.itzbund.de; upgrade-insecure-requests; frame-ancestors 'self'; 4
default-src 'self'; connect-src 'self' *.yandex.ru *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.livetex.ru *.livetex.me *.mail.ru *.google.com.ua odds.ru *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; script-src-elem 'self' 'unsafe-inline' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; img-src 'self' *.wp.com *.w.org *.gravatar.com www.facebook.com *.youtube.com *.livetex.ru *.livetex.me *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com graph.facebook.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru www.opentracking.ru *.twimg.com *.twitter.com *.gstatic.com data: *.googletagmanager.com *.google.com.ua *.yastatic.net *.adfox.ru *.yandex.net; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.twimg.com *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; child-src 'self' *.youtube.com *.vimeo.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.livetex.ru *.livetex.me onesignal.com *.onesignal.com www.instagram.com *.google.com *.yandex.ru webvisor.com blob: https://mc.yandex.ru *.imgur.com imgur.com *.yastatic.net *.adfox.ru *.yandex.net; font-src 'self' 'unsafe-inline' *.gstatic.com *.livetex.ru *.livetex.me data:; media-src 'self' *.livetex.ru *.livetex.me *.yastatic.net *.adfox.ru *.yandex.net; frame-ancestors 'self' https://metrika.yandex.ru http://webvisor.com https://yastatic.net https://mc.yandex.ru; 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
default-src 'self'; connect-src 'self'; img-src 'self' data: 'unsafe-eval' ;  style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data:  4
style-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 4
default-src 'self' cdn.register.to 'unsafe-eval' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.register.to tld.register.to cdn.ywxi.net www.google-analytics.com seal.websecurity.norton.com s3-us-west-2.amazonaws.com www.trustedsite.com cdn.jsdelivr.net www.google.com cdn.datatables.net https:; style-src 'unsafe-inline' https:; manifest-src 'self' cdn.register.to 'unsafe-eval' https:; 4
worker-src 'self'; 4
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 4
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 4
frame-ancestors 'self' https://*.myshopify.com https://*.teemill.com teemill.com 4
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 4
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 4
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 4
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 4
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 4
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-dc1dae01-ee90-4dee-b602-2ef498a3cff7'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-dc1dae01-ee90-4dee-b602-2ef498a3cff7'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi; form-action 'self' 4
report-uri https://sentry.io/api/1481323/security/?sentry_key=6a0d90a447e5404786cce69b90774dbc https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 4
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 4
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 4
script-src 'self' 'unsafe-inline' www.google-analytics.com quadia.webtvframework.com code.createjs.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com data:;media-src 'self';frame-src 'self' g.jwpsrv.com www.youtube.com tools.eurolandir.com quadia.webtvframework.com ahold.hostedby.quadia.com aholddelhaize.projects.quadia.net streams.nfgd.nl;font-src 'self' ssl.p.jwpcdn.com;form-action 'self';report-uri /WebResource.axd?cspReport=true 4
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com data:; script-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com 'sha256-Zc2oA+UYJ+DvoL6dBPANTH0scVupEzz5Lf3etbzNLtI=' 4
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4
upgrade-insecure-requests; base-uri 'self'; 4
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com;block-all-mixed-content;upgrade-insecure-requests; 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; 4
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 4
frame-ancestors https://hugedomains.com/ 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com  https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com  *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com  https://*.youtube.com https://app-sj01.marketo.com https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com; media-src 'self' data: blob:; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com; frame-src *.marketo.com *.sitefinity.xyz 'self'  *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/  https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com https://img.youtube.com; 4
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 4
default-src https: data:; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline' 4
frame-ancestors 'self' https://secure.safecharge.com; 4
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none' 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net *.googletagmanager.com tagmanager.google.com www.gstatic.com *.google-analytics.com www.googleadservices.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io connect.facebook.net *.blueconic.net knltb.sb.blueconic.net service.force.com *.salesforceliveagent.com *.googleapis.com knltb.my.salesforce.com knltb.secure.force.com ajax.aspnetcdn.com *.cloudfront.net www.instagram.com www.mollie.com www.nul.nl; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net tagmanager.google.com fonts.googleapis.com service.force.com knltb.secure.force.com *.cloudfront.net www.mollie.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: dashboard.umbraco.org our.umbraco.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io www.facebook.com *.ytimg.com *.googleapis.com *.gstatic.com *.blueconic.net stats.g.doubleclick.net *.persgroep.net; connect-src 'self' 'unsafe-eval' 'unsafe-inline' our.umbraco.com tagmanager.google.com www.google-analytics.com *.hotjar.com:* *.hotjar.io *.blueconic.net knltb.sb.blueconic.net service.force.com knltb.secure.force.com homerun.co; frame-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.youtube.com bid.g.doubleclick.net *.hotjar.com *.hotjar.io service.force.com www.facebook.com widgets.knltb.club www.instagram.com www.mollie.com nlpadel.meshlink.nl; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.blueconic.net service.force.com knltb.secure.force.com *.cloudfront.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.sfdcstatic.com; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.blueconic.net knltb.sb.blueconic.net; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net knltb.sb.blueconic.net; block-all-mixed-content; 4
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 4
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 4
frame-ancestors 'self' learn.arcgis.com *.esri.com 4
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 4
frame-src 'self' *.jiathis.com *.baidu.com 4
font-src 'self' data: *.googleapis.com *.bing.com *.microsoft.com *.designmynight.com *.gstatic.com *.cloudfront.net; style-src 'self' data: *.googleapis.com *.bing.com *.microsoft.com *.designmynight.com *.cloudfront.net 'unsafe-inline'; frame-ancestors 'self' 4
frame-ancestors https://www.facebook.com/ 4
object-src 'none'; form-action 'self' 4
default-src  http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  http:; style-src http:  'unsafe-inline'; img-src 'self' data: http:; connect-src http:  ws:; 4
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net  wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.googletagmanager.com ; img-src * data:; font-src * data: 4
frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 4
default-src 'self' *.hotetec.com; connect-src 'self' *.hotetec.com in.hotjar.com www.123compare.me cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com www.googleadservices.com www.google.es www.facebook.com dev-traffic.attby.io vc.hotjar.io *.parthenon.io *.triptease.io api.rollbar.com www.thehotelsnetwork.com; frame-src *; ; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
media-src 'self' *.ebaystatic.com; font-src 'self' *.ebaystatic.com 4
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 4
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.syndication.twimg.com/timeline/ https://code.highcharts.com/ https://connect.facebook.net/it_IT/sdk.js https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://rawgit.com/tyrasd/osmtogeojson/ https://use.fontawesome.com/;frame-ancestors 'self' file: *.spaggiari.eu; 4
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 4
frame-ancestors 'none'; connect-src http://127.0.0.1:*; default-src https: 'unsafe-inline' 4
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai *.cloudfront.net *.cloudflare.com *.bootstrapcdn.com *.googleapis.com; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com *.bootstrapcdn.com; img-src 'self' mil.ru *.mil.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru *.mil.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru livezvezda.mediacdn.ru *.livezvezda.mediacdn.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 4
frame-ancestors 'self'; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; default-src * 4
frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com 4
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'self' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gg 3
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 3
frame-ancestors 'self' *.cnbc.com *.acorns.com; 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity-a.akamaihd.net/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/; 3
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net survey-d.dynata.com 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data:; 3
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 3
report-uri /v1/csplog; block-all-mixed-content 3
frame-ancestors https://oa.sheincorp.cn http://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn 3
frame-ancestors 'self' *.coe.int 3
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 3
frame-ancestors delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com *.yext-cdn.com *.yextpages.net 3
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://js.hs-banner.com https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 3
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx cuantrix.gilasw.com code.org studio.code.org curriculum.code.org codecurricula.com 3
frame-ancestors 'self' *.mathworks.com; 3
frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 3
frame-ancestors 'self' *.everydayhealth.com *.infermedica.com *.ceros.com *.opinionstage.com *.doctor.com *.googleapis.com *.zdbb.net *.specless.tech *.specless.io *.totalbrain.com 3
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 3
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; 3
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 3
default-src *; object-src *; script-src 'unsafe-eval' * 'unsafe-inline' *; connect-src *; img-src * data:; style-src 'unsafe-inline' *; font-src * data:; frame-src * 3
frame-ancestors http://kpmg.experiencecloud.adobe.com 3
default-src https: wss:; script-src about: 'unsafe-inline' 'unsafe-eval' https: wss:; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss: blob:; font-src https: data: wss: 'self'; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 3
connect-src *.cloudfront.net *.headspace.com access.equalweb.com api-js.mixpanel.com api.amplitude.com api.branch.io api.chilipiper.com api.hubapi.com api2.branch.io app.getsentry.com assets.ctfassets.net cdn.contentful.com cdn.equalweb.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com forms.hsforms.com gum.criteo.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self'; default-src *.headspace.com data:; font-src *.headspace.com data: fonts.gstatic.com use.fontawesome.com use.typekit.net 'self'; frame-src *.headspace.com 9990894.fls.doubleclick.net a11673470095.cdn.optimizely.com accounts.google.com apisandbox.zuora.com bid.g.doubleclick.net cdn-akamai.mookie1.com forms.hsforms.com gum.criteo.com static.criteo.net tags.tiqcdn.com widget.us.criteo.com www.facebook.com www.gstatic.com www.youtube.com www.zuora.com 'self'; img-src data: 'self' *; media-src *.headspace.com assets.ctfassets.net blob: downloads.ctfassets.net 'self'; script-src *.cloudfront.net *.headspace.com a.quora.com analytics.twitter.com api.branch.io apis.google.com apisandboxstatic.zuora.com app.link blob: cdn-akamai.mookie1.com cdn.amplitude.com cdn.branch.io cdn.equalweb.com cdn.lr-ingest.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net https://static.zuora.com js.appboycdn.com js.chilipiper.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com snap.licdn.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com tags.tiqcdn.com tpc.googlesyndication.com unpkg.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src *.headspace.com cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net https://fonts.googleapis.com platform.twitter.com static.zuora.com translate.googleapis.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production 3
frame-ancestors 'self' *.brightspace.com; 3
block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 3
font-src 'self' code.freent.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 3
frame-ancestors *.web.com *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net, frame-ancestors *.web.com *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 3
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 3
frame-ancestors 'self' www.facebook.com www.messenger.com; report-uri /vsctcspreport 3
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://dap.digitalgov.gov https://platform.twitter.com https://static.addtoany.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com *.ytimg.com *.qualtrics.com, frame-ancestors 'self' 3
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 3
frame-ancestors 'self' tvn24.pl *.tvn24.pl 3
frame-ancestors 'self' https://auth.flock.com https://auth.flock-staging.com https://web.flock.com https://web.flock-staging.com https://updates.flock.co file://* chrome-extension://eaelpbcbablcdbbocfbfnedfmgjaoicj chrome-extension://jaafanpjodcobojibapcmbdcphbafnfc chrome-extension://enfaahabcinohafeakbliimmoholjeip 3
connect-src * 'self' 3
frame-ancestors 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se http://*.dm.sr.se https://*.dm.sr.se; report-uri /csp-error; 3
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com connect.facebook.net www.facebook.com player.youku.com mc.yandex.ru https://c.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com pagead2.googlesyndication.com www.googletagservices.com adservice.google.com.cy adservice.google.com tpc.googlesyndication.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com www.tradays.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com www.mql5.com content.mql5.com download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru www.tradays.com trade.mql5.com blob: data: *.tile.openstreetmap.org connect.facebook.net www.facebook.com mc.yandex.ru https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com pagead2.googlesyndication.com; media-src 'self' msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com; connect-src 'self' content.mql5.com trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com connect.facebook.net www.facebook.com mc.yandex.ru https://cdn.chatbot.com https://www.google-analytics.com pagead2.googlesyndication.com; frame-src 'self' c.mql5.com www.tradays.com trade.mql5.com content.mql5.com player.youku.com www.youtube.com www.facebook.com https://c.paypal.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com www.tradays.com trade.mql5.com player.youku.com www.youtube.com blob:; worker-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; 3
frame-ancestors  https://*.propellerads.com; 3
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com app-sj17.marketo.com; connect-src 'self' secure.adnxs.com *.6sense.com *.6sc.co *.company-target.com api.lever.co distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net *.litix.io embed-ssl.wistia.com hackerone.com *.mktoresp.com *.mktoutil.com checkout.stripe.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.twitter.com; frame-ancestors 'self'; frame-src fast.wistia.com js.driftt.com *.youtube.com *.youtube-nocookie.com app-sj17.marketo.com *.twitter.com; object-src 'self'; img-src 'self' data: via.placeholder.com t.co stats.g.doubleclick.net *.google.com *.6sc.co *.bidr.io *.techtarget.com *.company-target.com *.adsymptotic.com *.linkedin.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.google-analytics.com *.twitter.com *.twimg.com cdn.bizible.com; media-src 'self' blob: data: embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com; script-src 'self' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' *.ads-twitter.com analytics.twitter.com *.cloudflare.com *.techtarget.com *.demandbase.com *.6sc.co *.linkedin.com snap.licdn.com fast.wistia.com js.driftt.com *.google-analytics.com app-sj17.marketo.com munchkin.marketo.net *.twitter.com cdn.syndication.twimg.com cdn.bizible.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.wistia.com app-sj17.marketo.com *.twitter.com; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 3
script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com 'unsafe-eval' 'unsafe-inline'; 3
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fisglobal.com *.wistia.net *.wistia.com *.addtoany.com *.google-analytics.com *.marketo.net *.googletagmanager.com *.hotjar.com *.facebook.net *.google.com *.marketo.com *.googleadservices.com *.jquery.com *.googleapis.com *.linkedin.com *.cloudflare.com *.ads-twitter.com *.doubleclick.net *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com *.addevent.com *.ceros.com *.feefo.com *.siteimproveanalytics.com *.optimizely.com *.mediahawk.co.uk *.taboola.com *.force24.co.uk *.bing.com *.baidu.com *.gstatic.com okt.to *.addtoany.com *.oktopost.com *.adnxs.com *.bizographics.com *.cloudfront.net *.licdn.com *.litix.io *.yourvoice2us.com *.strala.com *.adsrvr.org *.crwdcntrl.net *.brainshark.com *.mapbox.com *.adsymptotic.com;     connect-src 'self' *.fisglobal.com *.wistia.com *.hotjar.com *.akamaihd.net *.facebook.com *.marketo.com *.google.com *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com fisevents.com *.linkedin.com *.feefo.com *.strala.com *.yahooapis.com *.litix.io *.mktoresp.com *.amazonaws.com *.optimizely.com *.taboola.com *.mediahawk.co.uk *.mapbox.com;      img-src 'self' 'unsafe-inline' blob: data: *.fisglobal.com *.wistia.com *.wistia.net *.doubleclick.net *.google-analytics.com fast.wistia.net *.google.com *.marketo.com *.facebook.com  *.akamaihd.net *.googleadservices.com *.googletagmanager.com *.linkedin.com *.google.co.uk *.gstatic.com *.adnxs.com *.google.co.in t.co *.litix.io *.bing.com *.siteimproveanalytics.com *.baidu.com *.mapbox.com *.adsymptotic.com;      style-src 'self' 'unsafe-inline' *.fisglobal.com *.wistia.com *.wistia.net *.bootstrapcdn.com *.googleapis.com *.marketo.com *.googleapis.com  *.google.com *.cloudflare.com *.mapbox.com;     child-src 'self' 'unsafe-inline' blob: *.fisglobal.com *.sitecore.net *.wistia.com *.wistia.net *.nyceinfomanager.com *.nyceinfomanagerdr.com *.hotjar.com *.fls.doubleclick.net *.youtube.com *.marketo.com fast.wistia.net *.ceros.com *.fisevents.com http://fisevents.com *.frontarena.com *.facebook.net *.doubleclick.net *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.linkedin.com *.amazonaws.com *.google.com *.peopleclick.com *.segmint.net *.brainshark.com *.mapbox.com *.brightcove.net;      font-src 'self' 'unsafe-inline' data: *.fisglobal.com *.wistia.com *.wistia.net fast.wistia.net *.bootstrapcdn.com *.cloudflare.com *.gstatic.com;     media-src 'self' 'unsafe-inline' blob: data: *.fisglobal.com *.wistia.com *.wistia.net fast.wistia.net *.akamaihd.net;  frame-ancestors 'self' *.nyceinfomanager.com 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
frame-ancestors 'self' *.marketscreener.com *.zonebourse.com *.scoopnest.com; 3
default-src https:; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com; style-src https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline' 3
frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src * 3
frame-ancestors 'self' app.contentful.com 3
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 3
frame-ancestors *.2checkout.com *.2co.com *.avangate.com 3
frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
object-src 'none';  3
frame-ancestors https://*.ionos.fr https://ionos.fr; 3
frame-ancestors 'self' https://*.strato.de https://strato.de; 3
frame-ancestors https://*.1stdibs.com; 3
upgrade-insecure-requests; frame-ancestors 'self'; 3
frame-ancestors 'self' *.eur.nl 3
frame-ancestors https: 'self' *.typetastic.com *.typinggames.zone; child-src https: 'self' blob: 'self'; 3
object-src 'self'; frame-ancestors 'self' 3
default-src 'self' data: *.bouncex.net *.pressablecdn.com *.wp.com *.gravatar.com  *.google-analytics.com *.hotjar.com *.doubleclick.net *.convertkit.com 'unsafe-inline'; object-src *; img-src *; media-src *; frame-src *; font-src 'self' data: *.pressablecdn.com *.wp.com *.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' *.pressablecdn.com *.wp.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: *.pressablecdn.com app.convertkit.com ajax.googleapis.com www.googletagmanager.com connect.facebook.net secure.gaug.es stats.g.doubleclick.net *.wp.com *.google-analytics.com *.hotjar.com *.bounceexchange.com *.optimizely.com 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 3
frame-ancestors 'self'  http://*.impress.ly  http://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com 3
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' translate.googleapis.com translate.google.com ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com deepknow.egoid.me static.geetest.com dn-staticdown.qbox.me api.geetest.com *.ronghub.com *.udesk.cn qiyukf.com c.cnzz.com s9.cnzz.com z12.cnzz.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; style-src 'unsafe-inline' 'self' 'unsafe-eval' static.geetest.com translate.googleapis.com *.udesk.cn https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; frame-src 'self' https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com *.bitz-service.com *.bitz.com *.bit-z.com *.bit-z.pro *.bitz.top *.bitz.so *.bitz.plus *.bitz.ai *.bitz.bz *.bitz.info *.bitz.tech *.bitzhd.com *.bitz.cm *.hyjztc.cn *.bitzapp.top appad.ahighapp.com qiyukf.com *.udesk.cn; frame-ancestors *.bitz-service.com; font-src 'self' data: https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; img-src 'self' data: blob: www.gxchaintop.org static.gxb.io translate.googleapis.com *.google.com bit-z-frontdesk.oss-cn-hongkong.aliyuncs.com www.gstatic.com static.geetest.com stats.g.doubleclick.net www.google-analytics.com sensors.ahighapi.com *.127.net qiyukf.com *.qiyukf.com *.bibidev.com *.udesk.cn z12.cnzz.com cnzz.mmstat.com https://imgv2e1.ahighapi.com https://imgv2e2.ahighapi.com https://imgv2e3.ahighapi.com; media-src 'self' static.geetest.com qiyukf.com *.bibidev.com *.127.net *.udesk.cn; connect-src 'self' wss://ws.ahighapi.com wss://*.s2.udesk.cn translate.googleapis.com stats.g.doubleclick.net www.google-analytics.com monitor.geetest.com api.geetest.com *.udesk.cn qiyukf.com sentry.ahighapi.com https://sensors.ahighapi.com https://ucapi.ahighapi.com https://otcapinew.ahighapi.com https://app.ahighapi.com https://v2.ahighapi.com https://api.ahighapi.com wss://ws.ahighapi.com wss://pushser.ahighapi.com https://app.ahighapi.com 3
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src civideos.ciapps.org 'self' data: blob:; child-src 'self' https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com dxkdvuv3hanyu.cloudfront.net *.clover.com cloverstatic.com images.contentful.com mver.agkn.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net www.google-analytics.com lh3.googleusercontent.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.ie www.google.co.uk www.google.co.in www.google.co.id www.googletagmanager.com *.gstatic.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.intercomcdn.com uploads.intercomusercontent.com *.online-metrix.net *.perka.com *.rfihub.com api.swiftype.com pixel.quantserve.com apintego.com app.nav.com t.powerreviews.com *.t.eloqua.com track.hubspot.com play.vidyard.com cdn.vidyard.com px.ads.linkedin.com p.adsymptotic.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io recaptcha.net www.linkedin.com s.amazon-adsystem.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com data.adxcel-ec2.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com cloverstatic.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com *.ytimg.com play.vidyard.com *.lendingfront.com s.amazon-adsystem.com *.walkme.com mainstreetinsights.firstdata.com; connect-src 'self' bat.bing.com *.clover.com cloverstatic.com wss://*.clover.com *.contentful.com stats.g.doubleclick.net secure.geonames.org www.facebook.com www.google-analytics.com apis.google.com storage.googleapis.com *.greenhouse.io heapanalytics.com in.hotjar.com vc.hotjar.io uploads.intercomcdn.com uploads.intercomusercontent.com *.intercom.io wss://*.intercom.io h.online-metrix.net *.optimizely.com *.perka.com sentry.io api.swiftype.com d8a92f8280d84184bb69a3a4b74b61d1.app-search.us-west-2.aws.found.io *.powerreviews.com collection.bgalytics.com *.tt.omtrdc.net oamportal.fdvs.com *.donorschoose.org collection.sperse.io data.pendo.io recaptcha.net *.walkme.com; default-src 'self' *.clover.com cloverstatic.com; font-src 'self' maxcdn.bootstrapcdn.com *.clover.com cloverstatic.com fonts.gstatic.com heapanalytics.com js.intercomcdn.com use.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com *.clover.com cloverstatic.com nifegwy.neustar.biz googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com apis.google.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com www.youtube.com secure.quantserve.com *.ytimg.com ui.powerreviews.com *.t.eloqua.com play.vidyard.com apps.mypurecloud.com secure.adnxs.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com img.en25.com snap.licdn.com amplify.outbrain.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com recaptcha.net *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.clover.com cloverstatic.com fonts.googleapis.com tagmanager.google.com optimize.google.com heapanalytics.com *.natwest-tyl.com *.usetyl.com ui.powerreviews.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com; media-src 'self' *.clover.com cloverstatic.com videos.ctfassets.net js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com h.online-metrix.net vd.vidoplay.com; frame-ancestors *.clover.com cloverstatic.com *.natwest-tyl.com *.usetyl.com *.perka.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 3
base-uri 'self' https://docs.helpscout.net/; child-src blob:; connect-src *; default-src 'self' https://api.luckyorange.com/ https://files.zadapps.info/islamqa.info/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://static-v.tawk.to/a-v3/fonts/ https://use.fontawesome.com/; frame-src 'self' https://cse.google.com/ https://djtflbt20bdde.cloudfront.net/ https://js.stripe.com/ https://optimize.google.com https://www.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/; img-src 'self' data: https://*.gstatic.com/ https://cdn.jsdelivr.net/emojione/assets/png/ https://clients1.google.com/generate_204 https://d10lpsik1i8c69.cloudfront.net/graphics/ https://files.zadapps.info/islamqa.info/ https://i.ytimg.com/ https://optimize.google.com https://static-v.tawk.to/a-v3/images/ https://stats.g.doubleclick.net/ https://www.google.com.tr/ads/ https://www.google.com/cse/static/ https://www.google.com/uds/ https://www.googleapis.com/generate_204 https://www.googletagmanager.com www.google-analytics.com/; media-src 'self' https://d10lpsik1i8c69.cloudfront.net/sounds/ https://files.zadapps.info/islamqa.info/ https://www.youtube.com/; object-src 'self' https://djtflbt20bdde.cloudfront.net/img/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdnjs.cloudflare.com/ajax/libs/ https://ajax.cloudflare.com/cdn-cgi/scripts/ https://apis.google.com/ https://cdn.ampproject.org/ https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cse.google.com/ https://d10lpsik1i8c69.cloudfront.net/ https://djtflbt20bdde.cloudfront.net/ https://embed.tawk.to/5e9ecbae69e9320caac5cb92/default https://js.sentry-cdn.com/ https://js.stripe.com/v3/ https://optimize.google.com/ https://static-v.tawk.to/683/languages/ar.js https://tagmanager.google.com/ https://use.fontawesome.com/ https://www.google-analytics.com/ https://www.google.com/cse/ https://www.google.com/jsapi/ https://www.google.com/recaptcha/api.js https://www.google.com/uds/api/search/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdnjs.cloudflare.com/ajax/libs/ https://d10lpsik1i8c69.cloudfront.net/css/ https://djtflbt20bdde.cloudfront.net/css/ https://fonts.googleapis.com https://optimize.google.com https https://tagmanager.google.com https://use.fontawesome.com https://use.fontawesome.com/ https://www.google.com/cse/ https://www.google.com/uds/api/search/; worker-src blob: 3
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 3
frame-ancestors 'self' connectappypie.com; 3
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org; upgrade-insecure-requests 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 3
frame-ancestors 'self' https://webvisor.com 3
default-src 'self' *.ekantipur.com *.kantipurdaily.com; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; prefetch-src 'none'; 3
frame-ancestors 'self' https://*.radford.edu; upgrade-insecure-requests; 3
frame-ancestors 'self' goqubit.net ; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.windows.net *.msecnd.net *.trkn.us *.bing.com *.connexity.net *.alcmpn.com *.alocdn.com *.addthis.com *.opendns.com *.stickyadstv.com *.cloudflare.com *.polarisapi.com *.ctfassets.net *.youtube.com *.cloudflare.com *.aspnetcdn.com *.windows.net dnsl4xr6unrmf.cloudfront.net *.google.com blob: *.episerver.net *.doubleclick.net *.contentsquare.net screencaptue-cdn.kampyle.com api.offerpop.com screencapture.kampyle.com wyng.io *.cdninstagram.com *.wyng.com *.amazonaws.com *.opticalanalytics.io ajax.googleapis.com cdn.auth0.com cdn1.polaris.com cdn2.polaris.com cloudfront.loggly.com fonts.googleapis.com fonts.gstatic.com nebula-cdn.kampyle.com polaris-tagging-prod.azureedge.net polaris-tagging-tagserver-prod.azurewebsites.net s.ytimg.com *.hotjar.com *.hotjar.io udc-neb.kampyle.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.youtube.com servedby.flashtalking.com data: etc.polaris.com logs-01.loggly.com login.dotomi.com maps.googleapis.com cdn.jsdelivr.net maps.gstatic.com cdn-gen.polaris.com connect.facebook.net www.facebook.com www.polaris.com; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src *; cookie-scope host secure; 3
default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' hawaiianairlinesinc.marketing.adobe.com data: blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com 3
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com; report-uri /admin/config/system/seckit/csp-report 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 3
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 3
frame-ancestors 'self' *.nexxt.com/ https://lensa.com/; 3
frame-ancestors *.straumann.com  3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: wss:; 3
frame-src 'self' https://www.terminland.de *.novomind.com *.datev.de *.datev.com 3
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.facebook.com https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://ib.adnxs.com https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://www.bnpparibas.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net wss://ws9.hotjar.com https://vc.hotjar.io bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 3
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-src 'self' data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 3
script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
: script-src "self" 3
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 3
frame-ancestors https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 3
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
frame-ancestors 'self' https://*.head.com https://*.head-test.com https://head.testing-varnish.symmetrics.de https://*.mares.com https://*.mares-test.com https://*.tyrolia.com https://*.tyrolia-test.com https://*.divessi.com https://*.divessi-test.com https://*.fischersports.com https://*.zoggs.com https://*.zoggs-test.com 3
frame-ancestors 'self' https://partners.arozone.com https://treehousei.com https://www.impartner.com *.3sharecorp.com 3
default-src 'self' https://*.jsdelivr.net https://wp-themes.com https://*.cloudflare.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src  'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'  3
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://cdn.syndication.twimg.com www.google.com www.gstatic.com ajax.googleapis.com tsys.arcot.com *.cardinalcommerce.com 3
frame-ancestors 'self' http://epicor.lookbookhq.com https://epicor.lookbookhq.com; 3
default-src 'self'; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com tagmanager.google.com/ www.googletagmanager.com/ script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * tagmanager.google.com/ www.googletagmanager.com/; img-src 'self' data: * ssl.gstatic.com/; frame-src 'self' *.addthis.com *.youtube.com *.vimeo.com *.wistia.com *.wistia.net *.hotjar.com *.doubleclick.net *.ceros.com *.guardiananytime.com *.cloudfront.net *.adsrvr.org *.visme.co *.ipipeline.com *.guardianlife.com guardianlife.uat.aws.glic.com *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com; connect-src 'self' collectorprod.glic.com *.google-analytics.com *.addthis.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ws://*.hotjar.com *.doubleclick.net *.g.doubleclick.net *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.getsmartcontent.com *.bound360.com tagmanager.google.com *.podbean.com d.agkn.com; font-src 'self' *.typekit.net fonts.gstatic.com *.hotjar.com data:; media-src 'self' data: blob: embedwistia-a.akamaihd.net *.podbean.com 3
form-action 'self'; 3
default-src https: 'unsafe-eval' 'unsafe-inline' 3
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 3
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://bootswatch.com https://translate.googleapis.com;  3
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 3
policy-uri /'self' 3
frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net 3
frame-ancestors 'self' *.dnc.io 3
default-src 'self' blob: data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org *.stripe.com *.twitch.tv *.fastly.net *.facebook.com *.shields.io *.bilibili.com *.163.com discord.com googleusercontent.com imgbox.com cdnjs.cloudflare.com cdn.jsdelivr.net reddit.com *.reddit.com redd.it *.redd.it redditmedia.com *.redditmedia.com dropbox.com *.dropbox.com dropboxstatic.com *.dropboxstatic.com disqus.com *.disqus.com *.nicovideo.jp lh3.googleusercontent.com db.onlinewebfonts.com wikiapiary.com *.vimeo.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  *.miraheze.org 3
frame-ancestors https://bulbul.io 3
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 3
frame-ancestors 'self' *.promoplace.com; 3
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 3
frame-ancestors 'self' http://webvisor.com/ 3
script-src *.midphase.com *.uk2group.com *.dwin1.com *.hsforms.com *.hsforms.net *.puzzel.com *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com *.hotjar.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.google.com apis.google.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com connect.facebook.net app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.midphase.com *.puzzel.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.midphase.com *.puzzel.com fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' *.midphase.com *.uk2group.com *.puzzel.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk stats.g.doubleclick.net data:; style-src 'self' *.midphase.com *.twitter.com *.puzzel.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net 'unsafe-inline'; frame-src 'self' *.midphase.com *.uk2group.com *.puzzel.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com *.hotjar.com *.twitter.com *.websitealive.com staticxx.facebook.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com accounts.google.com apis.google.com www.facebook.com; connect-src 'self' *.midphase.com m.addthis.com *.puzzel.com *.trustpilot.com *.pingdom.net *.twitter.com *.hotjar.com ws://127.0.0.1:35729 wss://ws2.hotjar.com wss://ws4.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com; frame-ancestors 'self'; 3
frame-ancestors 'self' https://backend.diario26.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 3
frame-ancestors 'self' https://shopproxy.p-s-s.de 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.surveygizmo.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org tagmanager.google.com use.typekit.net kit.fontawesome.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.surveygizmo.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com *.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net kit-free.fontawesome.com script.hotjar.com; img-src 'self' *.surveygizmo.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net i1.ytimg.com; media-src 'self' data: blob: https://www.youtube.com/; frame-src 'self' *.hotjar.com *.youtube.com *.google.com *.gstatic.com *.arcgis.com *.choosemyplate.gov; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ *.hotjar.com *.gstatic.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; 3
frame-ancestors 'self' blank;object-src 'self' blank; 3
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com; img-src * data:; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.dvic-banner-svc-wdw.wdprapps.disney.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com; font-src * data:; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 3
script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 3
style-src https: 'unsafe-inline' 3
frame-ancestors self *.haagendazs.us; report-uri /report-csp-violation 3
default-src 'self'; connect-src 'self' https://media.manufactum.de https://*.scene7.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; img-src 'self' data: https://manufactum.scene7.com https://media.manufactum.de https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; child-src blob: https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com; frame-src blob: https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com; worker-src blob:; media-src blob: 'self' https://media.manufactum.de https://*.scene7.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://media.manufactum.de https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/ https://www.googletagmanager.com https://www.google-analytics.com 'sha256-24E9spO23svDkTBI3pZ9OBMtJ9sLH2RiAbSkYdi/38c=' 'sha256-RK5gWrwaWY7/F6AUGQ9ZmFFw6206P+y8yxL2hevtowc='; style-src 'self' 'unsafe-inline' https://media.manufactum.de; report-uri /sell/csp-violation; base-uri 'self' 3
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 3
frame-ancestors 'self' *.promod.fr *.promod.com *.promod.de *.promod.pl *.promod.it *.promod.ch *.promod.cz *.promod.es *.promod.co.uk *.promod.eu *.promod.hu *.wonderpush.com 3
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://my.navingo.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src https: data: 'unsafe-inline'; font-src https: data:; img-src https: data: https://secure.gravatar.com 3
frame-ancestors  *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 3
default-src  'self'  https://*.myligue.fr     https://*.lfp.fr     https://*.ligue1.fr     https://*.ligue2.fr  https://*.googlesyndication.com/  https://www.tntv.pf     https://opt-out.ferank.eu;  media-src *  'self'     https://ooyalaeuwest.streaming.mediaservices.windows.net  blob:  https://www.tntv.pf     https://www.youtube.com     https://www.dailymotion.com;  font-src  'self'  data:  https://use.fontawesome.com  https://fonts.gstatic.com  https://player.ooyala.com  ;  script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://az416426.vo.msecnd.net  https://cdn.ampproject.org  https://cdn.syndication.twimg.com  https://ssl.google-analytics.com  https://player.ooyala.com  https://www.googletagmanager.com  https://www.google.com  https://www.gstatic.com  https://www.google-analytics.com     http://www.google-analytics.com  https://www.googletagservices.com  https://adservice.google.fr  https://adservice.google.com  https://*.googlesyndication.com  https://securepubads.g.doubleclick.net  https://connect.facebook.net  https://platform.twitter.com  https://analytics.ooyala.com  https://imasdk.googleapis.com  http://imasdk.googleapis.com  https://s0.2mdn.net     https://www.youtube.com     https://www.dailymotion.com     https://opt-out.ferank.eu     http://opt-out.ferank.eu     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr  http://player.ooyala.com  http://players.brightcove.net     https://players.brightcove.net  https://vjs.zencdn.net  https://analytics.ooyala.com/     https://www.instagram.com;  style-src  'self'  'unsafe-inline'  https://cdnjs.cloudflare.com  https://use.fontawesome.com  https://fonts.googleapis.com  https://player.ooyala.com/     https://platform.twitter.com     https://www.youtube.com     https://www.dailymotion.com     https://opt-out.ferank.eu     http://opt-out.ferank.eu     http://players.brightcove.net     https://players.brightcove.net     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr     https://www.instagram.com;  child-src  'self'  blob:     https://*.myligue.fr  https://www.google.com/  https://tpc.googlesyndication.com  https://player.ooyala.com/  https://platform.twitter.com/  https://staticxx.facebook.com/  https://syndication.twitter.com/  https://widgets.lfp.stats.com  https://l.ooyala.com/  https://imasdk.googleapis.com/     https://www.youtube.com     https://www.dailymotion.com     https://cartemercatoligue1.com     https://11type.lfp.fr     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr     https://snapshots.playingsurface.net  http://player.ooyala.com     http://players.brightcove.net     http://players.brightcove.net  http://l.ooyala.com     https://twitter.com     https://www.facebook.com     https://m.facebook.com     https://www.instagram.com     https://imasdk.googleapis.com  http://imasdk.googleapis.com     https://www.google-analytics.com     http://www.google-analytics.com     https://www.sporcle.com     ;  img-src  'self'     data:  https://www.google.com  https://*.doubleclick.net  https://*.googlesyndication.com  https://lspcridevglcdn.azureedge.net  https://lspemeintglcdn.azureedge.net  https://lspsapuatglcdn.azureedge.net  https://lsprubpreglcdn.azureedge.net  https://lspisphereglcdn.azureedge.net  https://ssl.google-analytics.com  https://stats.g.doubleclick.net  https://lfpimageproxy.azureedge.net  https://secure-cf-c.ooyala.com  https://player.ooyala.com     https://www.blogduparieur.com     https://publish.lfpstg.ooflex.net      https://syndication.twitter.com/     https://abs.twimg.com     https://platform.twitter.com     https://pbs.twimg.com     https://www.youtube.com     https://www.dailymotion.com     https://www.google-analytics.com     http://www.google-analytics.com     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr  https://metrics.brightcove.com     http://metrics.brightcove.com  https://cf-images.us-east-1.prod.boltdns.net     https://www.instagram.com     https://cf-images.eu-west-1.prod.boltdns.net     http://cf-images.eu-west-1.prod.boltdns.net     https://tarteaucitron.io;  connect-src  'self'  https://*.doubleclick.net  https://www.google-analytics.com  https://dc.services.visualstudio.com  https://metrics-api.librato.com  https://player.ooyala.com  https://licensing.bitmovin.com  https://*.mediaservices.windows.net     https://csi.gstatic.com  https://edge.api.brightcove.com  http://edge.api.brightcove.com  http://player.ooyala.com  http://manifest.prod.boltdns.net  http://house-fastly-signed-us-east-1-prod.brightcovecdn.com     https://house-fastly-signed-us-east-1-prod.brightcovecdn.com     https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com     http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com     https://bcbolt446c5271-a.akamaihd.net     https://*.googlesyndication.com     ;  frame-ancestors  'self'  ; 3
frame-ancestors 'self' www.nassp.org www.nhs.us www.njhs.us www.nehs.org www.natstuco.org www.principalsmonth.org files.nassp.org; 3
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.adroll.com *.adroll.mgr.consensu.org *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.gleamjs.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: static.wax.io *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.gleamjs.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.mgr.consensu.org *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com d1zi9q96rsh4iw.cloudfront.net;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.devfast.io *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.adroll.mgr.consensu.org *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com *.ajdfbkjab.ru wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com wss://*.devfast.io *.csgofast.com wss://*.csgofast.com *.csgofast123.com wss://*.csgofast123.com *.csgofast.tl wss://*.csgofast.tl *.csgocasino.ru wss://*.csgocasino.ru *.csgofast.ru wss://*.csgofast.ru *.dapubg.net wss://*.dapubg.net *.gojackpod.com wss://*.gojackpod.com *.rusgofast.ru wss://*.rusgofast.ru *.dapubg.com wss://*.dapubg.com *.csgofast4.com wss://*.csgofast4.com *.rucsgofast.ru wss://*.rucsgofast.ru *.pubgfast.com wss://*.pubgfast.com *.csgofastbackend.com wss://*.csgofastbackend.com *.cs2gofast.com wss://*.cs2gofast.com *.opdota2.com wss://*.opdota2.com *.demofast.ru wss://*.demofast.ru *.demogofast.com wss://*.demogofast.com *.csgetfast.com wss://*.csgetfast.com *.gainskins.com wss://*.gainskins.com *.casecsgo.com wss://*.casecsgo.com wss://*.xcsgofast.ru *.xcsgofast.ru wss://*.xcsgofast.com *.xcsgofast.com wss://*.csgofastx.com *.csgofastx.com wss://*.csgofastx.ru *.csgofastx.ru;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.gleamjs.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com slots-prod.csgofastbackend.com d1phhoo4f618zo.cloudfront.net *.csgofast.com *.csgofast123.com *.csgofast.tl *.csgocasino.ru *.csgofast.ru *.dapubg.net *.gojackpod.com *.rusgofast.ru *.dapubg.com *.csgofast4.com *.rucsgofast.ru *.pubgfast.com *.csgofastbackend.com *.cs2gofast.com *.opdota2.com *.demofast.ru *.demogofast.com *.csgetfast.com *.gainskins.com *.casecsgo.com *.xcsgofast.ru *.csgofastx.com *.csgofastx.com *.xcsgofast.com;object-src 'none';report-uri //in.csgofast.com/csp; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 3
frame-ancestors 'self'  wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 3
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 3
frame-ancestors https://accounts.cft.ru 3
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 3
frame-src 'self' 7host.at; 3
default-src 'self' https://us-west-1.cdn.h5p.com; connect-src 'self' https://us-west-1.cdn.h5p.com *.h5p.com https://checkout.stripe.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://multiplayerapi.h5p.com https://www.wiris.net/ https://api.h5p.org/v1/licenses/ vimeo.com/api/ ; img-src * data: blob:; media-src * blob:; frame-src * blob:; object-src 'none'; child-src 'self' https://us-west-1.cdn.h5p.com blob:; script-src 'self' https://us-west-1.cdn.h5p.com 'unsafe-inline' 'unsafe-eval' blob: https://*.hotjar.com https://www.youtube.com/iframe_api www.youtube.com/player_api gdata.youtube.com/feeds/api/ https://s.ytimg.com/yts/jsbin/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com/v3/ https://checkout.stripe.com/ en.wikipedia.org/w/api.php api.flickr.com/services/rest/ soundcloud.com/oembed https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/ https://developers.panopto.com/ https://www.wiris.net/ https://polyfill.io/v3/ https://cdn.jsdelivr.net/npm/mathjax@3/; style-src 'self' https://us-west-1.cdn.h5p.com 'unsafe-inline' https://checkout.stripe.com/ https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://www.wiris.net/; font-src 'self' https://us-west-1.cdn.h5p.com data: https://fonts.gstatic.com https://cdnjs.cloudflare.com/ https://*.hotjar.com https://www.wiris.net/ https://cdn.jsdelivr.net/npm/mathjax@3/; frame-ancestors 'none'; 3
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl www.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl celebrus.fbto.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com www.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl www.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content; 3
default-src 'self'; script-src 'self' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://www.googletagmanager.com https://*.licdn.com; object-src 'self'; style-src 'self' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io 'unsafe-inline'; img-src *; media-src *; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.google.com; frame-ancestors 'none'; font-src * data:; connect-src 'self' https://dpm.demdex.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api.isomer.gov.sg; 3
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; media-src * blob:; child-src * blob:; report-uri /report-csp-violation 3
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://www.bosoy-online.com 3
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 3
frame-ancestors whitelabel.camspower.com wlbackoffice3.xcams.com 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
default-src 'self' https://*.ean.com https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 3
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 3
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 3
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://*.gstatic.com/ 'self'; child-src  'self'; connect-src wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ 'self'; frame-src https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src http://www-medischcontact-tst-1.gxcloud.local/ http://www-medischcontact-tst.gxcloud.local/ http://www-medischcontact-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.local/  https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ javascript:void(0) 'self' data:; media-src  'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 3
default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 3
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * blob: data:; media-src *; object-src *; child-src blob:;worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdn.nanigans.com https://api.nanigans.com https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com/lib/1295-v1.js https://admin.relay42.com/external/tags-1295/ https://tdn.r42tag.com/tags-1295/ https://t.svtrd.com/t-1295/ https://admin.relay42.com/external/tagmanagement/debugWindow https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://optimize.google.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://optimize.google.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.50.0/mapbox-gl.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://optimize.google.com https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/;connect-src 'self' *.eneco.nl https://www.google-analytics.com *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com/events/v2 https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 3
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://s.ytimg.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagservices.com https://ad.doubleclick.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net https://*.googleusercontent.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io https://static-cdn.jtvnw.net https://i.ytimg.com 3
connect-src 'self' habboo-a.akamaihd.net *.habbo.com www.facebook.com *.googlesyndication.com *.g.doubleclick.net hb.improvedigital.com pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net hb.improvedigital.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 3
script-src 'self' 'unsafe-inline' 3
default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; child-src * 'self' blob: http:;font-src * data: 3
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 3
default-src https: *.hwcdn.net *.teeitup.com *.golfid.io; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.tradingview.com https://storage.googleapis.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://res.wx.qq.com https://static.bitkan.com https://static.bitkan.net https://www.google-analytics.com https://www.googletagmanager.com https://hm.baidu.com https://www.sobot.com https://aeis.alicdn.com https://g.alicdn.com https://cf.aliyun.com https://ynuf.alipay.com https://static.geetest.com https://api.geetest.com https://monitor.geetest.com https://dn-staticdown.qbox.me; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://static.bitkan.com https://static.bitkan.net https://fonts.googleapis.com https://static.geetest.com https://dn-staticdown.qbox.me; font-src 'self' data: https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://static.bitkan.com https://static.bitkan.net https://fonts.gstatic.com https://at.alicdn.com; frame-src 'self' redpacket: https://www.tradingview.com https://player.bilibili.com https://files.bitkan.com https://mobile.bitkan.com  https://bitkan.com https://beta.bitkan.com https://static.bitkan.com https://static.bitkan.net https://www.sobot.com https://v.qq.com https://player.youku.com; connect-src 'self' https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://wapi.bitkan.com wss://s.btckan.com:8080 wss://imws.sobot.com:* https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://hm.baidu.com https://upload.qiniup.com https://ynuf.alipay.com https://cors-anywhere.bitkan.com https://uplog.qbox.me https://api.qiniu.com ; object-src 'none' 3
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 3
default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com https://*.parkopedia-ppds.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com https://*.mapbox.com https://unpkg.com;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src 'self' https://*.g.doubleclick.net https://*.qq.com https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.com https://*.dcos.parkopedia.com https://*.localhost.com https://*.localhost.co.uk;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 3
default-src https: 'unsafe-inline' 'self' data: 'unsafe-eval' 3
; frame-ancestors 'self' 3
upgrade-insecure-requests; report-uri /__csp-collector/index 3
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 3
“block-all-mixed-content” 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: com-vonq-main.collector.snplow.net *.cloudfront.net *.bootstrapcdn.com *.nuffic.nl *.clickdimensions.com *.maphub.net *.force.com *.thehagueuniversity.com *.dehaagsehogeschool.nl *.dehaagsehogeschool.nl.local *.dehaagsehogeschool.nl.dev *.hhs.local *.thuas.local *.youtube.com *.ytimg.com *.fbcdn.net *.cdninstagram.com *.instagram.com *.facebook.net *.facebook.com *.twitter.com *.linkedin.com *.hotjar.io *.hotjar.com *.doubleclick.net *.googleadservices.com *.google.com *.google.nl *.cookiebot.com *.jsdelivr.net *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.youtube-nocookie.com *.twimg.com *.azureedge.net *.svc.dynamics.com; object-src 'self'; 3
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 3
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 3
default-src 'self' data: 'unsafe-inline' https: *; 3
base-uri 'none'; object-src 'none'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://ulcm.report-uri.com/r/d/csp/enforce 3
default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com https://demo02.etwealth.com http://demo02.etwealth.com https://m2.cmbwinglungbank.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 3
frame-src checkout.stripe.com s7.addthis.com downloads.orangelogic.com view.officeapps.live.com 'self'; frame-ancestors 'self'; 3
default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://proxy.ay.prod.3whst.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://tagmanager.google.com https://fast.fonts.net; font-src 'self' data: https://www-cdn01.avisonyoung.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com/ https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie; connect-src 'self' https://www.google-analytics.com https://widget.usersnap.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 3
img-src *; 3
script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src 'self' https://fonts.googleapis.com:* https://fonts.gstatic.com:*; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors 'self' https://slimwoner.dev.gohike.nl:* https://www.slimwoner.nl:* https://energieloketflevoland.nl:* https://www.drentsenergieloket.nl:* https://watlaatjeliggen.nl:*; upgrade-insecure-requests 3
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com  *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com 3
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 3
frame-ancestors 'self' https://*.blueconic.net 3
frame-ancestors alunos.institutoprominas.com.br 'self'; 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity-a.akamaihd.net/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://api.steampowered.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 3
frame-ancestors 'self' http://webvisor.com https://webvisor.com 3
object-src 'none'; base-uri 'self' 3
frame-ancestors *.adobe.com 3
frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 3
default-src 'self'  https://*.cms.vwfs.tools https://*.vwfsindia.co.in;  img-src 'self'  data: https://*.cms.vwfs.tools https://*.volkswagenbank.de https://*.omtrdc.net https://*.demdex.net https://img.youtube.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.iadvize.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://cm.everesttech.net  https://*.scene7.com https://*.userzoom.com https://smetrics.www.vwfs.de https://*.adform.net https://www.facebook.com https://*.linkedin.com https://t23.intelliad.de https://c.imedia.cz https://dev.day.com https://t.co https://www.google.com https://www.google.de;    script-src 'self'  'unsafe-inline' https://*.volkswagenbank.de https://*.iadvize.com https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.googleapis.com https://storagewebcalcweud.blob.core.windows.net https://www.volkswagenbank-cloud.de https://t23.intelliad.de https://t13.intelliad.de https://assets.adobedtm.com https://*.omtrdc.net https://*.omniture.com https://*.adobe.com https://*.demdex.net https://cm.everesttech.net https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://www.googletagmanager.com https://c.imedia.cz https://www.seznam.cz https://*.thunderhead.com https://*.twitter.com https://*.fls.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://*.vwfsindia.co.in https://cc.cdn.civiccomputing.com;  style-src 'self' 'unsafe-inline' https://*.iadvize.com https://fonts.googleapis.com https://*.userzoom.com https://*.vwfsindia.co.in;  connect-src 'self' https://vimeo.com https://calculator.volkswagenbank.de https://infokons.vwbank.de  https://*.iadvize.com wss://*.iadvize.com https://*.youtube.com https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.demdex.net https://cm.everesttech.net https://*.tt.omtrdc.net https://*.omtrdc.net *.2o7.net;  frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com;  object-src 'none';  font-src 'self' https://fonts.gstatic.com ;  frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://*.adform.net https://*.iadvize.com https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://vwfms.com https://online.flowpaper.com https://jobs.careerpage.fr https://faleconosco.bancovw.com.br https://atendimento-eletronico.bancovw.com.br https://www.vwfstools.co.uk; 3
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 3
default-src 'self' *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org https://unpkg.com *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net blob:; style-src 'unsafe-inline' *; font-src * data:; connect-src 'self' cdn.opticsinfobase.org *.google.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us wss://*.zoom.us blob:; object-src 'self' cdn.opticsinfobase.org *.cloudfront.net *.googlesyndication.com https://*.zoom.us blob:; frame-src 'self' *.cloudfront.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.googlesyndication.com *.youtube.com https://titanembeds.com; frame-ancestors 'self' *.osa.org *.frontiersinoptics.com; 3
frame-ancestors 'self' https://*.castlery.com https://*.castlery.com.au https://*.castlery.sg https://*.castlery.co 3
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com bam.nr-data.net 'unsafe-eval' 'unsafe-inline' api.mapbox.com blob:; style-src 'self' *.flickr.com *.staticflickr.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com; report-uri /report-csp-violation 3
default-src https: blob:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: ws: wss:; img-src https: data: blob:; 3
frame-ancestors https://*.canalplus.com https://*.cnews.fr 3
default-src * 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 3
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 3
default-src 'self' static.mycity.travel static.www.villars-diablerets.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
frame-ancestors 'self'; form-action 'self' 3
default-src 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zorgvoorbeter.nl https://*.vo.msecnd.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://*.blueconic.net https://*.hotjar.com https://*.hotjar.io https://extend.vimeocdn.com https://www.google-analytics.com https://js.driftt.com https://connect.facebook.net https://www.youtube.com https://*.ytimg.com https://*.bizographics.com https://*.linkedin.com https://*.licdn.com; connect-src 'self' https://dc.services.visualstudio.com https://www.googletagmanager.com https://*.blueconic.net https://api.ipify.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.vilans.nl https://*.blueconic.net https://*.linkedin.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net; frame-src 'self' https://w.soundcloud.com https://www.youtube.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://js.driftt.com https://*.hotjar.com https://www.veiligheid.nl; frame-ancestors 'self'; object-src 'self'; 3
frame-ancestors 'self'; block-all-mixed-content 3
frame-ancestors 'self' *.dja.com; 3
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https:; upgrade-insecure-requests; 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://*.facebook.com 3
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com http://tomsk.effad.ru *.effad.ru effad.ru *.me-talk.ru disgusting.ru https://api-maps.yandex.ru *.yandex.net yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 3
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 3
frame-ancestors 'self' *.medialift.nl *.drugsinfo.nl *.alcoholinfo.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl; 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.bunrattycastle.ie https://www.craggaunowen.ie https://www.dunguairecastle.com https://www.gpowitnesshistory.ie https://www.kingjohnscastle.com https://www.knappoguecastle.ie https://www.malahidecastleandgardens.ie https://www.newbridgehouseandfarm.com https://www.shannonheritage.com https://www.modelrailwaymuseum.ie data: https://*.facebook.net https://*.facebook.com https://*.hotjar.com https://*.bing.com https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://dev.visualwebsiteoptimizer.com https://*.crazyegg.com https://*.youtube.com https://*.youtu.be https://youtu.be https://cookie-cdn.cookiepro.com https://*.instagram.com https://*.cdninstagram.com; 3
default-src 'self' wss://www.reasedoper.pw wss://www.nathetsof.com https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://sdnats.com http://zstat.org/ http://www.sparnove.com/ https://www.sparnove.com/ http://sparnove.com/ https://sparnove.com/ http://sparnove.com https://sparnove.com http://www.sparnove.com https://www.sparnove.com http://igropoisk.com http://www.igropoisk.com http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw https://nathetsof.com https://www.nathetsof.com http://nathetsof.com http://www.nathetsof.com http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://sparnove.com https://api.push.world/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 3
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob: 3
default-src 'self' s3.amazonaws.com www.youtube.com csi.gstatic.com *;frame-src 'self' optimize.google.com *;worker-src 'self';connect-src 'self' *;font-src 'self' fonts.gstatic.com fonts.googleapis.com www.tinymce.com use.fontawesome.com;img-src 'self' 'unsafe-inline' data: blob: *;manifest-src 'self';media-src 'self' s3.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagservices.com www.google-analytics.com securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com 7233492.collect.igodigital.com optimize.google.com * blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com *;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;block-all-mixed-content;upgrade-insecure-requests; 3
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 3
script-src 'self' *.seksualiteit.nl *.seksindepraktijk.nl *.seksuelevorming.nl *.rutgers.international *.rutgers.nl *.weekvandelentekriebels.nl *.rutgers.ug *.rutgers.id *.anticonceptievoorjou.nl *.hotjar.com *.adform.net *.addthisedge.com *.addthis.com *.facebook.com *.newrelic.com *.nr-data.net *.cdn77.org *.ckeditor.com *.smartsupp-widget-161959.c.cdn77.org *.smartsuppchat.com *.adscience.nl *.bugherd.com *.googletagmanager.com *.googleapis.com *.pinterest.com *.readspeaker.com 'unsafe-inline' connect.facebook.net 'unsafe-eval' dev.visualwebsiteoptimizer.com *.google-analytics.com *.bootstrapcdn.com *.google.com *.gstatic.com *.typekit.net *.vimeocdn.com *.youtube.com *.ytimg.com *.fbcdn.net; style-src 'self' 'unsafe-inline' *.fonts.googleapis.com *.googleapis.com *.cdn77.org *.bootstrapcdn.com *.myfonts.net *.readspeaker.com *.youtube.com; font-src 'self' *.cdn77.org *.fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.fonts.googleapis.com *.googleapis.com *.ckeditor.com *.newrelic.com; media-src * 'self' data: 3
default-src 'self' *.onewp.net ;   style-src 'unsafe-inline' 'self' data: *.google.com *.facebook.com *.enalyzer.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.hotjar.com *.hotjar.io *.onewp.net *.google.com *.googleapis.com use.typekit.net p.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com;   font-src 'self' *.google.com *.google.se  *.facebook.com *.enalyzer.com *.adform.net *.facebook.net fonts.gstatic.com data: *.northfork.se *.hotjar.com *.hotjar.io *.elfsight.com *.onewp.net *.prod.onewp.net *.staging.onewp.net use.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com;   script-src 'self' *.google.com *.google.se *.facebook.com *.enalyzer.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.onewp.net *.hotjar.com *.hotjar.io *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com use.typekit.net sc-static.net *.sc-static.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com 'unsafe-inline' 'unsafe-eval' blob:;   connect-src 'self' *.google.com *.google.se *.facebook.com *.enalyzer.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.onewp.net *.hotjar.com *.hotjar.io *.googleadservices.com *.google-analytics.com yoast.com performance.typekit.net oocd-api.azurewebsites.net *.azureedge.net *.svc.dynamics.com;   worker-src 'self' blob: ;   child-src 'self' blob: ;   img-src 'self' data: *.google.com *.google.se *.facebook.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.hotjar.com *.hotjar.io *.cdninstagram.com *.onewp.net *.google-analytics.com *.gstatic.com *.doubleclick.net secure.gravatar.com s.w.org p.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com;   frame-src 'self' * 3
frame-ancestors 'self' https://control.studentpad.com https://control.pad-group.com https://control.localpad.co.uk https://control.lettingspad.co.uk https://sandbox.studentpad.co.uk; 3
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 3
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://argeweb.matomo.cloud https://cdn.matomo.cloud/argeweb.matomo.cloud/matomo.js https://app.convertflow.co https://js.convertflow.co https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://awps01.argewebhosting.nl https://apenterprise.io https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; report-uri /debug/csp; 3
default-src 'self' https://apply5.lumessetalentlink.com www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg; script-src https://apply5.lumessetalentlink.com *.linkedin.com/ https://code.jquery.com https://stackpath.bootstrapcdn.com www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg 'unsafe-inline' 'unsafe-eval' *.stoneforest.com.sg https://stoneforest.com.sg/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://www.googletagmanager.com v1.addthis.com/ v1.addthisedge.com/ s7.addthis.com/ https://graph.facebook.com/ http://graph.facebook.com/; style-src 'self' 'unsafe-inline' https://apply5.lumessetalentlink.com/ https://maxcdn.bootstrapcdn.com/ *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' https://stats.g.doubleclick.net https://apply5.lumessetalentlink.com https://maxcdn.bootstrapcdn.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src https://www.google.com/ https://www.google.com.sg https://stats.g.doubleclick.net www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg *.stoneforest.com.sg *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; media-src 'self' data: blob:; frame-src https://www.youtube.com/ *.linkedin.com/ www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg http://s7.addthis.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://apply5.lumessetalentlink.com/ https://journey-service.tb.lumesse.com https://message-broker.tb.lumesse.com www.stoneforest.com.sg stoneforest.com.sg https://stoneforest.com.sg http://stoneforest.com.sg https://www.stoneforest.com.sg http://www.stoneforest.com.sg *.linkedin.com/ v1.addthis.com/ v1.addthisedge.com/ s7.addthis.com/; 3
frame-ancestors 'self' analytics.pt-dlr.de 3
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 3
frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; 3
font-src unsafe-inline *.gstatic.com *.trustarc.com 'self' data: *.bootstrapcdn.com https://script.hotjar.com/ https://qaapp02.xisecurenet.com/ 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com unsafe-inline *.trustarc.com https://stinger-dev.heledigital.com/ https://home-health.heledigital.com/ *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com unsafe-inline *.google.com *.oraclecloud.com https://data-a495851.data.us2.oraclecloud.com/ https://www.youtube.com/ http://youtube.com/ https://qaapp02.xisecurenet.com/ https://www.gstatic.com/ https://vars.hotjar.com/ https://consent-st.trustarc.com/ *.paymetric.com *.custhelp.com *.trustarc.com *.doubleclick.net https://insight.adsrvr.org/ *.cloudfront.net *.facebook.com *.pur.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com unsafe-inline *.magentocommerce.com *.oraclecloud.com 'self' data: *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.heledigital.com *.mailchimp.com *.doubleclick.net *.google.com *.google.co.in *.cdninstagram.com https://consent.trustarc.com/ *.trustarc.com https://consent-pref.trustarc.com/ https://a5.behance.net/ https://amasty.com/ *.honeywellpluggedin.com/ https://consent.truste.com/ *.co *.facebook.com *.apple.com *.rnengage.com *.googletagmanager.com data: *.pur.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googleadservices.com https://www.gstatic.com/ *.googleads.g.doubleclick.net/ https://www.googleapis.com *.oraclecloud.com *.amazonaws.com *.googletagmanager.com *.mouseflow.com *.hotjar.com https://ajax.cloudflare.com/ consent.trustarc.com https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.youtube.com/ http://youtube.com/ *.pur.com *.atgsvcs.com https://static.ads-twitter.com/ *.facebook.net/ *.doubleclick.net/ https://s.yimg.com/  *.rapidspike.com *.custhelp.com *.twitter.com *.yahoo.com *.cardinalcommerce.com unsafe-inline *.rnengage.com *.google.co.in *.paymetric.com *.rightnowtech.com *.honeywellpluggedin.com *.magentocommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline *.trustarc.com *.googleapis.com *.bootstrapcdn.com *.mailchimp.com *.getfirebug.com *.heledigital.com *.custhelp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://magento.com https://devdocs.magento.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com unsafe-inline *.google-analytics.com consent.trustarc.com *.trustarc.com *.instagram.com *.hotjar.com https://vc.hotjar.io/ https://data-a495851.data.us2.oraclecloud.com/ https://bam.nr-data.net/ https://www.pur.com/community/ https://qaapp02.xisecurenet.com/ *.doubleclick.net *.yimg.com  *.rapidspike.com *.atgsvcs.com *.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src *; block-all-mixed-content; base-uri 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.sndcdn.com https://*.soundcloud.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com https://*.soundcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.linkedin.com https://*.twitter.com https://view.ceros.com https://dl.episerver.net https://connect.facebook.net https://polyfill.io https://*.bizographics.com https://*.datatables.net  https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.optimizely.com https://code.jquery.com https://*.googletagmanager.com https://*.episerver.net https://*.msecnd.net https://*.getsitecontrol.com https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://*.sndcdn.com; img-src 'self' data: https://*.datatables.net https://www.grantthornton.global https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://pixel.newscred.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.googletagmanager.com https://*.marketo.com https://grant-thornton.vuturevx.com https://*.youtube.com https://stats.g.doubleclick.net https://*.grantthornton.sg; style-src 'self' https://*.datatables.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.com 'unsafe-inline' https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; font-src 'self' data: https://*.gstatic.com https://*.getsitecontrol.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; frame-src https://*.google.com https://*.optimizely.com https://*.googletagmanager.com https://*.marketo.com https://*.getsitecontrol.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://optimize.google.com https://view.ceros.com https://www.facebook.com; 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' junchae.com linkharu.com 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://drinksco.report-uri.io/r/default/csp/enforce 3
script-src 'self' http://www.google-analytics.com http://www.googleadservices.com http://www.googletagmanager.com https://tagmanager.google.com/debug https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://media1.admicro.vn https://admicro1.vcmedia.vn https://www.facebook.com https://google.com https://www.google.com.vn https://sohagame.vcmedia.vn https://soap.soha.vn http://beta.soap.soha.vn https://beta.soap.soha.vn https://createjs.com https://pub.mediacdn.vn https://sohagame.mediacdn.vn https://googleads.g.doubleclick.net https://lg1.logging.admicro.vn https://www.youtube.com https://bid.g.doubleclick.net https://fburl.com https://apis.google.com https://widgets.amung.us https://whos.amung.us https://translate.google.com https://s7.addthis.com https://translate.googleapis.com *.fbcdn.net https://*.fbcdn.net https://*.amcdn.vn static.amcdn.vn https://static.amcdn.vn http://static.amcdn.vn http://soap.soha.vn https://deqik.com http://deqik.com https://smsy-fbapi.ycgame.com https://static.xx.fbcdn.net static.xx.fbcdn.net *.xx.fbcdn.net https://saltcdn2.googleapis.com/loader.js https://static.bytedance.com https://s0.ipstatp.com s0.ipstatp.com www.gstatic.com https://www.google.com https://*.firebaseio.com https://*.admicro.vn https://remotejs.com https://sohagame.mediacdn.vn 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 3
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 3
default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 3
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 3
default-src https: data: blob: 'unsafe-inline'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https:; base-uri 'self';  upgrade-insecure-requests; report-uri /csp.cgi 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 3
default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net *.google.com *.gstatic.com; 3
frame-ancestors *.plentymarkets-cloud-ie.com 3
frame-ancestors 'self' facebook.com *.facebook.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: mafdo.com *.mafdo.com mrcdn.com *.mrcdn.com *.googlesyndication.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.google.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.pinterest.com *.youtube.com *.ytimg.com *.gstatic.com *.vimeo.com *.vimeocdn.com *.dailymotion.com *.dmcdn.net 3
default-src 'self'  *.readspeaker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com *.readspeaker.com *.timeblockr.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.readspeaker.com *.timeblockr.com; img-src 'self' data: *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.timeblockr.com; media-src 'self' *.readspeaker.com; frame-src 'self' *.readspeaker.com *.youtube.com; frame-ancestors 'self'; child-src 'self' *.youtube.com; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com *.timeblockr.com; connect-src 'self' *.readspeaker.com *.timeblockr.com; report-uri /report-csp-violation 3
frame-ancestors 'self' http://ausbildungsplatzsuche.fv-eit-bw.de/ https://www.elektro-plus.com/ https://www.elektromobilitaet.nrw/ https://www.e-go-mobile.com/ https://www.deutschland-tankt-strom.de/ 3
frame-ancestors 'self'; base-uri 'self'; 3
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us https://d17o6on0vd932d.cloudfront.net blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://d2b9h3rz4xo53c.cloudfront.net https://d24cgw3uvb9a9h.cloudfront.net https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://static.zoom.com.cn https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://optimize.google.com https://tagmanager.google.com  https://www.gstatic.com/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://d17o6on0vd932d.cloudfront.net https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.us https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.us https://apis.google.com https://gstatic.zoom.com.cn 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none'; 2
default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:*;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests; 2
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coubsecure-s.akamaihd.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=10.08.20; 2
report-uri https://metrics.roblox.com/v1/csp/report?type=enforce; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.evidon.com *.gigya.com *.google-analytics.com *.ns1p.net *.pingdom.net adservice.google.com ajax.aspnetcdn.com ajax.googleapis.com cdn.arkoselabs.com connect.facebook.net funcaptcha.com imasdk.googleapis.com js.rbxcdn.com long.open.weixin.qq.com midas.gtimg.cn radar.cedexis.com res.wx.qq.com roblox-api.arkoselabs.com roblox-load-generator-configuration.s3.us-east-2.amazonaws.com s.ytimg.com sb.scorecardresearch.com static.rbxcdn.com www.google.com www.gstatic.com www.youtube.com/iframe_api h.online-metrix.net request.eprotect.vantivcnp.com request.eprotect.vantivpostlive.com authsite.roblox.com *.googletagmanager.com *.googleadservices.com https://googleads.g.doubleclick.net 2
frame-ancestors 'none'; upgrade-insecure-requests 2
frame-ancestors *.mediafire.com 2
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.iteratehq.com https://iteratehq.com ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com apollo.investopedia.com apollo.local.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://steamcdn-a.akamaihd.net/steamcommunity/public/assets/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://broadcast.st.dl.bscstorage.net https://broadcast.st.dl.eccdnx.com http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; 2
frame-ancestors 'self' https://*.target.com; 2
frame-ancestors https://www.incimages.com http://www.inc.com https://www.inc.com http://www.stumbleupon.com https://www.google.com https://cdn.ampproject.org 2
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com ; 2
frame-ancestors 'self' *.pathfactory.com *.lookbookhq.com *.newrelic.com 2
frame-ancestors 'self' *.bbb.org bbb.org *.bluebbb.org bluebbb.org jsfiddle.net fiddle.jshell.net 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors https://*.parallels.com https://*.parallels.cn https://*.prls.net; 2
frame-src 'self' share.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com;connect-src 'self' appcenter.ms install.appcenter.ms https://secure.gravatar.com *.intercom.io *.optimizely.com uploads.intercomcdn.com uploads.intercomusercontent.com *.cloudfront.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.visualstudio.com *.documents.azure.com *.hockeyapp.net *.blob.core.windows.net https://*.ingest.sentry.io https://graph.microsoft.com appcenter.ms install.appcenter.ms *.xamarin.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://api-prod-east-us2.prod.avalanch.es:8088 https://file.appcenter.ms wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://upload.appcenter.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;default-src 'self' *.msecnd.net data:;font-src 'self' data: js.intercomcdn.com fonts.gstatic.com assets.onestore.ms c.s-microsoft.com;img-src * data:;media-src js.intercomcdn.com xtc-staging-artifacts.s3-eu-west-1.amazonaws.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net app.intercom.io widget.intercom.io js.intercomcdn.com monaco-cdn-int.azureedge.net accessibility-bookmarklets.org uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;style-src 'self' 'unsafe-inline' monaco-cdn-int.azureedge.net accessibility-bookmarklets.org/ uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;worker-src 'self' blob: 2
object-src  'self'; form-action http://*.americanexpress.com/ https://*.americanexpress.com/; worker-src  'none'; font-src http://*.aexp-static.com/ https://cdnjs.cloudflare.com/ https://use.typekit.net/ 'self' http://fonts.gstatic.com/ https://*.bootstrapcdn.com/ https://*.aexp-static.com/; frame-ancestors https://*.aexp.com/  https://*.americanexpress.com/; script-src https://cdnjs.cloudflare.com/ 'unsafe-inline' 'self' https://*.liveperson.net/ https://*.maxymiser.net/ https://googleads.g.doubleclick.net/ https://*.lpsnmedia.net/ http://*.maxymiser.net/ https://www.googleadservices.com/ https://*.aexp-static.com/ https://aexp.demdex.net/ https://c00.adobe.com/ http://*.ensighten.com/ https://connect.facebook.net/ http://*.aexp-static.com/ https://*.americanexpress.com/ https://cdn.appdynamics.com/ http://*.adobedtm.com/ https://*.adobedtm.com/ https://adservice.google.co.il/ http://*.americanexpress.com/ http://*.liveperson.net/ https://*.ensighten.com/ https://www.google.com/ https://*.akamaihd.net/ 'unsafe-eval'; media-src 'self' https://lpcdn.lpsnmedia.net/ https://lpchat.americanexpress.com/; img-src 'self' data: https: http:; frame-src https://staticxx.facebook.com/ https://*.americanexpress.com/ https://*.demdex.net/ https://*.liveperson.net/ http://*.demdex.net/ https://lpcdn.lpsnmedia.net/ https://googleads.g.doubleclick.net/ http://*.americanexpress.com/ https://www.payback.it/ https://service.maxymiser.net/ https://*.aexp-static.com/ https://www.youtube.com/ https://*.akamaihd.net/; connect-src http://*.aexp-static.com/ https://*.americanexpress.com/ https://assets.adobedtm.com/ wss://iwmap.americanexpress.com/ https://*.demdex.net/ https://nexus.ensighten.com/ wss://www.americanexpress.com/ https://*.liveperson.net/ http://*.demdex.net/ https://www.facebook.com/ http://*.americanexpress.com/ https://ad.doubleclick.net/ https://aeopprodvip.acxiom.com/ https://*.aexp-static.com/ https://*.akamaihd.net/; report-uri https://csp.tsrs.cloud/r/d46fe9eb9bace6cb8df60c3cd0f1479061b61362; base-uri http://*.americanexpress.com/ https://*.americanexpress.com/ https://ds-aksb-a.akamaihd.net/ 'self'; style-src https://*.aexp-static.com/ https://14106077.va.cobrowse.liveperson.net/ 'unsafe-inline' 'self';  2
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 2
frame-ancestors 'self' acs.virtualeventsengine.com virtualexhibits360.com psav.digital 2
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
font-src 'self' data: https: https://fonts.gstatic.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com; frame-src 'self' https: https://optimize.google.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com; upgrade-insecure-requests; media-src 'self' https:; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: 2
frame-ancestors 'self' *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com;  2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net cdn.curator.io eisi-ext.azurewebsites.net *.optimizely.com cdn.fundraiseup.com js.stripe.com www.paypalobjects.com pay.google.com www.google.com www.paypal.com www.gstatic.com edge.fullstory.com *.aparat.com *.tableau.com *.wufoo.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org cdn.curator.io *.twimg.com; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com *.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com *.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com ucarecdn.com t.paypal.com *.tableau.com; media-src 'self' *.cdninstagram.com video.twimg.com; frame-src 'self' *.facebook.com www.google.com *.twitter.com e.infogram.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com *.doubleclick.net player.vimeo.com forms.office.com *.optimizely.com js.stripe.com www.paypal.com pay.google.com *.aparat.com *.tableau.com oms.gameloft.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org cdn.curator.io; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org api.curator.io bam.nr-data.net rpapigatewaytest.azurewebsites.net i2e.azurewebsites.net *.optimizely.com fundraiseup.com fndrsp.com www.paypal.com; report-uri /report-csp-violation 2
frame-ancestors https://*.frontier.com https://frontier.com http://*.ftr.com https://*.ftr.com http://*.corp.pvt:* https://*.corp.pvt:*; 2
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  2
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2
frame-ancestors https://*.hepsiburada.com http://*.hepsiburada.com https://forum.donanimhaber.com http://forum.donanimhaber.com https://forumv2.donanimhaber.com http://forumv2.donanimhaber.com 2
script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 2
frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk; report-uri https://o105906.ingest.sentry.io/api/5404623/security/?sentry_key=69c1c2ca19c04107ae9b1d00d235e0b5&sentry_environment=production; 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 2
frame-ancestors 'self' *.avira.com *.avira.org *.avira.net *.prod-blog.avira.com prod-blog.avira.com; 2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com *.youtube.com *.ytimg.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: blob: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com *.ytimg.com; 2
upgrade-insecure-requests ; default-src 'self' https: data: *.comodo.com *.comodo.net wss://*.hotjar.com insights.hotjar.com idsync.rlcdn.com *.adroll.com *.lookbookhq.com *.googletagmanager.com *.hotjar.com *.licdn.com *.optimizely.com *.google-analytics.com *.demandbase.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: js.hs-analytics.net js.hscollectedforms.net geolocation.onetrust.com www.googletagmanager.com cdn.jsdelivr.net geoip.nekudo.com freegeoip.net secure.comodo.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net m.addthisedge.com m.addthis.com s7.addthis.com cdn3.optimizely.com cdn2.optimizely.com www.gstatic.com www.youtube.com cdn.ckeditor.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net code.jquery.com googleads.g.doubleclick.net script.hotjar.com plugins.help.com www.google.com www.google.co.uk cdn.optimizely.com www.comodo.com www.google-analytics.com secure.leadforensics.com static.hotjar.com ajax.googleapis.com secure.comodo.com www.googleadservices.com s.ytimg.com js.hs-scripts.com cdn.cookielaw.org beta.phonewagon.com addevent.com js.phonewagon.com cdn.appsflyer.com sjs.bizographics.com js.usemessages.com d.adroll.mgr.consensu.org *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com tagmanager.google.com *.linkedin.com ; object-src 'self' https: *.comodo.com *.comodo.net download.comodo.com www.youtube.com theapplicantmanager.com secure.trust-provider.com ; img-src 'self' https: data: *.comodo.com *.comodo.net ssl.gstatic.com img.youtube.com *.adroll.com www.facebook.com www.google.ro s9.addthis.com cdn.ckeditor.com www.google.co.uk www.google.co.in www.google.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net cdn.cookielaw.org ads.yahoo.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com cm.g.doubleclick.net us-u.openx.net track.hubspot.com forms.hsforms.com segments.company-target.com www.siliconanalytics.com pippio.com crossmetrix.com dpm.demdex.net p.adsymptotic.com *.linkedin.com ; font-src 'self' https: data: secure.comodo.net *.comodo.com *.comodo.net maxcdn.botostrapcdn.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: cdn.jsdelivr.net cdn.ckeditor.com secure.comodo.net *.comodo.com *.comodo.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.cookielaw.org fonts.googleapis.com www.comodo.com *.lookbookhq.com *.googletagmanager.com tagmanager.google.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com ; base-uri 'self' *.comodo.com *.comodo.net ; form-action 'self' https: *.comodo.com *.comodo.net www.hackerguardian.com www.facebook.com ; frame-src 'self' https: *.comodo.com *.comodo.net app.hubspot.com www.facebook.com staticxx.facebook.com edge.addthis.com www.google.com bid.g.doubleclick.net plugins.help.com vars.hotjar.com www.youtube.com theapplicantmanager.com s7.addthis.com www.youtube-nocookie.com explore.comodo.com cdome.comodo.com ; frame-ancestors 'self' https: comodo.pathfactory.com comodo.lookbookhq.com explore.comodo.com cdome.comodo.com enterprise.comodo.com 2
frame-ancestors https://*.udacity.com 2
frame-ancestors 'self' http://*.dji.com https://*.dji.com 2
default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paytm.com paytmstores.com *.paytmstores.com widget.gleamjs.io gleamjs.io platform.twitter.com *.bintray.com bintray.com cdn.syndication.twimg.com gateway.answerscloud.com *.cloudfront.net *.google.com *.hotjar.com apis.mapmyindia.com cdn.ravenjs.com *.youtube.com *.gstatic.com *.googleadservices.com *.doubleclick.net bid.g.doubleclick.net u.heatmap.it cdn.trackjs.com s.ytimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.branch.io googleads.g.doubleclick.net app.link bid.g cdn.ampproject.org dev.visualwebsiteoptimizer.com paytmmall.com *.paytmmall.com *.insider.in blob:; frame-src 'self' *.paytm.com *.twitter.com s.ytimg.com cdn.syndication.twimg.com *.insider.in *.youtube.com assets.zendesk.com apis.mapmyindia.com *.facebook.com *.google.com *.hotjar.com cdn.ravenjs.com s-static.ak.facebook.com tautt.zendesk.com paytmmall.com *.paytmmall.com paytmstores.com *.paytmstores.com widget.gleamjs.io gleam.io;  object-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com apollo.verywellhealth.com apollo.local.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2
default-src https:; child-src blob: https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
default-src 'self' *.maybank2u.com.my *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com  https://analytics.google.com *.googleapis.com *.googletagmanager.com; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com; font-src *.gstatic.com *.maybank2u.com.my *.google.com; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com 2
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com;frame-ancestors *.ci360.sas.com *.gatheriq.analytics *.curriculumpathways.com 2
frame-ancestors 'self' https://*.sproutsocial.com; 2
default-src 'self' badoo.com eu1.badoo.com us1.badoo.com am1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com *.am1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com   *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.mapbox.com *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:* https://www.google.com https://www.google-analytics.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.googletagmanager.com *.api.here.com *.instagram.com *.digicert.com *.mapbox.com *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; child-src 'self' badoo.com eu1.badoo.com us1.badoo.com am1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com *.am1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com   *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.mapbox.com *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:* https://www.google.com https://www.google-analytics.com https://www.facebook.com blob:; worker-src 'self' badoo.com eu1.badoo.com us1.badoo.com am1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com *.am1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com   *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.mapbox.com *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:* https://www.google.com https://www.google-analytics.com https://www.facebook.com blob:; media-src * data: blob:; frame-src * bds: bdp:; prefetch-src 'self' *.googlesyndication.com *.googletagservices.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml 2
img-src 'self' https: data: cdn.paris.fr 2
frame-ancestors 'self' sharepoint.com *.sharepoint.com https://ukom.uk.net; 2
object-src 'self' https://marketing-cdn.hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://marketing-cdn.hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://player.vimeo.com/* data https://marketing-cdn.hightail.com/; frame-ancestors 'self' https://marketing-cdn.hightail.com; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw standchartbank.experiencecloud.adobe.com experience.adobe.com 2
default-src 'self'; frame-ancestors 'self' https://*.facebook.com; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://www.google-analytics.com/j/collect https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/; object-src 'none'; report-uri https://secreport.synology.com/csp/report; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synology.jobbase.io https://*.synology.com https://synoform.synology.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://cndl.synology.cn https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://px.ads.linkedin.com/ https://alb.reddit.com https://t.co/i/adsct https://p.adsymptotic.com/d/px https://bat.bing.com data: blob:; media-src 'self' https://download.synology.com https://cdn.livechatinc.com; script-src 'self' data: blob: https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com/ https://sjs.bizographics.com/insight.min.js https://bat.bing.com/bat.js https://synology.jobbase.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com d.adroll.mgr.consensu.org *.dca0.com *.adyen.com *.akamaihd.net *.aexp-static.com *.americanexpress.com app.link tag.yieldoptimizer.com hm.baidu.com x.bidswitch.net bat.bing.com *.branch.io s.thebrighttag.com s.btstatic.com *.brightcove.com *.brightcove.net dpdb.webvr.rocks *.burberry.com burberry.com cdnjs.cloudflare.com *.contentsquare.net script.crazyegg.com *.doubleclick.net connect.facebook.net www.facebook.com *.fitanalytics.com reporting.us1.fredhopperservices.com d1snv67wdds0p2.cloudfront.net *.googleapis.com *.googlesyndication.com *.gstatic.com adservice.google.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com *.usehero.com *.twilio.com wss://*.us1.twilio.com wss://*.eu1.twilio.com *.ipinyou.com www.ist-track.com x.klarnacdn.net *.klarna.com *.liveperson.net *.lpsnmedia.net *.mathtag.com service.maxymiser.net bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com *.online-metrix.net *.openx.net *.optimizely.com cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com ct.pinterest.com s.pinimg.com po.st s.po.st rp.gwallet.com *.rakuten.com *.nxtck.com *.xg4ken.com *.linksynergy.com intljs.rmtag.com ln-rules.rewardstyle.com *.richrelevance.com *.riskified.com sb.scorecardresearch.com *.shoprunner.com *.shoprunner.net shopstylecollective.com i.simpli.fi d1fc8wv8zag5ca.cloudfront.net *.sonobi.com *.spotify.com t.a3cloud.net p.teads.tv idsync.rlcdn.com *.turn.com analytics.twitter.com static.ads-twitter.com platform.twitter.com vjs.zencdn.net sp.analytics.yahoo.com s.yimg.com s.yimg.jp b97.yahoo.co.jp mc.yandex.ru *.zooz.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; upgrade-insecure-requests; base-uri 'self'; report-uri https://brbws.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' https://help.patagonia.com/ 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 2
frame-ancestors https://ads.idntimes.com 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov *.google-analytics.com *.googletagmanager.com tagmanager.google.com optimize.google.com ajax.googleapis.com search.usa.gov api.mapbox.com js-agent.newrelic.com dnn506yrbagrg.cloudfront.net bam.nr-data.net *.youtube.com *.ytimg.com trk.cetrk.com universal.iperceptions.com cdn.mouseflow.com n2.mouseflow.com us.mouseflow.com geocoding.geo.census.gov tigerweb.geo.census.gov about: connect.facebook.net www.federalregister.gov storage.googleapis.com *.qualtrics.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.tiles.mapbox.com bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com api.iperceptions.com *.qualtrics.com; default-src 'self'; media-src 'self' *.consumerfinance.gov; style-src 'self' 'unsafe-inline' *.consumerfinance.gov fast.fonts.net tagmanager.google.com optimize.google.com api.mapbox.com fonts.googleapis.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com www.gstatic.com ssl.gstatic.com stats.g.doubleclick.net img.youtube.com *.google-analytics.com trk.cetrk.com searchstats.usa.gov gtrk.s3.amazonaws.com *.googletagmanager.com tagmanager.google.com maps.googleapis.com optimize.google.com api.mapbox.com *.tiles.mapbox.com stats.search.usa.gov blob: data: www.facebook.com www.gravatar.com *.qualtrics.com; font-src 'self' data: *.consumerfinance.gov fast.fonts.net fonts.google.com fonts.gstatic.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com optimize.google.com www.youtube.com *.doubleclick.net universal.iperceptions.com www.facebook.com staticxx.facebook.com mediasite.yorkcast.com *.qualtrics.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com apollo.verywellfit.com apollo.local.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 2
default-src 'self' https://www.youtube.com https://analytics.govinfo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' https://www.youtube.com; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com   https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.govinfo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self' https://www.youtube.com https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 2
font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.credit-suisse.cspta.ch *.credit-suisse-stg.cspta.ch *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net 2
frame-ancestors 'self' https://help.thumbtack.com 2
frame-src https://*.doubleclick.net:* https://*.facebook.com:* https://*.google.com:* https://*.soundcloud.com:* https://*.spotify.com:* https://*.twitter.com:* https://*.vimeo.com:* https://*.youtube.com:*; frame-ancestors 'self'; 2
value 2
default-src https://www.nic.ir https://static.nic.ir 'unsafe-inline'; img-src *.nic.ir https://webchat.nic.ir:8080 https://trustseal.enamad.ir/ http://trustseal.enamad.ir/; font-src *.nic.ir 2
frame-ancestors  oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca  *.virginmobile.ca  *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 2
frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com/beacon.min.js https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org https://*.runescape.wiki https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://unpkg.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://soundcloud.com https://*.weirdgloop.org https://*.runescape.wiki https://*.googleapis.com https://www.google-analytics.com; frame-src https://w.soundcloud.com www.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; base-uri 'self' 2
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrust .org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 2
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 2
script-src         'self'         'unsafe-inline'         'unsafe-eval'         blob:         d2e70e9yced57e.cloudfront.net         d2k0escgkdw2ev.cloudfront.net         *.googleapis.com         *.google.com         *.gstatic.com         *.google-analytics.com         www.googletagmanager.com         www.googleadservices.com         googleads.g.doubleclick.net         cdn.ampproject.org         bat.bing.com         s.yimg.com         cdn.taboola.com         trc.taboola.com         sp.analytics.yahoo.com         *.facebook.com         connect.facebook.net         www.linkedin.com         www.reddit.com         *.twitter.com         static.ads-twitter.com         *.linkedin.com         *.pinterest.com         *.reddit.com         www.dianomi.com         loadus.exelator.com         ct.buyright.com         affiliate.icclicktracker.com         amplify.outbrain.com         track.supersonicads.com         ads.trafficjunky.net         cdn.ckeditor.com         *.wistia.com         sentry.io         opensharecount.com         *.mediaalpha.com         smartforms.ekomi.com         *.amazonaws.com         cfstatic.efdevhub.info         cdn.wallethub.com         static.olark.com         api.olark.com     ; 2
default-src 'self'; media-src 'self' https://storage.googleapis.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.snapchat.com/ https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/; connect-src 'self' https://www.snapchat.com/ https://sentry.sc-prod.net; script-src 'self' https://www.google-analytics.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://images.bitmoji.com; report-uri https://csp-central.appspot.com/report_csp; 2
frame-ancestors 'self' http://info.barchart.com 2
default-src 'self' data: https://*.commerce.gov https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://www.youtube-nocookie.com https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests;  2
connect-src 'self' https://*.clicktale.net https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://infogram.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://assets.threatpost.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com http://media.threatpost.com https://*.addthis.com https://*.cdninstagram.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://assets.threatpost.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://media.threatpost.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://tagmanager.google.com https://threatpost.com https://tpc.googlesyndication.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.hotjar.com *.doorbell.io https://*.ravelrycache.com https://*.chatlio.com https://*.hotjar.com https://*.raygun.io https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com https://ban.nr-data.net bam.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com  https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.gstatic.com *.raygun.io; frame-src 'self' https://*.facebook.com https://*.hotjar.com  https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com doorbell.io:443 https://*.raygun.io https://bam.nr-data.net https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com translate.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; report-uri https://www.index-education.com/violationReportCSP.php;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr data:; 2
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://ad.g.doubleclick.net https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'report-sample' 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'report-sample' 'self' https://fonts.gstatic.com https://www.mbank.pl; connect-src 'report-sample' 'self' https://ad.g.doubleclick.net https://adservice.google.com https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://lp.skp.mbank.pl https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'report-sample' 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'report-sample' 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'report-sample' 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'report-sample' 'self' https://www.mbank.pl;  2
frame-ancestors http://crackstreams.com http://nba-streams.xyz http://nbastreams.xyz http://crackstreams.vip http://nbastreams123.xyz http://crackstreams.ga 2
frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.brides.com *.qa.aws.brides.com apollo.brides.com apollo.local.brides.com atlas.brides.com atlas.local.brides.com 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com; frame-src 'self' https:; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com https://api.tenor.com; script-src 'self' https://gab.com https://*.gab.com 2
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://www.paypalobjects.com https://insights.algolia.io; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com https://scontent.xx.fbcdn.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com https://s.yimg.com https://sp.analytics.yahoo.com/; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://web.delighted.com https://www.facebook.com https://ct.pinterest.com https://insights.algolia.io https://graph.instagram.com https://*.algolianet.com https://*.algolia.net https://s.yimg.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self' *.qnap.com *.qnap.com.tw 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; upgrade-insecure-requests; 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' data: ws: 'unsafe-inline' 'unsafe-eval' *.clutch.co cdn.jsdelivr.net *.cloudflare.com *.google.com *.google.pl *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookiebot.com *.google-analytics.com *.hs-scripts.com *.hsleadflows.net js.hs-banner.com *.hs-analytics.net *.hsforms.net *.hsforms.com js.usemessages.com *.cloud.es.io *.hubspot.com *.doubleclick.net *.shgstatic.com *.hotjar.com *.hotjar.io *.pingdom.net cdn.tiny.cloud *.addthis.com *.addthisedge.com youtube.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com z.moatads.com *.s3.amazonaws.com consent.azureedge.net *.paystand.com *.kickfire.com *.stripe.com browser.sentry-cdn.com hcaptcha.com *.hcaptcha.com; img-src 'self' data: blob: *.shgstatic.com clutch.co *.clutch.co *.tinymce.com *.google.com *.google.pl *.hubspot.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.addthis.com *.ytimg.com *.gstatic.com *.kickfire.com *.googletagmanager.com *.hotjar.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com customer.cludo.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net; style-src 'self' 'unsafe-inline' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net ajax.googleapis.com cloud.typography.com customer.cludo.com https://*.boisestate.edu; img-src data: * ; font-src data: cloud.typography.com 'self' https://*.boisestate.edu; connect-src 'self' api-us1.cludo.com https://*.boisestate.edu *.pusherapp.com *.pusher.com fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org; media-src 'self' https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net; object-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; worker-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; frame-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; ; frame-ancestors 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; form-action 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; upgrade-insecure-requests; block-all-mixed-content; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.newswire.com 2
frame-src 'self' https://*.adyen.com https://*.criteo.com https://*.ftrace.com/ https://*.lidl-info.com https://*.lidl.com https://*.lidl.de https://*.mynetfair.com https://connect.facebook.net https://consentcdn.cookiebot.com https://facebook.com https://h.online-metrix.net https://www.edge-cdn.net https://www.lidl-onlinenewsletter.de https://www.lidl.de https://www.youtube-nocookie.com https://www.youtube.com https://acs2.gpesecure.com ; object-src data: https://connect.facebook.net https://facebook.com https://h.online-metrix.net https://leaflet.lidl-flyer.com ; img-src 'self' data: moz-extension: http://www.adobe.com https://*.adyen.com https://*.criteo.com https://*.kameleoon.com https://*.lidl-shop.com https://*.lidl.de https://*.online-metrix.net https://*.parcellab.com https://*.virtualearth.net https://event.yoochoose.net https://facebook.com https://h.online-metrix.net https://leaflet.lidl-flyer.com https://lidl.de https://media.lidl-flyer.com https://stats.g.doubleclick.net https://via.placeholder.com https://videos.demoup.com https://www.adobe.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.gstatic.com https://www.lidl.de ; report-uri https://lidltest.report-uri.com/r/d/csp/enforce ; frame-ancestors 'self' https://*.lidl.com https://*.lidl.de https://accounts-qa.lidl.com https://accounts-stg.lidl.com https://accounts-uat.lidl.com https://accounts.lidl.com https://beeem.co https://www.lidl.de ; style-src 'self' 'unsafe-inline' https://*.lidl.de https://*.parcellab.com https://facebook.com https://leaflet.lidl-flyer.com https://www.bing.com https://www.lidl.de ; default-src 'self' data: blob: https://lidltest.report-uri.com https://*.criteo.com https://*.kameleoon.com https://*.lidl-shop.com https://*.lidl.de https://*.online-metrix.net https://*.parcellab.com https://*.virtualearth.net https://connect.facebook.net https://endpoints.lidl-flyer.com https://event.yoochoose.net https://events.demoup.com https://facebook.com https://h.online-metrix.net https://leaflet.lidl-flyer.com https://lidl.media01.eu https://stats.g.doubleclick.net https://tracking.s24.com https://videos.demoup.com https://www.bing.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.lidl.de wss://127.0.0.1:* ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http://integrations.fitanalytics.com https://*.adyen.com https://*.criteo.com https://*.kameleoon.eu https://*.lidl.com https://*.lidl.de https://*.parcellab.com https://*.virtualearth.net https://addon.lidl.de https://ajax.googleapis.com https://cdn.ravenjs.com https://code.etracker.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://events.demoup.com https://facebook.com https://googleads.g.doubleclick.net https://h.online-metrix.net https://leaflet.lidl-flyer.com https://lidl.de https://lidl.media01.eu https://s.ytimg.com https://static.demoup.com https://tracking.s24.com https://www.bing.com https://www.dwin1.com https://www.etracker.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lidl.de https://www.youtube.com ; 2
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src * 2
frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.casalemedia.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors https://*.optimizely.com; upgrade-insecure-requests; default-src data: https: 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 2
frame-ancestors 'self' *.cybersource.com ; form-action *.cybersource.com 'self' 2
default-src https:; img-src https: data: www.googletagmanager.com; base-uri 'none'; style-src https: 'unsafe-inline' https://services.postcodeanywhere.co.uk/; script-src https: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://services.postcodeanywhere.co.uk/ https://www.recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; object-src 'none'; font-src https: data: 2
frame-ancestors https://*.etracker.com; script-src 'self' https://*.signalize.com https://*.etracker.com https://*.etracker.de 'unsafe-inline' 2
default-src 'self'; connect-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; font-src * data:  filesystem:; frame-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; img-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; media-src * data:  filesystem:  'unsafe-inline' 'unsafe-eval'; object-src * data:  filesystem:  blob:  'unsafe-inline' 'unsafe-eval'; script-src * blob:  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com  https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net 'unsafe-eval';  script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net lptag.liveperson.net lo.v.liveperson.net lo.msg.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://bf50654wyi.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://o2.mouseflow.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk 'unsafe-eval'; img-src 'self' https://lpcdn.lpsnmedia.net service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net lo.idp.liveperson.net server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self'; media-src lpcdn.lpsnmedia.net; worker-src blob:; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://cp.bhf.org.uk https://live.bhf.org.uk https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.google.co.uk https://www.google.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://edge.addthis.com https://m.addthis.com https://s2.adform.net https://s7.addthis.com https://v1.addthisedge.com https://track.adform.net https://c5.adalyser.com https://js.adsrvr.org https://static.ads-twitter.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://ads.avct.cloud https://ads.avocet.io https://bat.bing.com https://sjs.bizographics.com https://cdnjs.cloudflare.com https://d2oh4tlt9mrke9.cloudfront.net https://d3alqb8vzo7fun.cloudfront.net https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://chat-eu.freshdesk.com https://wchat.eu.freshchat.com https://healthunlocked.com https://wusote.hirizasune.com https://assets.hu-production.be https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://i5uzp6l0.micpn.com https://assets.nhs.uk https://ls.northchaddertonschool.co.uk https://z.moatads.com https://secure.myshopcouponmac.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.oracle.com https://services.postcodeanywhere.co.uk https://timeline51-clientstats1.pusher.com https://js.pusher.com https://stats.pusher.com https://ws.sessioncam.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://turbo.qualaroo.com https://a.rfihub.com https://c1.rfihub.net https://sc-static.net https://siteimproveanalytics.com https://assetscdn.stackla.com https://goconnect.stackla.com https://widget.trustpilot.com https://use.typekit.net https://config1.veinteractive.com https://sp.analytics.yahoo.com https://s.yimg.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://dfgmr6l6mkcrn.cloudfront.net https://use.fontawesome.com https://wchat.eu.freshchat.com https://net.ootil.fr https://assetscdn.stackla.com https://cloud.typography.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com;img-src 'self' data: https://cp.bhf.org.uk https://live.bhf.org.uk https://ad.doubleclick.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://maps.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://optimize.google.com https://www.google.com https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.au https://www.google.com.br https://www.google.com.cy https://www.google.com.eg https://www.google.com.et https://www.google.com.mm https://www.google.com.ng https://www.google.com.sg https://www.google.ae https://www.google.be https://www.google.bf https://www.google.ca https://www.google.de https://www.google.es https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.tt https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://i.ytimg.com https://m.addthis.com https://s3.amazonaws.com https://cx.atdmt.com https://ads.avct.cloud https://x.bidswitch.net https://bat.bing.com https://scontent-iad3-1.cdninstagram.com https://scontent-syd2-1.cdninstagram.com https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://www.facebook.com https://gorentoys.net https://assets.hu-production.be https://images.hu-production.be https://www.linkedin.com https://px.ads.linkedin.com https://twemoji.maxcdn.com https://i5uzp6l0.micpn.com https://zswpmanager.wip.mmc.com https://bam.nr-data.net https://idsync.rlcdn.com https://ws.sessioncam.com https://assetscdn.stackla.com https://web-assets.stackla.com https://trc.taboola.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://gjtrack.ucweb.com https://cookiee1.veinteractive.com https://a.volvelle.tech;media-src 'self' https://ssl.gstatic.com https://dop9av6nvryqq.cloudfront.net;frame-src 'self' ms-appx-web: https://cp.bhf.org.uk https://extras.bhf.org.uk https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://8233349.fls.doubleclick.net https://8455068.fls.doubleclick.net https://optimize.google.com https://tpc.googlesyndication.com https://www.youtube.com https://www.google.com gsa://onpageload https://track.adform.net https://edge.addthis.com https://s7.addthis.com https://match.adsrvr.org https://insight.adsrvr.org https://aax-eu.amazon-adsystem.com https://www.boombox.com https://view.ceros.com https://www.facebook.com https://wchat.eu.freshchat.com https://280841640230733.eu.webpush.freshchat.com https://www.ons.gov.uk https://irewind.com https://zswpmanager.wip.mmc.com https://assets.nhs.uk https://net.ootil.fr https://public.tableau.com https://digital19.typeform.com https://dntcl.qualaroo.com https://app.qzzr.com https://www.qzzr.com https://a.rfihub.com https://20782797p.rfihub.com https://20782800p.rfihub.com https://20782816p.rfihub.com https://20782822p.rfihub.com https://20798315p.rfihub.com https://20798316p.rfihub.com https://20798319p.rfihub.com https://20782802p.rfihub.com https://20782821p.rfihub.com https://20822326p.rfihub.com https://20823015p.rfihub.com https://20823018p.rfihub.com https://tr.snapchat.com https://w.soundcloud.com https://widget.stackla.com https://embed.wirewax.com https://config1.veinteractive.com;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://static3.avast.com https://use.fontawesome.com https://280841640230733.eu.webpush.freshchat.com https://assetscdn.stackla.com https://maxcdn.bootstrapcdn.com;connect-src 'self' https://stats.g.doubleclick.net https://ampcid.google.com https://adservice.google.com https://www.google.com https://www.google-analytics.com https://m.addthis.com https://s7.addthis.com https://in.api4load.net https://cdn.cookielaw.org https://bam.nr-data.net https://www.facebook.com https://chat-eu.freshdesk.com https://privacyportal-eu.onetrust.com wss://chat-eu.freshdesk.com https://sockjs-eu.pusher.com https://sock57-eu.pusher.com wss://ws-eu.pusher.com https://ws.sessioncam.com https://b.ws.sessioncam.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://cookiee1.veinteractive.com https://dtrc.veinteractive.com https://sessionapi.veinteractive.com;report-uri /WebResource.axd?cspReport=true 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 2
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com https://com-avaya.netmng.com https://nan.netmng.com https://audiences.ignitionone.com https://a.rfihub.com https://c1.rfihub.net https://4529201.fls.doubleclick.net https://sp.analytics.yahoo.com com-avaya.qa.netmng.com https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.adroll.com https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://avaya.greenshootlabs.com https://*.kaltura.com https://*.linkedin.com https://*.serving-sys.com https://*.webengage.co https://*.webengage.com https://*.webtrends.com https://*.webtrendslive.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com; style-src 'self' 'unsafe-inline' https://*.avaya.com https://*.kaltura.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://www.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.kaltura.com https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://c.webengage.com https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca; frame-ancestors 'self' ; report-uri https://ce4597319c39d6fb9172e9cd9821a217.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' *.jetstar.com/; 2
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: 2
frame-ancestors https://*.ionos.com https://ionos.com; 2
base-uri 'none'; default-src 'self'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com https://*.facebook.com https://*.google.com; connect-src 'self' https://*.mopinion.com https://*.addthis.com; font-src 'self' https://use.fontawesome.com https://*.mopinion.com https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://* * blob: data:; media-src 'none'; object-src 'none'; script-src 'self' https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com https://*.mopinion.com https://connect.facebook.net https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://*.facebook.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://pagination.js.org https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net https://*.mopinion.com https://use.fontawesome.com https://*.addthis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName; upgrade-insecure-requests 2
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net mijnzakelijk.kpn.com www.grip-on-it.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-reload.liquix.eu dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com www.google-analytics.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.tt.omtrdc.net; object-src 'self' 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 2
img-src https: data: blob:; object-src 'none'; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.googletagmanager.com *.crazyegg.com *.typekit.net use.typekit.net *.adroll.com *.adroll.mgr.consensu.org cors-anywhere.herokuapp.com gist.github.com  rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com *.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com; img-src 'self' data: about: 1.tl813.com arbordayblog.org * *.adroll.com *.leadlander.com *.advertising.com *.facebook.com *.google-analytics.com *.outbrain.com *.pubmatic.com *.3lift.com *.taboola.com dsum-sec.casalemedia.com *.rubiconproject.com ads.yahoo.com *.adnxs.com x.bidswitch.net *.youtube.com idsync.rlcdn.com us-u.openx.net *.atdmt.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' assets-cdn.github.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.soundcloud.com *.jotform.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.com e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com; frame-ancestors 'self' www.logees.com *.liedlodge.org shop.arborday.org corporategifts.arborday.org  *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' arbordayblog.org *.jotform.com cors-anywhere.herokuapp.com *.gstatic.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu; 2
frame-ancestors 'self' https://app.optimizely.com 2
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com https://www.acquiaacademy.com; report-uri /report-csp-violation 2
frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; style-src * 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https://www.blueconic.com https://fonts.blueconic.com  https://cdn2.hubspot.net; img-src https: data:; media-src https: blob:; worker-src blob: 2
frame-ancestors 'self' corning.com *.corning.com *.siteworx.com *.ceros.com *.ariba.com 2
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 2
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com *.abtasty.com; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com ; frame-ancestors 'self' https://*.belastingdienst.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com  https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://f1-eu.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://f1-eu.readspeaker.com *.abtasty.com 'unsafe-inline' 2
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.bidr.io *.accountinsight.cloud *.licdn.com; 2
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com/ https://*.intercomassets.com/ https://static.ads-twitter.com https://analytics.twitter.com https://*.albacross.com https://*.quora.com https://*.googleadservices.com https://*.hs-analytics.net https://snap.licdn.com https://*.hscollectedforms.net https://*.ampproject.org  https://*.hs-scripts.com https://*.onthe.io/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.intercom.io/ https://*.intercomcdn.com/ https://*.lfeeder.com/ https://*.leadfeeder.com/; style-src 'self' 'unsafe-inline'  https://fonts.intercomcdn.com/ https://*.intercomassets.com/ https://*.onthe.io/ https://iotechnologies.com/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com/ https://*.intercomassets.com/; connect-src 'self' https://fonts.intercomcdn.com/  https://*.intercomassets.com/ https://*.albacross.com https://*.hubspot.com https://*.doubleclick.net https://*.onthe.io/ https://news.c8.net.ua/ https://ws.onthe.io/ https://api-iam.intercom.io/ https://*.intercom.io/ wss://*.intercom.io/ https://www.google-analytics.com; frame-src 'self' https://*.onthe.io https://www.youtube.com/; media-src 'self' https://*.onthe.io https://*.iotechnologies.com https://*.dropboxusercontent.com/ https://*.dropbox.com/ 2
frame-ancestors https://*.ionos.es https://ionos.es; 2
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com 2
frame-ancestors 'self' https://*.uit.no https://app.xtramile.no https://www.kunnskapscim.no https://uit.topdesk.net 2
frame-ancestors 'self' *.ibm.com ; child-src blob: * 2
default-src 'self' https://darksky.wufoo.com maps.darksky.net https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' http://storage.googleapis.com https://www.wufoo.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.wufoo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com 2
frame-ancestors 'self' https://*.rightmessage.com; 2
frame-ancestors 'self' http://www.kayak.com.au https://checkin.si.amadeus.net https://pdt.checkin.amadeus.net http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae http://global.cheapflights.com http://global.momondo.com http://kayak.de http://momondo.de http://swoodoo.com http://kayak.fr http://momondo.fr http://www-malaysiaairlines-com.cdn.ampproject.org http://cdn.ampproject.org http://www.ampify.ga https://www.kayak.com.au https://www.momondo.com.au https://www.cheapflights.com.au https://www.ca.kayak.com https://www.momondo.ca https://www.cheapflights.ca https://www.cn.kayak.com https://www.momondo.com.cn https://www.kayak.com.hk https://www.momondo.hk https://www.cheapflights.com.hk https://www.kayak.co.in https://www.momondo.in https://www.in.cheapflights.com https://www.kayak.co.id https://www.cheapflights.co.id https://www.kayak.co.jp https://www.kayak.co.kr https://www.kayak.com.my https://www.cheapflights.com.my https://www.nz.kayak.com https://www.momondo.co.nz https://www.cheapflights.co.nz https://www.cheapflights.com.ph https://www.kayak.com.ph https://www.kayak.sg https://www.cheapflights.com.sg https://www.tw.kayak.com https://www.momondo.tw https://www.kayak.co.th https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk https://www.cheapflights.co.uk https://www.kayak.com https://www.momondo.com https://www.cheapflights.com https://www.ae.cheapflights.com https://www.kayak.ae https://global.cheapflights.com https://global.momondo.com https://kayak.de https://momondo.de https://swoodoo.com https://kayak.fr https://momondo.fr https://www-malaysiaairlines-com.cdn.ampproject.org https://cdn.ampproject.org https://www.ampify.ga https://mobile-api.oneworld.com/ https://oneworld.com/ https://digital.malaysiaairlines.com/ https://ma-stage64-01.adobecqms.net/ https://ma-sit64.adobecqms.net/ https://ma-dev64.adobecqms.net/ 2
frame-ancestors www.red-gate.com; 2
connect-src consumer.krxd.net https://connect.facebook.net edgeapi.ace.teliacompany.net webprovisions-labs.humany.net 'self' telia-se.blueconic.net stats.g.doubleclick.net www.google.se cgchat.callguide.telia.com cdn.blueconic.net pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com; default-src localhost:41680 'self'; font-src https://fonts.gstatic.com webprovisions-labs.humany.net 'self' telia.humany.net data:; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net https://www.facebook.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com; img-src img.youtube.com https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com telia-se.blueconic.net stats.g.doubleclick.net www.google.se beacon.krxd.net d6tizftlrpuof.cloudfront.net cdn.blueconic.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net data: media.krxd.net www.google-analytics.com; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src 'unsafe-inline' https://optimize.google.com webprovisions-labs.humany.net 'self' cdn.krxd.net https://www.facebook.com cdn.blueconic.net www.googletagmanager.com core.dch.got.telia.se wds-s.ace.teliacompany.com portal-hosting.humany.net pi.pardot.com www.google-analytics.com consumer.krxd.net https://connect.facebook.net https://tagmanager.google.com core.dc.teliacompany.net telia-se.blueconic.net wds.ace.teliacompany.com beacon.krxd.net cdn.pardot.com d6tizftlrpuof.cloudfront.net *.usabilla.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net 'unsafe-eval' media.krxd.net; style-src https://tagmanager.google.com 'unsafe-inline' core.dc.teliacompany.net https://optimize.google.com webprovisions-labs.humany.net 'self' telia-se.blueconic.net wds.ace.teliacompany.com d6tizftlrpuof.cloudfront.net cdn.blueconic.net core.dch.got.telia.se telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net media.krxd.net https://fonts.googleapis.com 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' https://torrents-igruha.org https://telegram.im https://moytorrent.ru https://k3node.com https://send-push.info https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://torrents-igruha.org https://telegram.im https://moytorrent.ru https://k3node.com https://send-push.info https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; connect-src 'self' https://torrents-igruha.org https://telegram.im https://k3node.com https://moytorrent.ru https://send-push.info http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com http://*.amazonaws.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 2
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 2
frame-ancestors 'self' https://wiki.abbyy.com 2
default-src https:; font-src https: data:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; child-src https: blob:; frame-src https: blob: 'self'; 2
child-src *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.facebook.com *.google.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.twitter.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.zmags.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com;    connect-src 'self' wss: *.accmats.com *.bronto.com:* *.brontops.com:* *.coremetrics.com ctiapi.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.livelook.com *.pinterest.com *.rollbar.com *.twitter.com *.paypalobjects.com *.paypal.com *.smartystreets.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.atechmotorsports.com *.zmags.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com *.narvar.com;      font-src 'self' data: *.accmats.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com *.typekit.net *.buttercms.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com;      frame-src 'self' *.cardinalcommerce.com *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.doubleclick.net *.dxengineering.com *.facebook.com *.facebook.net funcaptcha.com *.google.com *.googleadservices.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.summitracing.com *.atechmotorsports.com *.summit.network *.twitter.com *.pinterest.com *.paypalobjects.com *.paypal.com *.zscalerthree.net *.youtube.com *.hotjar.com *.hotjar.io *.zmags.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com;      img-src 'self' data: blob: *.abmr.net *.accmats.com *.amazonaws.com *.atechmotorsports.com *.bazaarvoice.com *.bbb.org *.bing.com *.bronto.com *.bron.to *.caltrend.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.doubleclick.net *.dxengineering.com *.facebook.com *.genuinehotrod.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com jwpltx.com *.mathtag.com *.micpn.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.powersportsplace.com *.upsrow.com *.rnengage.com *.summitracing.com *.atechmotorsports.com *.trickflow.com *.twitter.com *.youtube.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net *.summit.network *.buttercms.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com *.narvar.com *.ctfassets.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accmats.com *.adtag.where.com ajax.googleapis.com *.bing.com *.bronto.com *.caltrend.com *.channeladvisor.com *.cloudflare.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.facebook.net funcaptcha.com *.funcaptcha.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com googleads.g.doubleclick.net *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.iesnare.com *.jquery.com *.jwpcdn.com *.livelook.com *.micpn.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.rightnowtech.com *.rnengage.com *.summit.network *.summitracing.com *.atechmotorsports.com *.twitter.com *.certona.net *.res-x.com *.riskified.com *.certcapture.com *.zscalerthree.net *.hotjar.com *.hotjar.io *.zmags.com *.youtube.com *.ytimg.com *.akamaihd.net *.atgsvcs.com  *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com *.rollbar.com;       style-src 'self' 'unsafe-inline' *.accmats.com *.bronto.com *.caltrend.com cdn.materialdesignicons.com ctiapi.com *.custhelp.com *.livelook.com *.oraclecloud.com *.certcapture.com *.gstatic.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net *.typekit.net *.buttercms.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com; 2
base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report 2
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://jobs.jobvite.com https://*.tawk.to https://cdn.jsdelivr.net, connect-src 'self' https://*.tawk.to, img-src 'self' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://*.tawk.to https://cdn.jsdelivr.net, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', form-action 'self' 2
default-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.google.com https://*.brightcove.com https://*.akamaihd.net https://*.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://www.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com blob: data:;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://www.classmarker.com https://cdn.ckeditor.com blob:;                     font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data:;                     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com;                     img-src 'self' 'unsafe-inline' https://www.google-analytics.com https://*.crossref.org https://stats.g.doubleclick.net https://*.brightcove.com https://*.boltdns.net http://imagebank.osa.org https://account.osa.org https://cdn.ckeditor.com;                     object-src 'self' 'unsafe-inline' https://*.akamaihd.net https://*.boltdns.net; 2
frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
default-src 'self' 'unsafe-eval' https://*.tgdd.vn https://*.thegioididong.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: https:; frame-src 'self' https://vuivuilocal.firebaseapp.com https://thegioididong.typeform.com https://embed.24liveblog.com https://node.24live.co https://googleads.g.doubleclick.net https://static.apester.com https://*.doubleclick.net https://*.thegioididong.com https://*.facebook.com https://*.google.com https://youtube.com https://*.youtube.com https://twitter.com https://*.twitter.com https://vars.hotjar.com/; media-src 'self' https://*.tgdd.vn https://*.thegioididong.com; connect-src 'self' https://vc.hotjar.io https://in.hotjar.com https://sample-api-v2.crazyegg.com https://tracking.crazyegg.com https://www.facebook.com wss://socket.24live.co wss://connect.24liveplus.com https://stats.qmerce.com https://api.mixpanel.com https://*.twitter.com https://renderer.qmerce.com https://*.apester.com https://display.apester.com https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.thegioididong.com wss://*.dienmayxanh.com wss://*.thegioididong.com; object-src 'self'; report-uri /lien-he/ 2
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https:; upgrade-insecure-requests; 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; 2
default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
default-src 'self' blob:; connect-src 'self' onesignal.com wss://www.blockonomics.co www.blockonomics.co; font-src cdnjs.cloudflare.com ssl.p.jwpcdn.com; media-src *.jwplayer.com 'self' blob:; object-src *.youtube.com; frame-src *.youtube.com www.google.com; frame-ancestors 'none'; child-src 'self' *.youtube.com blob:; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' image.tmdb.org flixtor.st images.weserv.nl cdnjs.cloudflare.com www.blockonomics.co data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net ssl.p.jwpcdn.com ajax.cloudflare.com cdn.onesignal.com *.gstatic.com www.google.com www.googletagmanager.com flixtor.st www.blockonomics.co blob:; 2
default-src 'self'; connect-src 'self' https://keepersecurity.com https://keepersecurity.eu https://nrpc.olark.com https://forms.hubspot.com https://www.google-analytics.com https://keepersecurity.ktrjao.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://ws.zoominfo.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://static.olark.com https://player.vimeo.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://connect.studentbeans.com https://*.hotjar.com https://forms.hsforms.com https://platform.twitter.com https://twitter.com; img-src 'self' https: data:; media-src 'self' https://static.olark.com; script-src 'self' 'unsafe-inline' https://*.olark.com https://*.hotjar.com https://cdn.studentbeans.com https://*.searchcdn.com https://*.impactradius-event.com https://js.hs-scripts.com  https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://bat.bing.com https://snap.licdn.com https://ws-assets.zoominfo.com https://js.hs-banner.com; style-src 'self' 'unsafe-inline' https://static.olark.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://app.addsearch.com https://platform.twitter.com; 2
default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.demandbase.com *.callrail.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com calendly.com apisandbox.zuora.com *.artefactscloud.com www.facebook.com www.youtube-nocookie.com *.juicer.io *.linksynergy.com *.whiteboard.is marketo.net *.marketo.net marketo.com *.marketo.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com powerbi.com *.powerbi.com fliphtml5.com *.fliphtml5.com *.google.com airtable.com *.amelia.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.io *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com use.edgefonts.net *.rakuten.com fullstory.com *.fullstory.com *.demandbase.com *.callrail.com *.linksynergy.com *.bing.com *.cloudfront.net *.calendly.com jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com unpkg.com rtb123.com *.rtb123.com *.cybba.solutions *.cybba.us storage.googleapis.com rmtag.com *.rmtag.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com microsoft.github.io *.omtrdc.net *.bizible.com *.moatads.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com use.edgefonts.net *.calendly.com *.cloudfront.net jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io use.edgefonts.net *.cloudfront.net; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com *.demandbase.com *.callrail.com *.s3.amazonaws.com s3.amazonaws.com api.company-target.com *.fullstory.com *.mktoresp.com *.facebook.com; 2
default-src 'self' data: https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; font-src https: data:; object-src 'none'; 2
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob: 2
frame-ancestors 'self' bcit.ca *.bcit.ca *.bcit.dev 2
frame-ancestors 'self' *.amadeus.com *.amadeus.net rentacar.aegeanair.com rentacar.olympicair.com e-ticket.aegeanair.com e-ticket.olympicair.com *.mscgn.de mobile.aegeanair.com 2
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com  2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
frame-ancestors 'self' *.sgx.com 2
frame-ancestors 'self' *.kanopystreaming.com *.kanopy.com 2
frame-ancestors 'self' https://microsites.audi.com *.audi-boerse.de https://mtt-live.apps.emea.vwapps.io https://mtt-live-blue.apps.emea.vwapps.io https://mtt.apps.emea.vwapps.io https://mtt-blue.apps.emea.vwapps.io http://mtt-local.apps.emea.vwapps.io; 2
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com 2
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com disqus.com; child-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.disqus.com; style-src 'self' 'unsafe-inline' *.kvk.nl s3.amazonaws.com tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com *.disqus.com *.disquscdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kvk.nl blob: bat.bing.com *.nowinteract.com www.youtube.com s.ytimg.com channel.me cloudstatic.obi4wan.com *.hotjar.com www.google-analytics.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com tagmanager.google.com *.mopinion.com https://miloo.nl wss://miloo.nl *.abtasty.com *.disqus.com *.disquscdn.com; img-src 'self' *.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com https://www.gstatic.com/images/branding/product/2x/translate_24dp.png www.google-analytics.com www.googletagmanager.com https://miloo.nl wss://miloo.nl *.abtasty.com *.cloudfront.com *.mopinion.com *.disqus.com *.disquscdn.com; font-src 'self' blob: data: *.kvk.nl http://fonts.gstatic.com https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com *.disqus.com; connect-src 'self' *.kvk.nl wss://*.kvk.nl opendata.ondernemersplein.nl *.nowinteract.com translate.googleapis.com bots.obi4wan.com app.obi4wan.ai *.hotjar.com wss://*.hotjar.com www.google-analytics.com script.google.com https://miloo.nl wss://miloo.nl *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io *.disqus.com; frame-ancestors 'self' https://*.kvk.nl; base-uri 'self' *.kvk.nl; 2
default-src 'self'; block-all-mixed-content; child-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net analytics-eu.clickdimensions.com www.google.com; connect-src 'self' *.schiphol.nl wss://ws-eu.pusher.com api.usabilla.com app.getsentry.com sentry.io bam.nr-data.net d6tizftlrpuof.cloudfront.net doubleclickadexchange.net www.google-analytics.com pagead2.googlesyndication.com jy11djjhoa.execute-api.eu-west-1.amazonaws.com *.g.doubleclick.net *.tiles.mapbox.com api.mapbox.com obipubvideo.s3.eu-central-1.amazonaws.com ws-eu.pusher.com stats.pusher.com events.mapbox.com api-cdn.embed.ly chat-schipholccc.cs83.force.com schipholccc.secure.force.com *.facebook.com; font-src 'self' data: fonts.gstatic.com tagmanager.google.com themes.googleusercontent.com cdn.schiphol.nl cdn.digitalredesign.nl; frame-ancestors 'self' *.my.salesforce.com www.kcmsurvey.com *.schiphol.nl; frame-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com www.facebook.com connect.facebook.net analytics-eu.clickdimensions.com www.google.com html5-player.libsyn.com cdn.embedly.com service.force.com schipholccc.secure.force.com *.my.salesforce.com www.kcmsurvey.com consentcdn.cookiebot.com customer.bookingbug.com; img-src 'self' data: blob: *.ctfassets.net bam.nr-data.net bat.bing.com bat.r.msn.com cdncash.org d6tizftlrpuof.cloudfront.net doubleclick.net ge0ip.com ge0ip.net ge0ip.org *.g.doubleclick.net lancheck.net maps.googleapis.com *.schiphol.nl schiphol.mobi tagmanager.google.com takethatad.com tm.tradetracker.net ts.tradetracker.net tl.tradetracker.net w.usabilla.com www.google-analytics.com www.google.com www.google.nl www.googleadservices.com www.gstatic.com www.seebuyflyhappyhour.nl connect.facebook.net www.facebook.com s.ytimg.com lh3.googleusercontent.com cdn.digitalredesign.nl ad.doubleclick.net adservice.google.com adservice.google.nl assets.libsyn.com ssl-static.libsyn.com *.content.force.com schipholccc.secure.force.com opt.objectiveportal.com *.ads.linkedin.com; manifest-src 'self' cdn.schiphol.nl cdn.digitalredesign.nl; script-src 'self' data: asset: blob: 'unsafe-inline' 'unsafe-eval' *.schiphol.nl ajax.googleapis.com api.usabilla.com apps-analytics.net bam.nr-data.net bat.bing.com cdn.optimizely.com cdncash.org d1fc8wv8zag5ca.cloudfront.net d6tizftlrpuof.cloudfront.net d19tqk5t6qcjac.cloudfront.net ge0ip.com ge0ip.net ge0ip.org js-agent.newrelic.com tagmanager.google.com tm.tradetracker.net w.usabilla.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com connect.facebook.net www.facebook.com *.tiles.mapbox.com www.youtube.com s.ytimg.com googleads.g.doubleclick.net www.google.com analytics-eu.clickdimensions.com cdn.digitalredesign.nl js.pusher.com stats.pusher.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net *.salesforceliveagent.com *.my.salesforce.com service.force.com ajax.cloudflare.com cdn.embedly.com chat-schipholccc.cs83.force.com static.lightning.force.com schipholccc.secure.force.com consent.cookiebot.com opt.objectiveportal.com snap.licdn.com; style-src 'self' 'unsafe-inline' blob: tagmanager.google.com d6tizftlrpuof.cloudfront.net www.gstatic.com api.tiles.mapbox.com cdn.schiphol.nl cdn.digitalredesign.nl cdn.embedly.com static.libsyn.com service.force.com *.my.salesforce.com chat-schipholccc.cs83.force.com schipholccc.secure.force.com; worker-src 'self' blob: 1327335.fls.doubleclick.net bid.g.doubleclick.net d6tizftlrpuof.cloudfront.net pasaanvraag.schiphol.nl www.youtube.com 5980017.fls.doubleclick.net www.googletagmanager.com *.facebook.com analytics-eu.clickdimensions.com www.google.com 2
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 2
default-src 'self' 'unsafe-inline'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://www.loginpostnl.net https://*.cldsvc.net https://*.salesforce.com https://*.googleapis.com https://*.google.com https://*.abtasty.com https://*.apsis1.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://*.postnl.sogeticloudservices.com https://*.usabilla.com https://www.googletagmanager.com https://www.googleadservices.com https://*.cloudfront.net https://*.innomdc.com https://connect.facebook.net https://platform.twitter.com https://*.linkedin.com https://*.pushcall.com https://*.pusher.com https://www.gstatic.com https://s3.amazonaws.com https://*.ads-twitter.com https://*.doubleclick.net https://*.twitter.com https://cdn.segment.com https://cdn.mxpnl.com https://pi.pardot.com https://*.salesforceliveagent.com https://postnl-frontend-locker.herokuapp.com https://*.hotjar.com https://postnlwebintelligence.s3-eu-west-1.amazonaws.com/analytics_global_new https://*.maglr.com https://quadia.webtvframework.com https://tags.tiqcdn.com/utag/postnl-trial/postnl-eval/dev/utag.js https://tags.tiqcdn.com/; connect-src 'self'  https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.adreskenmerken.eu https://*.cldsvc.net https://*.abtasty.com https://dc.services.visualstudio.com https://*.cloudfront.net https://*.abtasty.com https://*.pushcall.com wss://*.pusherapp.com https://*.pusher.com https://postnl.cubonacci.com https://twmmxtqwx0.execute-api.eu-central-1.amazonaws.com https://api.segment.io https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.usabilla.com https://b54wh2j6xi.execute-api.eu-central-1.amazonaws.com; img-src 'self' https://postnl.nl data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.innomdc.com https://*.cloudfront.net https://*.usabilla.com https://*.facebook.com https://*.atdmt.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.twitter.com https://*.pinterest.com https://t.co https://*.abtasty.com https://apccdn.apsis1.com https://conv.indeed.com https://*.tradetracker.net https://*.maglr.com; frame-src 'self' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://quadia.webtvframework.com https://*.cloudfront.net https://*.salesforce.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.twitter.com https://*.googletagmanager.com https://*.doubleclick.net https://ir.q4europe.com https://w.soundcloud.com https://projects.ivorystudio.net https://*.salesforceliveagent.com https://*.hotjar.com https://*.us.mytracking.net https://us.mytracking.net; style-src 'self' 'unsafe-inline' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://*.salesforce.com https://*.apsis1.com https://*.abtasty.com https://*.googleapis.com https://*.cloudfront.net https://*.maglr.com https://*.usabilla.com; font-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://api.mixpanel.com https://fonts.gstatic.com https://teddytor.abtasty.com https://*.cloudfront.net 2
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.zoeasher.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com *.zoeasher.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.zoeasher.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src   av.estdosc.com  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  2
frame-ancestors 'self' https://*.yandex.ru https://yastatic.net http://*.webvisor.com http://webvisor.com; 2
frame-ancestors 'self' https://teams.microsoft.com https://teams.microsoft.us https://local.teams.office.com https://int.teams.microsoft.com https://devspaces.skype.com https://ssauth.skype.com; report-uri /cspreport 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: 2
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.gymboree.com *.childrensplace.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com search.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com match.prod.bidr.io *.adsrvr.org *.pegacloud.net *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com 2
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' http: data: 2
frame-ancestors 'self' *.bnc.ca *.nbc.ca; 2
default-src 'none'; connect-src https:; font-src https: data:; frame-src https://www.youtube.com/ https://*.siemens.com https://diswlogintest.siemens.com https://*.sw.siemens.com https://*.sw.siemens-test.com https://*.sw.siemens-dev.com https://*.mentor.com https://*.mentor-test.com https://*.mentor-dev.com https://*.mentorvlab.com https://video.mentor.com https://*.mentor.com https://*.ias.plm.automation.siemens.com https://*.pads.com https://www.pads.com https://*.auth0.com https://s7.addthis.com https://www.linkedin.com; img-src https: data:; media-src https://videos.mentor-cdn.com; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; manifest-src 'self';  report-uri https://csp.mentor-apis.com/Prod/report 2
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com; block-all-mixed-content 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src 'none'; connect-src 'self' data: https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' http://nouw.com *.facebook.com *.facebook.net https://secure.payer.se; frame-ancestors 'self' http://frame.bloglovin.com; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src *; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self'; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com *.facebook.com *.facebook.net https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 2
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 2
default-src 'self' 'unsafe-inline' *.bzga.de *.creativecommons.org https://www.youtube-nocookie.com data:; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com 2
default-src 'self' data: https://internalgogdemo.terracycle.com https://fonts.gstatic.com/ https://use.typekit.net/ https://d3c39yxulteaif.cloudfront.net/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/js/mcfx/2794 https://cdn.leadmanagerfx.com/phone/js/2794 https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://js.hs-scripts.com https://js.hs-analytics.net/analytics/ https://js.hs-banner.com https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://script.hotjar.com/ https://secure.wufoo.com/scripts/embed/form.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.google.com/recaptcha/ https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://www.wufoo.com/scripts/embed/form.js https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://syndication.twitter.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://assets.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/; img-src 'self' https://internalgogdemo.terracycle.com https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com/gog-prod/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/maps/vt https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://px.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://t.co/ https://track.hubspot.com https://www.facebook.com/tr/ https://www.google-analytics.com/collect https://www.google-analytics.com/r/ https://www.googletagmanager.com www.googletagmanager.com https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/; connect-src 'self' https://internalgogdemo.terracycle.com https://ipapi.co/json https://maps.googleapis.com/maps/api/geocode/json https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/2794 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information; plugin-types application/pdf application/xml 2
default-src 'self' data: *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.googleadservices.com *.vimeo.com xing-se.jobbase.io *.xingassets.com ct.capterra.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.googleadservices.com *.vimeo.com *.vimeocdn.com xing-se.jobbase.io *.xingassets.com ct.capterra.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net app.vwo.com s.ytimg.com; style-src 'self' data: 'unsafe-inline' *.xing-events.com *.xing.com *.xing-share.com *.youtube.com *.amiando.com *.googletagmanager.com *.bing.com *.ads-twitter.com *.bizographics.com *.twitter.com *.ads.linkedin.com t.co *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.googleadservices.com xing-se.jobbase.io *.xingassets.com ct.capterra.com dev.visualwebsiteoptimizer.com cdn.jsdelivr.net app.vwo.com s3.amazonaws.com; frame-src *; img-src data: https: 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.marketo.com *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://bam.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
upgrade-insecure-requests; default-src https://*.zoom.com.cn https://zoom.com.cn blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://*.zoom.us https://*.cloudfront.net https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.com.cn https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.com.cn https://d17o6on0vd932d.cloudfront.net https://hcaptcha.com https://assets.hcaptcha.com https://https://*.ada.support 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';frame-ancestors 'self' *.zoomcloud.cn; 2
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2
upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
default-src 'self'; img-src * data:; media-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-src *; connect-src * 2
frame-ancestors 'self'; script-src https://cnimg.joyclub.de/ *.joyclub.de https://maps.googleapis.com/ https://www.google.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://s.ytimg.com www.tenor.com *.giphy.com https://www.gstatic.com/ https://*.x-check.de/ https://connect.facebook.net/ blob: https://googleads.g.doubleclick.net/ https://paygate.novalnet.de/v2/ 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 2
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 2
frame-ancestors self *.moneyweb.co.za http://preview.moneyweb-2.instantmagazine.com http://moneyweb-2.instantmagazine.com *.instantmagazine.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://cse.google.com http://cse.google.com https://clients1.google.com http://clients1.google.com https://va.ecitizen.gov.sg http://assets.adobedtm.com *.demdex.net http://wogadobeanalytics.sc.omtrdc.net http://va.ecitizen.gov.sg https://www.google.com https://s3-us-west-2.amazonaws.com http://fonts.googleapis.com http://ajax.googleapis.com https://fonts.gstatic.com cm.everesttech.net http://fast.wogaa.demdex.net https://tools.onemap.sg https://www.gstatic.com https://forms.cwp.gov.sg https://www.google-analytics.com wogadobeanalytics.sc.omtrdc.net https://assets.juicer.io https://connect.facebook.net https://www.facebook.com https://www.juicer.io https://graph.facebook.com https://static.juicer.io https://i.imgur.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://external.xx.fbcdn.net https://twitter.com https://wogaa.demdex.net https://www.googleapis.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.onemap.sg http://www.moh.gov.sg http://www.youtube.com https://www.youtube.com https://static.pigeonhole.at https://pigeonhole.at form.gov.sg https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.google.com.sg *.hotjar.com:* *.hotjar.io wss://*.hotjar.com https://*.wogaa.sg assets.adobedtm.com https://youtu.be https://*.arcgis.com https://assets.dcube.cloud; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 2
frame-ancestors 'self' admin.truelocal.com.au 2
script-src 'self' https://tongji.baidu.com https://hm.baidu.com http://hm.baidu.com *.google-analytics.com http://mat1.gtimg.com https://mat1.gtimg.com http://*.soso.com https://*.soso.com http://*.qq.com https://*.qq.com http://*.qqmail.com  https://*.qqmail.com http://*.qmail.com https://*.qmail.com https://midas.gtimg.cn http://midas.gtimg.cn http://pub.idqqimg.com blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://mail.qq.com/cgi-bin/report_cgi?r_subtype=csp&nocheck=false 2
default-src data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 2
frame-ancestors 'self' *.tdworldwide.com *.techdata.com *.techdata.ca *.cstenet.com *.techdata.eu; 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 2
default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 2
default-src 'self' www.google-analytics.com; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com florenceva.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.epic.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src www.google-analytics.com i.ytimg.com www.epic.com www-dev.epic.com ehrn.org 'self' data:; frame-src 'self' https://www.youtube.com 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors https://www.enel.it https://enelpremia.enel.it https://*.force.com  https://*.salesforce.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2
frame-ancestors * 'self'; 2
default-src  'self' ; connect-src    *;  worker-src    * data: blob: *.transparent.com *.transparent.local *.s3.amazonaws.com;  font-src   * data: blob: 'unsafe-inline';  frame-src   'self' *.transparent.com *.transparent.local *.whichisenglish.transparent.com *.testwie.transparent.com *.s3.amazonaws.com *.amazon.com *.google.com *.appcues.com *.apple.com *.byki.com *.rbdigital.com *.rbdigitalstage.com *.vimeo.com *.youtube.com *.fastspring.com *.onfastspring.com *.hubspot.com *.facebook.com *.twitter.com *.taleo.net *.addthis.com *.hsforms.com *.iorad.com *.typeform.com *.wistia.net *.oncehub.com *.wistia.com data: blob: mailto: --bridge-loaded-- bridge-loaded --wvjb-queue-message-- wvjb-queue-message 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  manifest-src   'self' *.transparent.com *.transparent.local *.s3.amazonaws.com 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  img-src    * data: blob:;  media-src    * data: blob:;  object-src    * data: blob:;  script-src    * 'unsafe-inline' 'unsafe-eval';  style-src    * 'unsafe-inline';  2
frame-ancestors *.ooredoo.qa 2
connect-src 'self' bam.nr-data.net data.fordfoundation.org www.gstatic.com links.services.disqus.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com; font-src 'self' themes.googleusercontent.com; form-action platform.twitter.com syndication.twitter.com www.facebook.com 'self'; frame-src flickrit.com drive.google.com disabilityvisibilityproject.com disqus.com flickrit.com livestream.com movingupusa.com platform.twitter.com player.vimeo.com syndication.twitter.com w.soundcloud.com www.facebook.com www.npr.org www.youtube.com charlierose.com 'self'; img-src 'self' a.tiles.mapbox.com cartocdn-gusc.global.ssl.fastly.net cartodb.s3.amazonaws.com cdn.viglink.com ce.lijit.com data: farm3.staticflickr.com farm9.staticflickr.com links.services.disqus.com pbs.twimg.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com t.co ton.twimg.com us1.siteimprove.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com 88815.global.siteimproveanalytics.io dashboard.umbraco.org; media-src 'self'; prefetch-src disqus.com; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com analytics.twitter.com bam.nr-data.net c.disquscdn.com cdn.syndication.twimg.com connect.facebook.net fordfoundation.cartodb.com fordfoundationblog.disqus.com js-agent.newrelic.com platform.twitter.com player.vimeo.com s.ytimg.com s3.amazonaws.com static.ads-twitter.com static.hotjar.com www.gstatic.com us1.siteimprove.com www.google-analytics.com www.googletagmanager.com www.youtube.com ssl.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com ajax.googleapis.com platform.twitter.com us1.siteimprove.com js-agent.newrelic.com www.fordfoundation.org connect.facebook.net www.gstatic.com; style-src-attr 'unsafe-inline' www.gstatic.com; style-src-elem 'self' 'unsafe-inline' www.gstatic.com c.disquscdn.com platform.twitter.com ton.twimg.com; frame-ancestors 'self'; script-src-attr 'unsafe-inline' 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.investis.com *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com *.eqs.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com; connect-src 'self' data: ws: blob: *.googleadservices.com adservice.google.com *.instabot.io *.yandex.ru; 2
default-src 'self' *.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.ibas.com *.kldiscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com *.hotjar.com *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net; 2
frame-ancestors 'self' *.antena3.com *.lasexta.com *.atresmedia.com *.ondacero.es *.europafm.com *.melodia-fm.com 2
frame-ancestors https://metropcs.mobi https://www.metropcs.mobi https://*.metrobyt-mobile.com https://metropcs.mobileposse.com/; 2
default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com; child-src 'self' blob:; script-src 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://coupon-aktionen.dm.de https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://login.dm.de https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://ssl.hurra.com  https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://d3s22jwy77sx9i.cloudfront.net; frame-ancestors 'self' https://*.dm.de https://app.datadoghq.eu; frame-src 'self' https://ssl.hurra.com https://*.dm.de https://*.services.dmtech.com https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://login.dm.de https://checkout.dm.de https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 2
default-src * data: 'unsafe-eval' 'unsafe-inline' always; 2
default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com 'self'; style-src https://*.hushmail.com https://hushforms.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 2
default-src 'self' *.binomo.com *.binomo.com; child-src *; connect-src 'self' *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com app.getsentry.com *.binomo.com *.binomo.com wss://as.binomo.com:* wss://as.binomo.com:* wss://ws.binomo.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomo.com *.binomo.com; img-src * data:; media-src 'self' *.binomo.com *.binomo.com; script-src 'self' *.hotjar.io *.hotjar.com www.redditstatic.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co *.adroll.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomo.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo.com *.binomo.com 2
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 2
default-src 'self' fl.ru *.fl.ru flstatic-a.akamaihd.net *.facebook.com client.getinchat.com *.jivosite.com *.mail.ru *.yandex.ru *.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: *.fl.ru flstatic-a.akamaihd.net client.getinchat.com cityadstrack.com www.cityadstrack.com artfut.com www.artfut.com cdn.userecho.com connect.facebook.net *.adriver.ru counter.rambler.ru *.newrelic.com *.nr-data.net mc.yandex.ru *.doubleclick.net *.criteo.com *.criteo.net *.mail.ru *.gstatic.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com adservice.google.com adservice.google.ru adservice.google.com.ua *.tns-counter.ru x.cnt.my d31j93rd8oukbv.cloudfront.net *.jivosite.com; img-src data: blob: *; media-src *.fl.ru flstatic-a.akamaihd.net *.jivosite.com; style-src 'unsafe-inline' 'unsafe-eval' blob: https: 'self' *.fl.ru flstatic-a.akamaihd.net client.getinchat.com fonts.googleapis.com *.jivosite.com; font-src 'self' data: blob: https: fonts.gstatic.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' *.fl.ru flstatic-a.akamaihd.net fl.userecho.com *.typeform.com client.getinchat.com *.criteo.com *.criteo.net *.facebook.com *.adriver.ru *.doubleclick.net *.google.com *.google.ru *.indeed.com onesignal.com rutube.ru *.rutube.ru *.vimeo.com youtube.com *.youtube.com; child-src fl.ru *.fl.ru flstatic-a.akamaihd.net; connect-src 'self' *.fl.ru flstatic-a.akamaihd.net *.doubleclick.net *.facebook.com *.google-analytics.com *.mail.ru client.getinchat.com *.jivosite.com *.yandex.ru wss://*.jivosite.com *.nr-data.net; report-uri flru.report-uri.com/r/d/csp/reportOnly; 2
frame-ancestors https://la.utexas.edu https://www.la.utexas.edu https://learn.stanford.edu https://idss.mit.edu https://www.mygreatlearning.com https://www.greatlearning.in https://detectify.com 2
frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 2
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.olark.com js.stripe.com *.visualwebsiteoptimizer.com *.vwo.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 2
default-src 'self' *.google.com *.lusha.co *.lusha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hs-banner.com js.hsadspixel.net *.lusha.co *.lusha.com js.intercomcdn.com https://app.intercom.io widget.intercom.io snap.licdn.com *.wistia.com www.comeet.co www.comeet.com forms.hsforms.com js.hsforms.net s.ytimg.com www.googletagmanager.com *.google.com www.google-analytics.com *.googleadservices.com *.typekit.net js.stripe.com connect.facebook.net bat.bing.com sjs.bizographics.com survey.survicate.com surveys-static.survicate.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com tracking.g2crowd.com public.profitwell.com *.gstatic.com px.ads.linkedin.com www.linkedin.com *.visualwebsiteoptimizer.com app.vwo.com *.fullstory.com fullstory.com dc.ads.linkedin.com *.salesloft.com https://js.driftt.com *.youtube.com; style-src 'self' 'unsafe-inline' *.comeet.co *.comeet.com *.lusha.co *.lusha.com *.wistia.com *.typekit.net tagmanager.google.com fonts.googleapis.com app.vwo.com; img-src 'self' data: connect.facebook.net https://www.w3.org https://www-services.lusha.com https://www-services-staging.lusha.com  www.linkedin.com embedwistia-a.akamaihd.net *.wistia.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com forms.hubspot.com p.adsymptotic.com www.yesware.com www.outreach.io *.lusha.co *.lusha.com ek1m512i34ve2rek3k8v02in-wpengine.netdna-ssl.com salesloft.com blog.calendly.com discoverorg.com www.leadfuze.com www.assistant.to www.google.com www.google-analytics.com www.google.co.il *.gstatic.com bat.bing.com www.facebook.com track.hubspot.com stats.g.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.ads.linkedin.com googleads.g.doubleclick.net *.salesloft.com www.google.ie forms.hsforms.com secure.gravatar.com; font-src 'self' data: use.typekit.net *.lusha.co *.lusha.com js.intercomcdn.com surveys-static.survicate.com fonts.googleapis.com fonts.gstatic.com; report-uri /report-violation; connect-src 'self' data: https://www-services.lusha.com api.hubapi.com https://www-services-staging.lusha.com https://api.intercom.io https://api-iam.intercom.io	https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com http://www-services-local.lusha.co:3030/v2/user-events http://www-services-local.lusha.com:3030/v2/user-events https://private-144d5-gallusha.apiary-mock.com/questions embedwistia-a.akamaihd.net *.wistia.com api.hubspot.com *.lusha.co *.lusha.com www2.profitwell.com *.visualwebsiteoptimizer.com app.vwo.com *.fullstory.com respondent.survicate.com www.google-analytics.com scout.salesloft.com www.facebook.com stats.g.doubleclick.net; child-src https://share.intercom.io https://intercom-sheets.com	https://www.intercom-reporting.com 	https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src www.comeet.com intercom-sheets.com *.wistia.com forms.hsforms.com forms.hubspot.com js.stripe.com www.google.com *.lusha.co *.lusha.com app.vwo.com https://js.driftt.com www.facebook.com *.youtube.com www.comeet.co; form-action www.facebook.com *.lusha.co *.lusha.com https://intercom.help https://api-iam.intercom.io;	worker-src blob: *.lusha.co *.lusha.com *.wistia.com *.visualwebsiteoptimizer.com app.vwo.com; media-src 'self' data: blob: *.lusha.co *.lusha.com js.intercomcdn.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dc-mkt-prod.cloud.bosch.tech dc-ncj-portal.qa.dxf.bosch.tech tags.tiqcdn.com www.youtube.com player.vimeo.com s.ytimg.com statse.webtrendslive.com www.google-analytics.com visitor-service-eu-central-1.tealiumiq.com apps.boschrexroth.com *.monetate.net *.livechatinc.com *.qualtrics.com *.hs-scripts.com *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net js.hsforms.net forms.hsforms.com snap.licdn.com 2
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: ; 2
frame-ancestors 'self' https://*.fdj.fr https://www.laredoute.fr/ http://clients.sismodesign.com; 2
frame-ancestors *.dowjones.net *.fnlondon.com *.efinancialnews.com *.onservo.com 2
default-src https: 'unsafe-inline'; frame-ancestors https:; object-src 'none'; script-src https: 'unsafe-inline' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 2
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com; report-uri /cspreport; 2
frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 2
default-src 'none'; connect-src https://hqiem7393d.execute-api.us-west-2.amazonaws.com https://myscript.prismic.io https://myscript.cdn.prismic.io; font-src data:; img-src 'self' https://cdn-images-1.medium.com https://cdn.myscript.com data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.myscript.com https://cloud.typography.com; media-src 'self'; manifest-src 'self'; object-src 'none' 2
frame-ancestors 'self' https://legacyshield.com https://www.legacyshield.com https://hotfix.legacyshield.com https://test049.legacyshield.com https://getzuby.com https://staging.getzuby.com https://www.assistancedocs.com https://connectedinvestors.com https://www.furnishedfinder.com https://www.keycheck.com https://dev18.furnishedfinder.com https://dev18.keycheck.com https://www.lawyerless.com.au/ https://lawyerless.com.au http://local.lawyerless.com.au/ https://www.american-apartment-owners-association.org/ https://www.tenantalert.com/ https://secure.american-apartment-owners-association.org/ https://aragdc.eyelightdev.ca https://members.dginstitute.com.au https://honcho.com.au https://honcho.com.au:8080; 2
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io; 2
frame-ancestors https://*.ionos.mx https://ionos.mx; 2
default-src 'none'; base-uri 'none'; frame-src www.google.com checkout.stripe.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com checkout.stripe.com www.google-analytics.com www.google.com www.gstatic.com 'unsafe-eval'; img-src *.scryfall.com scryfall.com *.stripe.com www.google-analytics.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com www.google-analytics.com checkout.stripe.com; block-all-mixed-content; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercom.io https://app.brand24.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://mc.yandex.ru https://sumo.com https://clients6.google.com https://app.userengage.com wss://app.userengage.com http://cdn.heapanalytics.com http://heapanalytics.com https://cdn.heapanalytics.com https://heapanalytics.com https://proxy.synerise.com https://tck.synerise.com wss://messenger.synerise.com https://api.ipgeolocation.io https://cdn.cookielaw.org https://grsm.io https://www.google-analytics.com; img-src * 2
default-src https:; connect-src *; font-src https: data:; frame-src https: ; img-src https: data: blob:;  media-src https:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:;  style-src 'unsafe-inline' https:; report-uri /csp_violation_report_endpoint 2
default-src 'self' *.coinex.com:* *.coinex.co:* coinex.com:* coinex.co:* static.zdassets.com coinex.zendesk.com coinex.zendesk.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coinex.com coinex.com *.coinex.co coinex.co www.google-analytics.com static.geetest.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com res.wx.qq.com coinex.zendesk.com coinex.zendesk.co; style-src 'unsafe-inline' at.alicdn.com *.coinex.com coinex.com *.coinex.co coinex.co static.geetest.com coinex.zendesk.com coinex.zendesk.co dn-staticdown.qbox.me; img-src www.google-analytics.com *.coinex.com coinex.com *.coinex.co coinex.co data: stats.g.doubleclick.net static.geetest.com file.coinex.com file.coinex.co; font-src 'unsafe-inline' at.alicdn.com *.coinex.com *.coinex.co coinex.com coinex.co data:; connect-src *.coinex.com:* coinex.com:* *.coinex.co:* coinex.co:* coinex.zendesk.com coinex.zendesk.co coinex-help.zendesk.com coinex-help.zendesk.co *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com wss://*.coinex.com wss://*.coinex.co www.google-analytics.com stats.g.doubleclick.net 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.eum-appdynamics.com https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 2
default-src 'self'; img-src 'self' data: https: *.influxdata.com influxdays.com *.influxdays.com *.influxstaging.com www.google.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.influxdata.com https://influxdata.zoom.us https://boards.greenhouse.io https://js.driftt.com *.marketo.com *.googletagmanager.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://docs.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com code.jquery.com *.googletagmanager.com *.google.com munchkin.marketo.net; connect-src 'self' https: *.google-analystics.com *.mktoresp.com; media-src 'self' https://345197-1067112-raikfcquaxqncofqfm.stackpathdns.com; 2
frame-ancestors https://*.apus.edu 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';img-src data: https: 'self';connect-src https: 'self' wss://*.hotjar.com; 2
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2
frame-ancestors https://www.niagahoster.co.id/ https://panel.niagahoster.co.id/ 2
frame-ancestors skyteam.com 2
default-src https:; script-src http: https: 'unsafe-inline' 'unsafe-eval'; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob:; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss:; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com  https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://px.ads.linkedin.com data: blob: *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://www.google-analytics.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com; 2
default-src 'self' jobs.b-ite.com; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com; object-src 'self' piwik.itzbund.de; media-src 'self' *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors dnbweb-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 2
font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com http://www.concentrix.com http://concentrix.com data: https://1cfrbv1cz8j13t7nr4n67ss1-wpengine.netdna-ssl.com; frame-ancestors https://cvgdotcomprodprvw.azurewebsites.net/careers https://careers.concentrix.com/ https://careers.concentrix.com/careers? https://cvgdotcomprodprvw.azurewebsites.net https://careers.concentrix.com/careers https://concentrix.my.salesforce.com/ https://careers.concentrix.com/careers/us https://careers.concentrix.com/careers/us/ https://careers.concentrix.com/careers/?country=ca https://careers.concentrix.com/* https://careers.concentrix.com/about/contact-us; 2
default-src 'self' *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coop.co.uk https://assets.adobedtm.com cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com; style-src * 'unsafe-inline'; img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie *.ensighten.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net ads-engagement.presage.io secure.adnxs.com; font-src 'self' s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk; media-src *; object-src youtube.com vimeo.com; frame-src 'self' https://cooperativegroup.demdex.net https://forms.office.com https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com; connect-src https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.google-analytics.com; 2
frame-ancestors 'self' *.svenskakyrkan.se https://*.risevision.com https://www.risevision.com/ http://*.kyrkanstrygghetsrad.se/ http://www.kyrkanstrygghetsrad.se/; 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: https://app.acquire.io wss://s.acquire.io data:; img-src https: 'self' data: blob:; font-src 'self' data: https://fonts.gstatic.com https://cdn.dynamicyield.com https://cdn.tollbrothers.com https://app.acquire.io https://s.acquire.io; worker-src https: blob: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-ancestors 'self' http://virtual-tour.battlefields.org/; report-uri /report-csp-violation 2
frame-ancestors https://pay.amazon.com 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com 2
upgrade-insecure-requests; connect-src * https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
default-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.veinteractive.com https://*.typekit.net/ https://*.gstatic.com https://*.bt4.druidplatform.com data: 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' blob:;default-src 'self';object-src 'self';img-src data: https: 'self' *.better.com images.ctfassets.net heapanalytics.com 'unsafe-inline';style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com assets.braintreegateway.com *.better.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com media.better.com data:;media-src media.better.com 'self' chat-assets.frontapp.com https://player.vimeo.com https:;connect-src wss://*.pusher.com *.pusherapp.com https: 'self';frame-ancestors 'self' https://mobile2.accountchek.net https://borrower.accountchek.com https://web.pointserv.com https://flex.twilio.com;frame-src https://*.hellosign.com https://accounts.google.com https://assets.braintreegateway.com https://cdn.plaid.com https://useast1.pcipal.cloud/ bid.g.doubleclick.net dntcl.qualaroo.com insight.adsrvr.org match.adsrvr.org player.vimeo.com www.google.com 'self' https:;report-uri https://bettermg.report-uri.com/r/d/csp/enforce; 2
default-src 'self' data: *.bilibili.com *.hdslb.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.biligame.com; style-src 'self' 'unsafe-inline' *.hdslb.com static.geetest.com; img-src 'self' data: blob: 'unsafe-inline' *.bilibili.com *.hdslb.com http://*.hdslb.com static.geetest.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.cnzz.com cnzz.mmstat.com open.weixin.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bilibili.com *.hdslb.com api.geetest.com static.geetest.com *.bigfun.cn *.bigfunapp.cn *.biligame.com *.cnzz.com http://*.cnzz.com; object-src 'self' *.hdslb.com; media-src 'self' *.acgvideo.com http://*.acgvideo.com *.ksyungslb.com; connect-src 'self' data: wss://*.bilibili.com:* *.bilibili.com *.hdslb.com *.biliapi.net *.biliapi.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; frame-ancestors 'self' *.bilibili.com *.biligame.com *.bigfun.cn *.bigfunapp.cn *.biligame.com; report-uri https://security.bilibili.com/csp_report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com adservice.google.co.uk *.hotjar.com *.clicktripz.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com *.livetex.ru ostrovokru003.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net widgets-2-omni-iframe.livetex.ru tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com tag.crsspxl.com  *.mail.ru ru.surveymonkey.com; img-src * data:; report-uri /hc/csp 2
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; 2
default-src blob: data: https:; script-src blob: https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com data:; 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https:; media-src 'self' video.tesa.com *.youtube.com; connect-src 'self' https: 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://optimize.google.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com apis.google.com https://js.stripe.com https://www.paypal.com; connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com; worker-src 'self'; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://optimize.google.com *.firebaseapp.com https://js.stripe.com *.paypal.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://www.linkedin.com https://maps.googleapis.com https://player.vimeo.com fonts.googleapis.com maps.gstatic.com fonts.gstatic.com 2
default-src    'self'     'unsafe-inline'     'unsafe-eval'    i.4see.mobi;    script-src  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    https://prd01.launch.banfield.com/    http://*.g.doubleclick.net/    https://*.g.doubleclick.net/    http://*.google.com    https://*.google.com    http://tags.srv.stackadapt.com    https://tags.srv.stackadapt.com    http://*.stackadapt.com    https://*.stackadapt.com    'self'    'unsafe-inline'    'unsafe-eval'    http://code.jquery.com/    https://code.jquery.com/    http://assets.adobedtm.com    https://assets.adobedtm.com    http://cdn.optimizely.com    https://cdn.optimizely.com    http://use.typekit.net    https://use.typekit.net    http://fast.fonts.net/    https://fast.fonts.net/    http://gateway.answerscloud.com/    https://gateway.answerscloud.com/    http://*.foresee.com    https://*.foresee.com    http://cdnjs.cloudflare.com/   https://cdnjs.cloudflare.com/    http://www.googletagmanager.com    https://www.googletagmanager.com    http://www.googleadservices.com    https://www.googleadservices.com    http://ssl.google-analytics.com    https://ssl.google-analytics.com    http://js.clickequations.net    https://js.clickequations.net    http://connect.facebook.net    https://connect.facebook.net    http://az416426.vo.msecnd.net/    https://az416426.vo.msecnd.net/    http://www.google-analytics.com/    https://www.google-analytics.com/    http://localhost https://localhost    http://localhost:*    https://localhost:*    http://*.googleapis.com    https://*.googleapis.com    http://*.inspectlet.com    https://*.inspectlet.com    http://*.openweathermap.org    https://*.openweathermap.org    http://*.sharethis.com    https://*.sharethis.com    http://*.sharethis.com    https://*.sharethis.com    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://*.xg4ken.com    https://*.xg4ken.com    http://*.cloudflare.com    https://*.cloudflare.com    http://*.youtube.com    https://*.youtube.com    http://*.ytimg.com    https://*.ytimg.com    http://*.bing.com    https://*.bing.com    http://*.iatspayments.com    https://*.iatspayments.com    http://*.instagram.com    https://*.instagram.com     http://banfield-assets.azureedge.net    https://banfield-assets.azureedge.net    http://banfield-images.azureedge.net    https://banfield-images.azureedge.net    http://banfield-scripts.azureedge.net    https://banfield-scripts.azureedge.net    https://remote.vroptimal-3dx-assets.com/    https://gateway.foresee.com/    i.4see.mobi    https://cdn.schemaapp.com/    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    connect-src  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    blob:    'self'    'unsafe-inline'    'unsafe-eval' https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   http://logx.optimizely.com/log/event    https://logx.optimizely.com/log/event    http://*.visualstudio.com    https://*.visualstudio.com    http://localhost    https://localhost    http://*.inspectlet.com    https://*.inspectlet.com    http://*.typekit.net    https://*.typekit.net    http://*.googleapis.com    https://*.googleapis.com    http://*.facebook.com    https://*.facebook.com    http://*.sharethis.com    https://*.sharethis.com    http://*.optimizely.com    https://*.optimizely.com    https://analytics.foresee.com    https://brain.foresee.com    https://4seeresults.com    https://foreseeresults.com    https://www.google-analytics.com    https://ssl.google-analytics.com/    i.4see.mobi    https://device.4seeresults.com    https://srv.stackadapt.com/    https://tags.srv.stackadapt.com    https://ssl.google-analytics.com/    https://www.google.com/    https://data.schemaapp.com/    https://c.sharethis.mgr.consensu.org/    http://*.foresee.com    https://*.foresee.com    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    frame-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com     https://use.typekit.net    https://data.schemaapp.com    https://prd01.launch.banfield.com/    https://*.helpshift.com https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://checkout.globalgatewaye4.firstdata.com/payment    'self'    'unsafe-inline'    'unsafe-eval'    http://googleads.g.doubleclick.net    https://googleads.g.doubleclick.net    http://www.google.com/    https://www.google.com/    http://www.youtube.com    https://www.youtube.com    http://gateway.answerscloud.com    https://gateway.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.facebook.com    https://*.facebook.com    http://*.adobedtm.com    https://*.adobedtm.com    http://*.doubleclick.net    https://*.doubleclick.net    http://*.doubleclick.net    https://*.doubleclick.net    http://*.sharethis.com    https://*.sharethis.com    http://*.rallybound.org    https://*.rallybound.org    http://*.cdn.optimizely.com    https://*.cdn.optimizely.com    http://sketchfab.com/    https://sketchfab.com/    http://*.cloudfront.net/    https://*.cloudfront.net/    https://demo.globalgatewaye4.firstdata.com/    https://www.vroptimal-3dx-assets.com/    https://static.vroptimal-3dx-assets.com/    https://connect.facebook.net/    i.4see.mobi https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com;    img-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    https://maps.google.com    'self'    'unsafe-inline'    'unsafe-eval'    http://*.cloudflare.com    https://*.cloudflare.com    blob:    http://*.iatspayments.com    https://*.iatspayments.com    http://*.bidswitch.net    https://*.bidswitch.net    http://*.adnxs.com    https://*.adnxs.com    http://*.stackadapt.com    https://*.stackadapt.com  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css  'self' 'unsafe-inline'    'unsafe-eval' data: https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   http://googleads.g.doubleclick.net    https://googleads.g.doubleclick.net    http://*.google-analytics.com/    https://*.google-analytics.com/    http://centro.pixel.ad    https://centro.pixel.ad    http://beacon.clickequations.net/    https://beacon.clickequations.net/    http://www.google.com    https://www.google.com    http://*.banfield.com    https://*.banfield.com    http://www.facebook.com    https://www.facebook.com    http://maps.googleapis.com    https://maps.googleapis.com    http://*.gstatic.com    https://*.gstatic.com    http://pixel.sitescout.com/    https://pixel.sitescout.com/    http://images.banfield.com    https://images.banfield.com   http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://media.banfield.com    https://media.banfield.com    http://*.doubleclick.net    https://*.doubleclick.net    http://*.typekit.net    https://*.typekit.net    http://*.4seeresults.com    https://*.4seeresults.com    http://*.foreseeresults.com    https://*.foreseeresults.com    http://*.answerscloud.com    https://*.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.truste.com    https://*.truste.com    http://*.googleadservices.com    https://*.googleadservices.com    http://*.xg4ken.com    https://*.xg4ken.com    http://*.sharethis.com    https://*.sharethis.com    http://*.bing.com    https://*.bing.com    http://*.azureedge.net    https://*.azureedge.net    http://sb.scorecardresearch.com/    https://sb.scorecardresearch.com/    https://foresee.mobi    https://static.foresee.com/    https://gateway.foresee.com/    i.4see.mobi  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css  https://i.liadm.com/    https://pixel.rubiconproject.com/    https://pixel.advertising.com/    https://simage2.pubmatic.com/    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    style-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net   https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    http://*.fonts.net/    https://*.fonts.net/    'self'    http://*.iatspayments.com    https://*.iatspayments.com    'unsafe-inline'    'unsafe-eval'    http://*.fonts.net    https://*.fonts.net    http://fast.fonts.net    https://fast.fonts.net  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   http://*.banfield.com    https://*.banfield.com    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com   http://*.googleapis.com    https://*.googleapis.com    http://*.jquery.com    https://*.jquery.com    http://*.answerscloud.com    https://*.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.sharethis.com    https://*.sharethis.com    http://cdnjs.cloudflare.com/    https://cdnjs.cloudflare.com/    http://*.fonts.net   https://*.fonts.net    http://*.azureedge.net    https://*.azureedge.net    https://gateway.foresee.com    i.4see.mobi    https://cdn.jsdelivr.net    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    font-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css  https://unpkg.com/  https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net     https://data.schemaapp.com    'self'    'unsafe-inline'    'unsafe-eval'    http://fast.fonts.net    https://fast.fonts.net    http://*.gstatic.com    https://*.gstatic.com    http://use.typekit.net    https://use.typekit.net    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://*.azureedge.net    https://*.azureedge.net    http://*.optimizely.com    https://*.optimizely.com    i.4see.mobi https://maxcdn.bootstrapcdn.com/  https://unpkg.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://cdnjs.cloudflare.com    http://*.foresee.com    https://*.foresee.com    https://banfield-scripts.azureedge.net/    https://*.helpshift.com  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;   2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fold3.com go.fold3.com *.fold3.com http://svc.fold3.com:50000 *.fold3.com https://www.ancestry.com https://request.eprotect.vantivpostlive.com https://request.eprotect.vantivcnp.com *.googleapis.com https://www.ancestrycdn.com https://*.hotjar.com https://*.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com *.gstatic.com https://myfamilycominc.tt.omtrdc.net https://ancestry.sc.omtrdc.net https://bat.bing.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.g.doubleclick.net https://cdnjs.cloudflare.com https://*.demdex.net https://cm.everesttech.net https://vc.hotjar.io https://www.googletagservices.com www.googletagmanager.com optimize.google.com tagmanager.google.com https://adservice.google.com www.amcharts.com https://www.ancestry.com https://privacy-policy.truste.com; img-src * data:;  report-uri /report-csp-violation; 2
frame-ancestors 'self' *.facebook.com *.heartmath.org *.na3.netsuite.com *.pardot.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src ws: https: 'self'; frame-ancestors 'self'; 2
script-src *.frb.org *.googleapis.com *.addthis.com *.youtube.com *.google-analytics.com googlemaps.github.io *.google.com *.gstatic.com *.federalreserve.org *.addthisedge.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com s.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors https://*.dondominio.com https://*.mrdomain.com 2
default-src *.quantummetric.com 'unsafe-inline' 'unsafe-eval' 'self' blob:; worker-src blob:; child-src blob:; object-src 'self'; media-src 'self' usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://usuat.cobrowse.pega.com/ https://usuatassets.cobrowse.pega.com https://geolocation.onetrust.com https://www.google.com https://cdn.cookielaw.org https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.quantummetric.com http://dfcumanagedservicesstageenvironment.112.2o7.net https://analytics.twitter.com/ *.ads-twitter.com https://us.cobrowse.pega.com https://usassets.cobrowse.pega.com *.steelhousemedia.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com *.calcxml.com *.cloudflare.com https://googleads.g.doubleclick.net https://chat.usefirefly.com https://usefirefly.com  https://connect.facebook.net www.google-analytics.com assets.adobedtm.com *.timevaluecalculators.com *.bazaarvoice.com *.iesnare.com *.googleapis.com *.dcuinsurance.com tagmanager.google.com www.googletagmanager.com https://www.google-analytics.com https://firefly-chat-production.s3.amazonaws.com  http://www.googleadservices.com https://connect.facebook.net http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net; connect-src 'self' *.ads-twitter.com *.quantummetric.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com wss://usefirefly.com https://usefirefly.com * *.cloudflare.com *.calcxml.com *.dcu.org *.omtrdc.net *.demdex.net *.bazaarvoice.com wss://chat.usefirefly.com https://www.google-analytics.com  https://www.dcuinsurance.com http://digitalfederalcreditunion.sc.omtrdc.net https://digitalfederalcreditunion.sc.omtrdc.net; img-src 'self' *.com *.yahoo.com http://t.co/ dsum.casalemedia.com su.addthis.com s.thebrighttag.com image2.pubmatic.com ads.scorecardresearch.com t.mookie1.com x.bidswitch.net usermatch.krxd.net match.sharethrough.com cm.g.doubleclick.net ads.yahoo.com pixel.advertising.com insight.adsrvr.org www.facebook.com usassets.chat.pega.com firefly-chat-production.s3.amazonaws.com *.bazaarvoice.com https://www.google.co.in https://www.google.com *.timevaluecalculators.com *.everesttech.net *.demdex.net *.omtrdc.net *.googleapis.com *.gstatic.com *.112.2o7.net https://stats.g.doubleclick.net www.google-analytics.com data:; style-src 'self' 'unsafe-inline' *.cloudflare.com https://usuatassets.cobrowse.pega.com https://usassets.cobrowse.pega.com https://usefirefly.com https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com *.calcxml.com https://tagmanager.google.com usassets.chat.pega.com *.timevaluecalculators.com *.googleapis.com *.bazaarvoice.com https://match.adsrvr.org https://match.prod.bidr.io; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *.doubleclick.net *.culookup.com *.dcu.org *.demdex.net *.locatorsearch.com *.bazaarvoice.com  https://www.fmsi-lts.com/DIG_WS https://fmsi-lts.com/ *.adobecqms.net http://cookies.onetrust.mgr.consensu.org/ stage.dcu.org https://dcu-stage.adobecqms.net http://dcu-stage.adobecqms.net https://dcu-mkt-stage1.campaign.adobe.com https://dcu.campaign.adobe.com https://js-staging.poshdevelopment.com/ https://js.poshdevelopment.com https://api.poshdevelopment.com https://staging.poshdevelopment.com *.youtube.com 2
default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; font-src https: data:; img-src https: data: 2
base-uri 'self';block-all-mixed-content;connect-src https://website.informer.com 'self';default-src 'none';font-src 'self';form-action 'self';frame-ancestors 'none';img-src data: 'self';manifest-src 'self';media-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self';style-src-attr 'unsafe-inline';worker-src 'none'; 2
script-src  'self' 'unsafe-inline' 'unsafe-eval' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* connect.facebook.net snap.licdn.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ad.doubleclick.net px.ads.linkedin.com p.adsymptotic.com cm.everesttech.net dpm.demdex.net;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:* fonts.gstatic.com;report-uri /reporting/csp.htm;img-src 'self' data: *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com wspublicprod.112.2o7.net px.ads.linkedin.com ad.doubleclick.net p.adsymptotic.com adservice.google.com;style-src 'self' 'unsafe-inline' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com 2
default-src 'self' data: https: *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.amazonaws.com *.infogreffe.nc *.infogreffe.fr *.googleapis.com *.twitter.com *.regie.pro; img-src 'self' data: http: *.youtube.com https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; frame-src 'self' data: https: *.web2mobile.fr *.adnxs.com *.tradelab.fr *.twitter.com *.facebook.net *.twimg.com *.azame.net *.google-analytics.com *.infogreffe.nc *.infogreffe.fr *.facebook.com *.doubleclick.net; connect-src 'self' https: *.regie.pro *.addthis.com *.web2mobile.fr 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com bam.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net; frame-src 'self' *.vimeo.com *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me; object-src 'self'; connect-src 'self' *.google-analytics.com *.helpscout.net *.wistia.com d3hb14vkzrxvla.cloudfront.net bam.nr-data.net *.facebook.com yoast.com *.toolset.com *.cloudflare.com wss://chat-support.toolset.com https://chat-support.toolset.com wss://activity-tracker.toolset.com https://activity-tracker.toolset.com *.doubleclick.net 2
frame-ancestors *.windstream.net 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand-ar.com flightbookings.airnewzealand-br.com flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.cn.airnewzealand.com flightbookings.airnewzealand.com.cn flightbookings.en.airnewzealand-ar.com flightbookings.en.airnewzealand-br.com flightbookings.grabaseat.co.nz flightbookings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp auth.airnewzealand.co.nz auth.airnewzealand.com; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info t.a3cloud.net ib.adnxs.com auth.airnewzealand.co.nz auth.airnewzealand.com ssl.google-analytics.com cdnjs.cloudflare.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' video.cdnvue.com ; frame-src 'self' www.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz auth.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
child-src 'self' *.adform.net *.criteo.com *.criteo.net *.optimizely.com *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net  *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de; frame-src 'self' *.adform.net *.criteo.com *.criteo.net *.optimizely.com *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de; object-src 'self'; 2
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 2
child-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; connect-src 'self' https://*.demdex.net https://*.getsentry.com https://*.hotjar.com https://*.sigfig.com https://*.wellsfargo.com https://*.zdassets.com https://*.zendesk.com https://api.greenhouse.io https://bam.nr-data.net https://heapanalytics.com https://maps.googleapis.com https://sentry.io https://sigfig.sc.omtrdc.net https://sigfig.tt.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com wss://*.hotjar.com https://*.cambridgesavings.com; default-src 'self' https://*.sigfig.com https://*.cambridgesavings.com; frame-src 'self' https://*.cloudfront.net https://*.docusign.com https://*.docusign.net https://*.hotjar.com/ https://*.sigfig.com https://go.oncehub.com https://secure.scheduleonce.com https://sigfig.demdex.net https://www.snapengage.com https://*.cambridgesavings.com; font-src 'self' data: https://*.cloudfront.net https://*.sigfig.com https://fonts.gstatic.com https://heapanalytics.com https://*.cambridgesavings.com; img-src 'self' data: http://*.ggpht.com http://*.googleusercontent.com http://*.gstatic.com http://*.wikinvest.com http://feeds.feedburner.com https://*.cloudfront.net https://*.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.quantserve.com https://*.sigfig.com https://cm.everesttech.net https://csi.gstatic.com https://dpm.demdex.net https://heapanalytics.com https://sigfigcitizensbankdev.112.2o7.net https://tags.w55c.net https://www.facebook.com https://www.snapengage.com https://*.cambridgesavings.com; media-src 'self' https://*.cloudfront.net https://*.sigfig.com https://*.cambridgesavings.com; object-src 'self' https://www.snapengage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com/ https://*.newrelic.com https://*.quantserve.com https://*.sigfig.com https://*.wellsfargoadvisors.com https://*.wikinvest.com https://*.zdassets.com https://*.zendesk.com https://apis.google.com https://bam.nr-data.net https://cdn.heapanalytics.com https://heapanalytics.com https://nexus.ensighten.com https://sigfig.sc.omtrdc.net https://sigfigprod.112.2o7.net https://www.snapengage.com https://*.cambridgesavings.com; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.sigfig.com https://heapanalytics.com https://*.cambridgesavings.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self'; base-uri; manifest-src; plugin-types; report-uri; report-to 2
img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: vjs.zencdn.net bofa.demdex.net tags.tiqcdn.com *.akamaihd.net *.baml.com bankofamerica.tt.omtrdc.net *.ml.com secure.insightexpressai.com *.businesswire.com testdata.coremetrics.com http://*.bankofamerica.com https://*.bankofamerica.com  *.brightcove.com *.brightcove.net *.sharethis.com *.twitter.com twitter.com *.facebook.com www.linkedin.com delicious.com digg.com api.pinterest.com www.stumbleupon.com www.myspace.com buzz.yahoo.com www.bankofamerica.com www.boa.com www.ml.com www.merrill.com www.totalmerrill.com www.merrilllynch.com www.ust.com www.us-trust.com www.ustrust.com www.baml.com www.ba-ml.com www.bac.com acemegreen.thismoment.com analytics1.onedotone.net *.googleapis.com ecx.images-amazon.com brightcove.vo.llnwd.net *.doubleclick.net cdnt.meteorsolutions.com expressyourthanks.thismoment.com thismoment-a.akamaihd.net api.tiles.mapbox.com *.google.com *.gstatic.com www.youtube.com www.google-analytics.com bofa.44doors.com *.mapbox.com bofa.demdex.net *.maxmind.com *.betrad.com sjs.bizographics.com www.googletagmanager.com *.userzoom.com *.evidon.com *.zencdn.net *.licdn.com *.company-target.com *.demandbase.com brightcove.hs.llnwd.net *.boldchat.com *.2mdn.net *.dartmotif.net *.doubleclick.com *.merrilledge.com *.digitas.com *.serving-sys.com *.mediamind.com *.corporate-ir.net *.imwx.com; font-src 'self' http: https: *.zencdn.net *.ml.com data:; 2
frame-ancestors 'self' http://www.knorr.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src 'self'; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://freedom.press https://fpfjxcrmw437h6z2xl3w4czl55kvkmxpapg37bbopsafdu7q454byxid.onion https://localhost; connect-src 'self' https://checkout.stripe.com; frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-inline' *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.acquia.com *.marchex.io *.egain.cloud *.analytics-egain.com *.criteo.net *.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com *.jsdelivr.net unpkg.com *.kampyle.com polyfill.io *.b-cdn.net cdn.rawgit.com *.jivox.com *.omappapi.com *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.acquia.com *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com *.jsdelivr.net unpkg.com *.kampyle.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.marchex.io *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net *.jsdelivr.net *.kampyle.com *.turn.com images.rouseservices.com *.advanseads.com; frame-src 'self' *.acquia.com *.marchex.io *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com; child-src 'self' *.acquia.com *.marchex.io *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com blob:; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com *.jsdelivr.net *.kampyle.com; connect-src 'self' *.acquia.com *.appcues.net wss://*.appcues.net *.web-2-tel.com web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live *.kampyle.com wss://*.visitors.live *.bugsnag.com *.omappapi.com 2
default-src 'self'; child-src 'self' blob: https://content.googleapis.com https://www.googletagmanager.com/ns.html; connect-src 'self' https://siteintercept.qualtrics.com https://atlas.microsoft.com https://www.google-analytics.com https://events.glasgowlife.org.uk https://plus.browsealoud.com https://*.speechstream.net https://stats.g.doubleclick.net https://babm.texthelp.com https://dc.services.visualstudio.com; font-src 'self' 'unsafe-inline' data: https://atlas.microsoft.com https://fonts.gstatic.com https://fonts.googleapis.com https://fast.fonts.net; frame-src 'self' https://player.vimeo.com https://www.youtube.com; img-src 'self' blob: data: https://atlas.microsoft.com https://gl-events.s3.amazonaws.com https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://gl-wip-portal-cache.azureedge.net https://gl-test-portal-cache.azureedge.net https://gl-prod-portal-cache.azureedge.net https://glwipportal.blob.core.windows.net https://gltestportal.blob.core.windows.net https://glwipportal.blob.core.windows.net https://glprodportal.blob.core.windows.net https://glportalprodblob.blob.core.windows.net https://glportalv2qablobfront.blob.core.windows.net https://glportalv2prodblob.blob.core.windows.net https://events.glasgowlife.org.uk https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.gravatar.com https://plus.browsealoud.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://*.speechstream.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://apis.google.com https://atlas.microsoft.com https://www.browsealoud.com https://plus.browsealoud.com https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://fast.fonts.net https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://atlas.microsoft.com https://fonts.googleapis.com https://fast.fonts.net https://plus.browsealoud.com https://tagmanager.google.com; report-uri https://stormid.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri http://main.acsevents.org/site/XFrameViolation 2
frame-src 'self' blob: *.cochlear.cloud *.stg.cochlear.cloud  *.cochlear.cloud *.qualaroo.com *.simpli.fi https://marvelapp.com *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com ; connect-src 'self' *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.maxmind.com *.geoip-js.com geoip-js.com *.crazyegg.com ; font-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com ; img-src 'self'  'unsafe-inline' 'unsafe-eval' data: *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.cochlear.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com medialead.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' blob: *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.quora.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com  *.ads-twitter.com *.steelhousemedia.com *.bing.com adroll.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com *.cochlear.com *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.maxmind.com *.geoip-js.com geoip-js.com medialead.de; style-src 'self'  'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com; 2
frame-ancestors 'self' uninter.com *.uninter.com  http://siteapi.uninter.com http://univirtus.uninter.com; 2
default-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com; img-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com data:; connect-src 'self'; script-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline'; style-src * 'self' https://*.google.com http://*.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com 'unsafe-inline' 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; 2
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
frame-ancestors http://webvisor.com 2
frame-ancestors https://*.news.at http://*.news.at; upgrade-insecure-requests; block-all-mixed-content 2
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io www.googleadservices.com googleads.g.doubleclick.net; frame-ancestors 'self' *.gaoding.com god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com www.huodongxing.com www.365editor.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://pnew.365editor.com http://pwww.365editor.com http://new.365editor.com https://new.365editor.com https://ex.365editor.com http://ex.365editor.com http://www.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com https://testsmb.lenovo.net/ www.wxb.com http://local.wxb.com http://*.gaoding.com https://*.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top https://xmyplus.jiangniaocloud.top http://editor.chinaso.com http://*.huanleguang.com http://*.huanleguang.cn http://*.haoche.cn https://*.haoche.cn 2
frame-ancestors https://*.shapeamerica.org 2
frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 2
frame-ancestors self fasttech.com *.fasttech.com 2
report-uri /csp-report.php; default-src 'none'; font-src https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://www.fio.cz https://www.fio.sk https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net; connect-src 'self' https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2
frame-ancestors https://*.greatcall.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline'  data: https://wapi.nic.fr https://www.google.com http://www.afnic.fr/  http://s7.addthis.com https://s7.addthis.com http://m.addthisedge.com/ https://m.addthisedge.com/ http://m.addthis.com/ https://m.addthis.com/ platform.twitter.com http://www.google-analytics.com https://ssl.google-analytics.com/ https://www.afnic.fr/  https://cdn.syndication.twimg.com/widgets/ ; object-src 'self' https://s7.addthis.com https://www.google.com/jsapi https://cdn.syndication.twimg.com ; form-action 'self'; child-src https://www.openstreetmap.org/ https://platform.twitter.com https://maps.google.fr/ https://www.dailymotion.com https://www.youtube.com/ https://s7.addthis.com https://www.google.com https://www.facebook.com/ http://www.facebook.com/ http://eyedo.tv/ https://eyedo.tv/ ;frame-ancestors https://www.facebook.com/ http://www.facebook.com/ 2
default-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech;connect-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.eazeup.com https://xid.eaze.io https://xid.eazewellness.com https://*.firebaseio.com wss://*.firebaseio.com https://*.googlevideo.com https://api.berbix.com https://api.inoviopay.com https://api.lever.co https://api.segment.io https://eaze.pxf.io https://eaze.zendesk.com https://ekr.zdassets.com https://googleads.g.doubleclick.net https://res.cloudinary.com https://rs.fullstory.com https://sentry.io https://spreadsheets.google.com https://skyfire.vimeocdn.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://www.google-analytics.com https://www.youtube.com;font-src 'self' data: https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://fonts.gstatic.com https://s3.lightboxcdn.com https://verify.berbix.com;frame-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.firebaseio.com https://player.vimeo.com https://verify.berbix.com https://www.youtube.com;img-src 'self' data: https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.eazeup.com https://aa.agkn.com https://adadvisor.net https://ads.creative-serving.com https://bh.contextweb.com https://bm.adentifi.com https://ce.lijit.com https://cm.g.doubleclick.net https://col.surfside.io https://dmx.districtm.io https://dpm.demdex.net https://dsum.casalemedia.com https://eb2.3lift.com https://edge.surfside.io https://hexagon-analytics.com https://i.vimdeocdn.com https://i.ytimg.com https://ib.adnxs.com https://id5-sync.com https://inv-nets.admixer.net https://logs-01.loggly.com https://maps.googleapis.com https://maps.gstatic.com https://match.adsrvr.org https://pixel.adswizz.com https://pixel.rubiconproject.com https://pixel.tapad.com https://pixelb.randi.adswizz.com https://q75ihpqk.micpn.com https://res.cloudinary.com https://rs.fullstory.com https://rtb-csync.smartadserver.com https://rtb.gumgum.com https://s.pubmine.com https://s3.lightboxcdn.com https://secure.adnxs.com https://simage2.pubmatic.com https://ssl.gstatic.com https://sync.1rx.io https://sync.outbrain.com https://sync.search.spotxchange.com https://t.co https://us-u.openx.net https://v2uploads.zopim.io https://verify.berbix.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.lightboxcdn.com https://www.youtube.com https://yt3.ggpht.com https://x.bidswitch.net;media-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://static.zdassets.com;object-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.firebaseio.com https://ads.creative-serving.com https://analytics.twitter.com https://cdn.segment.com https://cdn.siftscience.com https://cm.g.doubleclick.net https://d.impactradius-event.com https://edge.fullstory.com https://f.vimeocdn.com https://lightboxapi.azurewebsites.net https://maps.googleapis.com https://match.adsrvr.org https://pixel.tapad.com https://q75ihpqk.micpn.com https://secure.adnxs.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.zdassets.com https://static2.creative-serving.com https://tagmanager.google.com https://verify.berbix.com https://widget-mediator.zopim.com https://fullstory.com https://www.fullstory.com https://www.google-analytics.com https://www.googletagmanager.com https://www.lightboxcdn.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://fonts.googleapis.com https://s3.lightboxcdn.com https://tagmanager.google.com https://verify.berbix.com https://www.lightboxcdn.com;upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.eastwood.com *.bronto.com *.resultspage.com *.bazaarvoice.com *.google.com *.affirm.com *.facebook.net *.bing.com *.hotjar.com *.kaptcha.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.murdoog.com *.pingdom.net *.googleapis.com *.googleadservices.com *.bootstrapcdn.com *.bronto.com *.klevu.com *.gstatic.com *.ytimg.com *.doubleclick.net *.ksearchnet.com *.kustomerapp.com *.facebook.com *.hotjar.io *.zdassets.com *.materialdesignicons.com *.youtube.com *.liadm.com *.abtasty.com *.zendesk.com *.zopim.com *.noibu.com *.bm23.com *.criteo.net *.criteo.com *.newrelic.com *.nr-data.com *.nr-data.net *.googletagservices.com *.googleadservices.com *.googlesyndication.com *.paymentech.com *.acsbapp.com *.acsbap.com *.paypal.com *.paypalobjects.com secure-ecommerce-services.com *.casalemedia.com *.stickyadstv.com *.ivitrack.com *.taboola.com *.e-planning.net *.yieldmo.com *.smaato.net *.adnxs.com *.pubmatic.com *.rlcdn.com *.advertising.com *.yahoo.com *.rubiconproject.com *.postrelease.com *.outbrain.com *.teads.tv *.tremorhub.com *.aralego.com *.360yield.com *.bluekai.com *.online-metrix.net *.emjcd.com *.smartadserver.com *.mediawallahscript.com *.3lift.com *.addthis.com *.clmbtech.com *.revcontent.com *.meba.kr *.tapad.com *.openx.net *.media.net *.turn.com *.krxd.net *.aralego.net *.pusher.com *.pusherapp.com *.cloudinary.com *.mxpnl.com *.mixpanel.com *.countryflags.io *.s3.amazonaws.com *.chatio-static.com *.googleusercontent.com *.maxcdn.com *.launchdarkly.com *.statuspage.io *.bron.to *.bidswitch.net *.agkn.com *.melissadata.net 2
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' content.searchengines.guru search.searchengines.guru d.searchengines.guru 'unsafe-inline'; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' content.searchengines.guru chat.searchengines.guru d.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' content.searchengines.guru https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' d.searchengines.guru content.searchengines.guru www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 2
img-src 'self' *.ebay.com *.ebay.cn www.google-analytics.com *.salesforce.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 2
frame-ancestors 'self' https://www.elal-matmid.com https://*.elal.com; 2
frame-src 'self' https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://twitter.com/ https://kongsberg.easycruit.com 2
default-src 'self' 'unsafe-inline' *.uhasselt.be enquete.agconsult.com https://cdn.jsdelivr.net/npm/ https://stream.livemedia.net/obfs  *.tawk.to/* www.google-analytics.com *.twitter.com *.twimg.com * fast.fonts.net *.delijn.be *.deburen.tv img.youtube.com *.gstatic.com *.getflowbox.com *.google.com *.tawk.to;script-src 'self'  'unsafe-eval' 'unsafe-inline' enquete.agconsult.com https://cdn.jsdelivr.net/npm/ *.vimeo.com  https://stream.livemedia.net/obfs *.tawk.to/* www.google-analytics.com *.googleapis.com *.twitter.com *.twimg.com *.deburen.tv *.youtube.com  cdn.syndication.twimg.com *.getflowbox.com *.delijn.be fast.fonts.net https://siteimproveanalytics.com *.addthis.com  *.addthisedge.com *.facebook.com *.linkedin.com *.issuu.com *.google.com *.googletagmanager.com *.folders.eu connect.facebook.net *.amcharts.com *.tawk.to;img-src * data:;connect-src *;media-src *;frame-src *.uhasselt.be https://www3.uhasselt.be* *.google.be https://cdn.jsdelivr.net/npm/ *.addthis.com https://stream.livemedia.net/obfs *.tawk.to/* *.clickdimensions.com https://uhasselt-uf.be/ https://www.surveygizmo.com *.twitter.com *.twimg.com  *.issuu.com *.delijn.be *.deburen.tv https://vimeo.com/ *.youtube.com  *.vimeo.com   https://siteimproveanalytics.com *.google.com *.folders.eu https://script.google.com/macros/s/AKfycbwDa0K00fdLIaHvDQ9i6OFF6RBjz0kBQv4vc9eXHzpxLuVSBs9Z/exec https://hetmeestmemorabele100dagenfeest.be https://demeestmemorabelechrysostomos.be http://xmos.preflight.space/ *.amcharts.com *.tawk.to;frame-ancestors *.uhasselt.be https://cdn.jsdelivr.net/npm/ *.google.com https://stream.livemedia.net/obfs  *.tawk.to/* https://uhasselt-uf.be/ https://www.surveygizmo.com https://siteimproveanalytics.com *.twitter.com  *.twimg.com *.delijn.be http://*.abmtrans.eu http://abmtrans.eu http://*.mobitwist.be http://mobitwist.be  *.tawk.to; 2
frame-ancestors *.ndtv.com *.gadgets360.com pricee.com hotdeals360.com; 2
default-src 'self' 'unsafe-inline' blob: *.disquscdn.com disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.freeagent.com *.fre.ag *.googleapis.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.getdrip.com *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.disqus.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.disquscdn.com disqus.com *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net optimize.google.com js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/ optanon.blob.core.windows.net code.jquery.com *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com geoip-js.com cdn.rollbar.com *.appointedd.com s3-eu-west-1.amazonaws.com *.zdassets.com widget-mediator.zopim.com; img-src data: blob: *; frame-src 'self' *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com disqus.com *.addthis.com embedwistia-a.akamaihd.net www.youtube.com www.youtube-nocookie.com www.google.com *.disquscdn.com widget.trustpilot.com *.googletagmanager.com optimize.google.com widget-prime.rafflecopter.com *.appointedd.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com *.disquscdn.com *.twitter.com *.twimg.com tagmanager.google.com hello.myfonts.net optimize.google.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com *.zdassets.com; connect-src 'self' data: wss: *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com; object-src 'self' embedwistia-a.akamaihd.net; report-uri https://freeagent.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tvawcm.com *.tva.gov *.tva.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com code.highcharts.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org e.issuu.com https://cdn.siteimprove.net *.wufoo.com tva.us2.list-manage.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com my2.siteimprove.com code.jquery.com *.cdn.telerik.com https://az416426.vo.msecnd.net polyfill.io static.ctctcdn.com/js/ https://*.brightcove.net https://*.brightcove.com https://vjs.zencdn.net blob: https://cdn.jsdelivr.net https://unpkg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com static.ctctcdn.com https://unpkg.com https://cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com data:; img-src 'self' https://tvawcm.com *.tva.com *.tva.gov *.gstatic.com *.googleapis.com *.google-analytics.com https://play.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com tva-azr-eastus-cdn-ep-tvawcm-acc.azureedge.net tva-azr-eastus-cdn-ep-tvawcm-prd.azureedge.net www.googletagmanager.com static.ctctcdn.com https://*.brightcove.com https://*.brightcove.net; media-src 'self' data: blob: *.tva.gov *.tva.com tva-azr-eastus-cdn-ep-tvawcm-acc.azureedge.net tva-azr-eastus-cdn-ep-tvawcm-prd.azureedge.net https://*.brightcove.com/; form-action *.tva.gov *.tva.com tva.us2.list-manage.com tvawcm.com https://export.highcharts.com; frame-src tvawcm.com *.tva.com *.tva.gov platform.twitter.com tvaforms.wufoo.com tva.us2.list-manage.com *.wufoo.com *.youtube.com *.brightcove.net *.brightcove.com *.issuu.com tva.mediaplatform.com www.google.com tva.maps.arcgis.com https://*.siteimprove.com congeo.maps.arcgis.com www.youtube-nocookie.com maps.google.com cdn.knightlab.com; connect-src 'self' https://tvawcm.com *.tva.com *.tva.gov https://dc.services.visualstudio.com *.siteimprove.com *.microsoftonline.com *.msftauth.net https://www.google-analytics.com listgrowth.ctctcdn.com https://*.brightcove.com https://*.brightcove.net; 2
frame-ancestors *.firstclasswatches.co.uk *.firstclasswatches.com 2
frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 2
frame-ancestors 'self'; font-src 'self' data:; 2
default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.retrip.jp retrip.jp *.gstatic.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.googlesyndication.com *.cloudflare.com *.doubleclick.net *.caprofitx.com *.googleadservices.com *.popin.cc *.treasuredata.com *.amoad.com *.criteo.com *.i-mobile.co.jp *.impact-ad.jp *.yimg.jp *.gmossp-sp.jp *.oct-pass.net *.nend.net *.mtburn.com *.ad-stir.com *.triver.jp *.criteo.net *.adtdp.com *.ca-conv.jp *.rakuten.co.jp *.adjust-net.jp *.gunosy.com *.softbank.jp *.yahoo.co.jp *.openx.net *.socdm.com *.uliza.jp *.genieesspv.jp *.advg.jp *.microad.jp *.rubiconproject.com *.mbww.com *.ampproject.org *.advertising.com *.adroll.com *.mathtag.com *.ladsp.com *.2mdn.net *.gssprt.jp *.zimg.jp *.logly.co.jp *.tapone.jp *.proparm.jp asset: *.appspot.com *.adingo.jp *.zucks.net *.fluct.me *.skyscanner.net *.goldspotmedia.com a248.e.akamai.net *.speee-ad.jp *.adplan-enquete.com *.google.co.jp *.docomo.ne.jp *.cinarra.com *.flashtalking.com *.apvdr.com *.x-lift.jp *.adsafeprotected.com *.ads-twitter.com *.amazon-adsystem.com bs.serving-sys.com *.bs.serving-sys.com *.akamaized.net *.adnxs.com span-smt.jp *.span-smt.jp *.onesdata.com *.report-uri.com *.surveymonkey.com *.form.run sdk.form.run *.typeform.com *.formzu.net tayori.com *.instagram.com/ *.ad-v.jp *.cci.co.jp *.openxmarket.jp *.servedby-openxmarket.jp *.adtechjp.com *.pubmatic.com *.teads.tv *.ad-generation.jp *.zucks.net.zimg.jp *.fluct.jp *.href.asia *.yieldmanager.com *.seesaa.net *.kau.li *.shinobi.jp *.yahoo.com *.adlantis.jp *.gsspcln.jp *.ampproject.net *.cmertv.com flux-cdn.com *.ssl-images-amazon.com *.bidswitch.net cdn.jsdelivr.net trippiece-d.openx.net rtbcdn.doubleverify.com z.moatads.com sin3-ib.adnxs.com cdn.adnxs.com impact-ad.jp webdemo.dac.co.jp cmertv.com tsukiji.iponweb.net ad-generation.jp as.amanad.adtdp.com pubmatic.com aja.vision adingo.jp appnexus.com openx.com rubiconproject.com publishers.logicad.jp microad.co.jp genieesspv.jp adtech.com ads.pubmatic.com 3ppa.jp.cinarra.com; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; report-uri https://trippiece.report-uri.io/r/default/csp/enforce; 2
default-src 'self'; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com bam.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  *.prod.acquia-sites.com *.appliedmaterials.com:* data:; frame-src 'self' www.google.com www.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net data:; connect-src 'self' www.google-analytics.com bam.nr-data.net stats.g.doubleclick.net; report-uri /admin/config/system/seckit/csp-report 2
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; connect-src 'self' https:; font-src 'self' 'unsafe-inline' https: data:; media-src 'self' 'unsafe-inline' https:; report-uri https://rokt.report-uri.io/r/default/csp/enforce; child-src *; form-action 'self' 'unsafe-inline' https:; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; base-uri *; upgrade-insecure-requests 2
frame-ancestors 'self' *.randstadservices.com 2
connect-src 'self' *.saba.com *; 2
frame-ancestors *.firsthorizon.com 2
frame-ancestors 'self' https://www.endesaclientes.com 2
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 2
default-src * data: http: https: wss: 'self' 'unsafe-inline'; font-src  'self'; child-src  'self'; connect-src  'self'; frame-src https://www.instagram.com/ https://goto.fontys.nl/ https://*.snapchat.com/ https://*.hotjar.com/ https://*.pushbird.com/ https://*.facebook.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ 'self'; frame-ancestors  'self'; img-src * data: mediastream: blob: filesystem: 'self' data:; media-src  'self'; object-src  'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src  'self' 'unsafe-inline';  worker-src  'self' blob: 2
frame-ancestors 'self' *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com 888casino.com 888poker.com 888casino.dk 888poker.dk 888casino.ro 888poker.ro 888casino.se 888poker.se 888casino.es 888poker.es 888casino.it 888poker.it 888casino.us 888poker.us cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 2
'frame-ancestors' http://localhost:8100 https//*.tn.gov 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://connect.facebook.net https://d2oh4tlt9mrke9.cloudfront.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://p.typekit.net https://service.maxymiser.net https://ssl.google-analytics.com https://tagmanager.google.com https://translate.google.com https://translate.googleapis.com https://ws.sessioncam.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com;object-src https://*.avalonbay.com https://*.avaloncommunities.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://tagmanager.google.com https://translate.googleapis.com https://use.typekit.net;img-src 'self' data: *.avaloncommunities.com *.avalonbay.com *.azureedge.net https://www.facebook.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://translate.googleapis.com https://translate.google.com https://via.placeholder.com https://ws.sessioncam.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com;media-src 'none';frame-src 'self' *.avaloncommunities.com *.avalonbay.com https://*.doubleclick.net https://*.merchante-solutions.com https://service.maxymiser.net https://www.youtube.com;font-src data: *.avaloncommunities.com https://fonts.gstatic.com https://use.typekit.net;connect-src https://*.avalonbay.com https://*.avaloncommunities.com https://*.merchante-solutions.com https://stats.g.doubleclick.net https://translate.googleapis.com https://ws.sessioncam.com https://www.google-analytics.com;base-uri 'self';child-src 'self' https://*.avalonbay.com;form-action 'self';frame-ancestors 'none';plugin-types application/pdf;report-uri https://api.avalonbay.com/report/csp 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src https: blob:; report-uri https://wunderio.report-uri.com/r/d/csp/enforce 2
frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.quironsalud-hospitals.com https://www.quironsalud-hospitals.com http://www.rare-genomics.com https://www.rare-genomics.com http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.ruberinternacional.es https://www.ruberinternacional.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 2
default-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu; child-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu; worker-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu; frame-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu; img-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu; script-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu; connect-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.be *.google.se *.google.ch *.google.de *.google.se *.google.nl *.google.co.uk *.google.es *.google.pt *.google.it *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li smartboxprod.112.2o7.net *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es *.lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net s3.eu-west-1.amazonaws.com mpi-v2-simulation.test.v-psp.com *.trusted.com secure7.arcot.com leetchi.com webpayment.payline.com *.cloudfunctions.net *.freshrelevance.com s3.amazonaws.com *.contentsquare.net static-eu.payments-amazon.com *.fbapphouse.com static-eu.payments-amazon.com mws-eu.amazonservices.com api.sandbox.amazon.de api.amazon.de payments-de.amazon.com payments.amazon.it images-na.ssl-images-amazon.com m.media-amazon.com payments-eu.amazon.com payments.amazon.es payments.amazon.fr payments.amazon.it payments.amazon.co.uk payments.amazon.com payments.amazon.de cdn.aimtell.com log.aimtell.com am.freshrelevance.com api.stripe.com js.stripe.com q.stripe.com analytics.aimtell.com beacon.aimtell.com api.aimtell.com c7.dycdn.net *.lepotcommuntest.fr lepotcommun.fr cx.atdmt.com snap.licdn.com cdn.aimtell.io t.contentsquare.net sts.comp.eu blob: sts.ccmp.eu ws: wss:; 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 2
frame-ancestors 'self' *.easymarkets.com 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss:; upgrade-insecure-requests 2
default-src 'self' https://www.mpsv.cz https://data.mpsv.cz https://www.google-analytics.com https://mapserver.mapy.cz https://api.mapy.cz https://pomoc.mluvii.com wss://pomoc.mluvii.com; img-src 'self' data: https://*.gstatic.com https://www.google-analytics.com https://api.mapy.cz https://mapserver.mapy.cz; frame-src 'self' formapps: https://www.google.com https://www.youtube.com https://mpsvczmimoriadna.predu.sk/ https://bottestmluvii.predu.sk/ https://pomoc.mluvii.com; child-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.gstatic.com https://api.mapy.cz https://www.google-analytics.com https://mpsvczmimoriadna.predu.sk https://bottestmluvii.predu.sk https://pomoc.mluvii.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://api.mapy.cz https://pomoc.mluvii.com; font-src 'self' data:  https://api.mapy.cz 2
default-src 'self'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self'; img-src 'self' data:; object-src 'self'; frame-ancestors 'none'; connect-src 'self' https://api.transferwise.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' i.ytimg.com *.jbnu.ac.kr www.googletagmanager.com *.googleapis.com wcs.naver.net dapi.kakao.com *.daum.net *.daumcdn.net *.kakao.com *.youtube.com; 2
sandbox allow-forms allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation-by-user-activation 2
frame-ancestors 'self', frame-ancestors 'self' 2
frame-ancestors https://*.gap.im 2
default-src 'self'; font-src * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src https://*.youtube.com/ https://*.oxy.com  https://*.youtube-nocookie.com http://*.corporate-ir.net https://occidentalpetroleum.gcs-web.com 2
frame-ancestors 'self' *.samash.com *.ecofabric.com 2
frame-ancestors 'self' https://requests.routesonline.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.google-analytics.com ajax.cloudflare.com platform.twitter.com cdn.syndication.twimg.com buttons.github.io mod.io *.mod.io modcdn.io *.modcdn.io; frame-ancestors 'self' https://mod.io https://*.mod.io 2
default-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au; script-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com connect.facebook.net *.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au public.tableau.com; style-src 'self' 'unsafe-inline' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.googleapis.com tagmanager.google.com ui.chatbot.digital.vic.gov.au fast.fonts.net; img-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jpwww.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com; font-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com; frame-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com www.vic.gov.au *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com *.vic.gov.au macuport.com dhhs.carto.com public.tableau.com; connect-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp.vic.gov.au *.hotjar.io *.google-analytics.com *.g.doubleclick.net api.ipify.org *.myvictoria.vic.gov.au *.api.mapbox.com discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com; frame-ancestors 'self' *.lagoon.vicsdp.amazee.io *.vic.gov.au; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; 2
frame-ancestors *.wetv.vip wetv.vip cms.pptvthailand.com *.pptvhd36.com 2
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 2
base-uri https://www.lumni.fr; frame-ancestors https://www.lumni.fr 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 2
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; 2
frame-ancestors 'self' https://*.shareworks.com https://*.solium.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; object-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com blob: *.snapengage.com; font-src 'self' *.googleapis.com *.gstatic.com data:; connect-src 'self' *; report-uri /report-csp-violation 2
default-src 'self';               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://f1-eu.readspeaker.com  http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com;              style-src 'self' 'unsafe-inline' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com;              img-src 'self' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://cdn.simplecast.com data: blob: *.eloqua.com *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae;              font-src 'self' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com *.mktoresp.com https://api.simplecast.com https://cdn.simplecast.com;              media-src 'self' data: blob: *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae https://cdn.simplecast.com;               child-src 'self' *.smartdubai.ae https://smartdubai.ae https://www.smartdubai.ae http://www.smartdubai.ae http://smartdubai.ae https://platform.twitter.com/ https://syndication.twitter.com/ https://rashid.ae/ https://happinessmeter.dubai.gov.ae/ https://happinessmeterqa.dubai.gov.ae/ https://www.youtube.com/ https://player.vimeo.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com https://player.simplecast.com https://cdn.simplecast.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' localhost:* *.tason.com 2
frame-ancestors 'self' helioshi.medixmob.com medix-portal.com 2
frame-ancestors 'self' https://portalzp.praha.eu http://portalzp.praha.eu; 2
frame-ancestors 'self' https://solar.justpark.com https://business.justpark.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.glueup.com *.capterra-static.com *.googletagmanager.com *.tawk.to wss://*.tawk.to connect.facebook.net *.google-analytics.com *.hs-analytics.net nimbleswan.io cdn.jsdelivr.net tawk.link *.hs-scripts.com *.hubspot.com fonts.googleapis.com fonts.gstatic.com *.hs-banner.com www.facebook.com *.hscollectedforms.net forms.hsforms.com *.licdn.com *.linkedin.com https://p.adsymptotic.com *.youtube.com *.nimbleswan.io *.googleoptimize.com *.glueup.ru *.glueup.cn *.glueup.com *.bilibili.com *.capterra.com; report-uri https://www.eventbank.cn/_/reports/csp-endpoint/enforce; 2
form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 2
default-src 'none'; connect-src 'self' https://lookup.binlist.net https://o73885.ingest.sentry.io/api/5305032/store/ https://*.fastmailusercontent.com; img-src * data: blob: https://*.fastmailusercontent.com; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://api.pin.net.au https://api.stripe.com 'sha256-O4zpRyC3TuIOZvJWZ+T83EA3/31I3MHSu/H7dvAsM5s='; frame-src https://*.fastmailusercontent.com; child-src 'self' https://*.fastmailusercontent.com; worker-src 'self'; object-src 'self'; frame-ancestors 'none'; 2
frame-ancestors https://community.personio.de https://www.personio.de https://personio.elearnio.com/ 2
img-src * data: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net/ https://*.webvisor.com/ https://*.yandex.ru/  https://*.yandex.com/ https://*.tile.openstreetmap.org/ https://*.adroll.com/  https://*.gartner.com/ https://*.consensu.org/  https://*.google.com/ https://google.com/  https://www.youtube.com/ https://www.gstatic.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googleapis.com/  https://www.htbridge.com/ https://portal.htbridge.com/ https://portal.immuniweb.com/ https://www.google-analytics.com/ https://certify-js.alexametrics.com/ https://certify.alexametrics.com/ https://stats.g.doubleclick.net/ https://snap.licdn.com/ https://*.facebook.com/ https://*.linkedin.com/ https://secure.adnxs.com/ https://*.sharethis.com/ https://*.addthis.com/ https://*.addthisedge.com/; block-all-mixed-content; report-uri https://www.immuniweb.com/csp/ 2
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com; 2
default-src 'self' https://admin.df.eu/ https://analytics.aklamio.com https://*.ampproject.org https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.omnitagjs.com https://*.adnxs.com https://*.aklamio.com https://*.doubleclick.net https://java.com https://optimizely.s3.amazonaws.com https://tags.tiqcdn.com https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://*.atdmt.com https://*.zemanta.com https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' *.charlemagneinstitute.org *.chroniclesmagazine.org *.intellectualtakeout.org; frame-ancestors 'self' *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://charlemagne-vid.azureedge.net; img-src 'self' blob: data: * 2
base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; default-src 'none'; font-src * data:; form-action 'self'; img-src * data: blob: 'unsafe-inline'; manifest-src 'none'; navigate-to *; object-src 'self'; prefetch-src *; script-src-attr 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'none'; media-src 'none' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 2
default-src * 'unsafe-eval' 'unsafe-inline' data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.youtube.com/iframe_api https://s.ytimg.com/ https://sa.mygov.scot/; img-src 'self' https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://translate.google.com https://translate.googleapis.com https://*.ytimg.com/ https://sa.mygov.scot/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://tagmanager.google.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src https://www.google.com/recaptcha/ https://www.youtube-nocookie.com/ https://www.googletagmanager.com; object-src 'self'; report-uri /service/csp 2
default-src 'self' https://yukon.ca ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.gov.yk.ca https://ajax.googleapis.com https://yukon.ca ; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://yukon.ca ; img-src 'self' https://yukon.ca data: https://analytics.gov.yk.ca https://*.tile.openstreetmap.org ; font-src 'self' https://yukon.ca https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.youtube.com https://www.instagram.com https://instagram.com ; 2
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' ;img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 2
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2
default-src https: wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 2
frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://wordpress-54524-1231354.cloudwaysapps.com; 2
default-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; frame-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com youtube.com *.youtube.com; font-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; img-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google-analytics.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; connect-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google.com; report-uri https://sentry.io/api/1438092/security/?sentry_key=c4f9287549384b1ebab3ca38ac17a0d3 2
upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
frame-ancestors 'self' temenos.seismic.com 2
frame-ancestors https://*.zsxq.com 2
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.ensighten.com gateway.zscalertwo.net tagmanager.google.com staticcontents.investisdigital.com ipapi.connectid.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.rawgit.com *.tools.investis.com *.nexus.ensighten.com nexus.ensighten.com tagmanager.google.com gateway.zscalertwo.net staticcontents.investisdigital.com ipapi.connectid.cloud; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.hs.llnwd.net; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com gateway.zscalertwo.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.ensighten.com *.google-analytics.com *.api.brightcove.com *.tools.investis.com *.doubleclick.net ipapi.connectid.cloud; report-uri /report-csp-violation 2
default-src 'self' http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob: blob:* data: http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io; script-src 'self' 'unsafe-inline' http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob: blob:* data: http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io 'unsafe-eval'; connect-src http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob: blob:* data: http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io https://www.theforage.com wss://www.theforage.com 'self'; img-src data: 'self' http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob: blob:* http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io; style-src 'self' 'unsafe-inline' http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob: blob:* data: http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io; font-src 'self' data: http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob: blob:* http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io; media-src blob: 'self' http://*.insidesherpa.com http://*.theforage.com http://traverssmith.qumucloud.com http://sentry.io http://zoom.us http://*.fontawesome.com http://fontawesome.com http://*.rawgit.com http://rawgit.com http://*.google.com http://*.googleapis.com http://*.vimeocdn.com http://*.vimeo.com http://*.gstatic.com http://*.auth0.com http://*.aliyuncs.com http://*.alicdn.com http://*.amazonaws.com http://*.licdn.com http://*.linkedin.com http://*.adsymptotic.com http://*.meteor.com http://meteor.com http://*.live.com http://*.office.com http://*.kpmg.com http://kpmg.com http://*.akamaihd.net http://docs.google.com http://*.litix.io http://*.wistia.com http://*.wistia.net http://*.repl.it http://repl.it http://*.sydneyromantics.com http://wistia.com http://fonts.googleapis.com http://fonts.gstatic.com http://manychat.com http://*.botengine.ai http://*.chatbot.com http://chatbot.com http://*.reddit.com http://botengine.ai http://*.drift.com http://*.unsplash.com http://*.webflow.com http://*.driftt.com http://heapanalytics.com http://*.heapanalytics.com http://*.manychat.com http://fullstory.com http://*.fullstory.com http://*.trello.com http://minterellison.com http://*.minterellison.com http://bugsnag.com http://*.bugsnag.com http://*.stripe.com http://*.typekit.net http://facebook.com http://*.facebook.com http://*.facebook.net http://t.co http://*.tiktok.com http://*.ads-twitter.com http://*.twitter.com http://*.ibytedtos.com http://*.iconfinder.com http://*.youtube.com http://*.palantir.com http://*.bloomberg.com http://bloomberg.com http://*.imgur.com http://imgur.com http://*.checkout.com http://h2.vc http://*.addthis.com http://*.addthisedge.com http://*.wpengine.com http://goodments.com http://*.viostream.com blob:* data: http://*.soundcloud.com http://*.zdassets.com wss://*.zopim.com http://insidesherpa.zendesk.com http://images.chamaileon.io; 2
frame-ancestors 'self' https://adv-a6915c7bc.dispatcher.hana.ondemand.com https://adv22-a22528b4f.dispatcher.hana.ondemand.com https://adv-a3457bf4a.dispatcher.hana.ondemand.com 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src http: bott-tc.nautilus bott-fs.nautilus https: bott-tc.nautilus bott-fs.nautilus data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
frame-ancestors 'self' *.cinradio.org:* *.wvxu.org:* *.wguc.org:*; 2
frame-ancestors 'self' my.bethelcollege.edu my.betheluniversity.edu; 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com ; 2
default-src 'none';connect-src 'self' https://*.salemove.com wss://pubsub.salemove.com wss://kluster.salemove.com https://*.twilio.com wss://chunderw-vpc-gll.twilio.com https://www.bellco.org https://js.callrail.com https://n2.mouseflow.com https://s.yimg.com wss://mpsnare.iesnare.com wss://ci-mpsnare.iovation.com https://*.google.com https://stats.g.doubleclick.net https://files.bethpagefcu.com https://api.datatrac.net https://*/api/fraudforce/FraudForce/Post https://siteintercept.qualtrics.com https://*.nanorep.co https://*.nanorep.com https://performance.typekit.net https://bat.bing.com https://secure-ds.serving-sys.com https://www.google-analytics.com https://*.jotform.com https://app.textrecruit.com https://app1.textrecruit.com;font-src 'self' data: https://*.gstatic.com https://use.typekit.net https://insight.adsrvr.org https://*.fontawesome.com https://apps.pcdgroup.com https://*.cloudflare.com https://*.formstack.com;frame-src 'self' https://*.doubleclick.net https://pixel-a.basis.net https://www.youtube.com https://pixel.sitescout.com https://*.locatorsearch.com https://pixel.mathtag.com https://insight.adsrvr.org https://*.cloudfront.net https://*.google.com https://www2.iraservicecenter.com https://*.bethpagefcu.com https://*.secumd.org https://www.agentinsure.com https://fliphtml5.com https://vizi.vizirecruiter.com https://secumd.satmetrix.com https://www.youtube-nocookie.com https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://a.pgtb.me https://*.formstack.com https://*.jotform.io https://*.jotform.us https://*.jotform.com;frame-ancestors 'self';img-src 'self' data: https://*.google.com https://bat.bing.com https://bs.serving-sys.com https://pixel-a.basis.net https://p.typekit.net https://*.siteimproveanalytics.io https://detectca.easysol.net https://www.facebook.com https://pixel.sitescout.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://ssiteid.t.eloqua.com https://*.salemove.com https://images.locatorsearch.com https://www.pages03.net https://pixel.mathtag.com https://track.hubspot.com https://insight.adsrvr.org https://cs.choozle.com https://idsync.rlcdn.com https://s3.amazonaws.com/provelo.bold360demo.com/ https://images.printable.com https://mpp.specificclick.net https://cx.atdmt.com https://dpm.demdex.net https://pixel.rubiconproject.com https://pixel.advertising.com https://tags.bluekai.com https://pixel.tapad.com https://idpix.media6degrees.com https://aa.agkn.com https://dsum-sec.casalemedia.com https://loadm.exelator.com https://odr.mookie1.com https://cache.vindicosuite.com https://uipglob.semasio.net https://eb2.3lift.com https://e.nexac.com https://dmp.truoptik.com https://mid.rkdms.com https://ml314.com https://cw.addthis.com https://cache.vindicosuite.com https://www.glassdoor.com https://*.oflows.net https://www.navyfederal.org https://match.adsrvr.org https://online.citi.com https://www2.bac-assets.com https://ib.adnxs.com http://img.en25.com/EloquaImages/clients/BellcoCreditUnion/ https://*.facebook.net https://*.simpli.fi https://*.jotfor.ms https://*.jotform.com https://*.formstack.com https://ups.analytics.yahoo.com https://simplifi.partners.tremorhub.com https://sync.intentiq.com https://image2.pubmatic.com https://ads.stickyadstv.com https://fei.pro-market.net https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://ce.lijit.com https://load77.exelator.com https://sync.search.spotxchange.com https://bh.contextweb.com https://us-u.openx.net https://pippio.com https://sync1.intentiq.com https://in.xspadvertising.com https://usermatch.krxd.net https://beacon.krxd.net https://su.addthis.com https://d.agkn.com https://match.sharethrough.com https://simage2.pubmatic.com https://io.narrative.io https://i.liadm.com https://x.bidswitch.net https://s.thebrighttag.com https://t.mookie1.com https://login.dotomi.com https://*.googleusercontent.com https://*.gstatic.com https://app.textrecruit.com https://app1.textrecruit.com https://jelly.mdhv.io;media-src 'self' data: https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com https://libs.salemove.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.callrail.com https://*.salemove.com https://bat.bing.com https://cdn.mouseflow.com https://*.facebook.net https://detectca.easysol.net https://googleads.g.doubleclick.net https://s.btstatic.com/tag.js https://s.yimg.com/wi/ytc.js https://siteimproveanalytics.com https://www.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com/iframe_api https://*.bethpagefcu.com https://mpsnare.iesnare.com https://use.typekit.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://script.crazyegg.com https://sp.analytics.yahoo.com https://code.getmdl.io/1.3.0/material.min.js https://www.googleadservices.com https://img.en25.com/i/elqCfg.min.js https://s.thebrighttag.com https://s.ytimg.com https://ci-mpsnare.iovation.com https://js.callrail.com https://js.locatorsearch.com https://*.cloudflare.com https://*.cloudfront.net https://www.sc.pages03.net https://*.siteintercept.qualtrics.com https://pixel.mathtag.com https://browser.sentry-cdn.com https://*.nanorep.co https://*.nanorep.com https://*.gstatic.com https://s3.amazonaws.com/data.vizirecruiter.com/ https://*.fontawesome.com https://*.cudlautosmart.com https://nexus.ensighten.com https://ssl.geoplugin.net https://secure.checkout.visa.com http://*.serving-sys.com https://*.serving-sys.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.simpli.fi https://bethpagefederalcreditunion.formstack.com https://*.jotform.com https://*.jotform.us https://*.jotformpro.com https://*.jotfor.ms https://*.jotform.io https://*.formstack.com https://sandbox.secure.checkout.visa.com https://knowledgetags.yextpages.net https://app.textrecruit.com https://app1.textrecruit.com https://action.dstillery.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.salemove.com https://code.getmdl.io/1.3.0/ https://cloud.typography.com https://*.fontawesome.com https://*.cloudflare.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.jotfor.ms https://*.formstack.com https://*.google.com; 2
frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2
frame-ancestors https://www.enelx.com https://d3eepfzwqopgtx.cloudfront.net https://d13hhoqz1xnrhs.cloudfront.net 2
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-ancestors 'self' forums.gunsandammo.com; 2
default-src 'self'; media-src https://*.amazonaws.com/live.iap.static/; img-src *; script-src 'self' https://www.dynamicyield.com/ https://www.google-analytics.com/ 'sha256-kfxO7WVMRNMq7PDT0hFqH4U0oMzftgNJuHQz/57HMN0=' https://www.googletagmanager.com/ https://consent-notice.magix.com/; style-src 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com/ https://checkout.producerplanet.com/ 2
frame-ancestors 'self' *.nosfair.com https://toolbox.gls.de 2
object-src 'self'; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 2
default-src*; font-src*;img-src* data:; script-src*; style-src*; 2
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.gstatic.com https://oppwa.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net; 2
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 2
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 2
default-src 	'self' 	arriva.acquiadam.com 	twimg0-a.akamaihd.net 	*.arrivabus.co.uk 	*.betrad.com 	*.bing.com 	origin-analytics.braintree-api.com 	api.braintreegateway.com 	scontent-sjc3-1.cdninstagram.com 	d2c87l0yth4zbw.cloudfront.net 	pinimg.com 	polldaddy.com 	mixcoud.com 	https://soundcloud.com/player/ 	spapps.cosp 	play.spotify.edgekey.net 	facebook.com 	*.facebook.com 	facebook.co.uk 	*.ak.facebook.com 	star.c10r.facebook.com 	vupload2.t.facebook.com 	*.google.com 	youtube.l.google.com 	ytimg.l.google.com 	www.google-analytics.com 	googlesyndication.com 	www.googletagmanager.com 	googlevideo.com 	api.instagram.com 	instagram.com 	https://crowdfunding.justgiving.com/justgiving.com/ 	akamaiedge.net 	cloudfront.net 	fbcdn.netfbsbx.com 	www.paypal.com 	s-media-cache-ak0.pinimg.com 	s-passets-cache-ak0.pinimg.com 	pinterest.com 	www.slideshare.net 	soundcloud.com 	*.spotify.com 	apps.spotify.edgekey.net 	t.co 	*.tiqcdn.com 	twimg.com 	*.twitter.com 	twitter.com 	vimeo.com 	vimeocdn.com 	youtube.com 	*.youtube.com 	www.youtube-nocookie.com 	ytimg.com 	ekr.zdassets.com 	static.zdassets.com 	arrivabus.zendesk.com 	wss://*.zendesk.com 	wss://*.zopim.com 	'unsafe-inline' 	'unsafe-eval';        script-src 	'self' 	*.teads.tv 	apis.google.com 	assets.zendesk.com 	code.jquery.com 	*.facebook.net 	maps.googleapis.com 	p.teads.tv 	pay.google.com 	s.yimg.com 	static.zdassets.com 	tags.tiqcdn.com 	visitor-service-eu-central-1.tealiumiq.com 	widget-mediator.zopim.com 	www.google-analytics.com 	www.googletagmanager.com 	www.paypal.com 	www.paypalobjects.com 	sp.analytics.yahoo.com 	'unsafe-inline' 	'unsafe-eval';    connect-src 	'self' 	*.arrivabus.co.uk 	analytics.google.com 	api.braintreegateway.com 	arrivabus.zendesk.com 	client-analytics.braintreegateway.com 	collect.tealiumiq.com 	ekr.zdassets.com 	widget-mediator.zopim.com 	my.tealiumiq.com 	origin-analytics.braintree-api.com 	payments.braintree-api.com 	wss://widget-mediator.zopim.com 	www.google-analytics.com 	www.paypal.com 	s.yimg.com 	'unsafe-inline';      img-src 	'self' 	arrivabus.prod.acquia-sites.com 	collect.tealiumiq.com 	content.api.arrivabus.co.uk 	linkmaker.itunes.apple.com 	maps.googleapis.com 	maps.gstatic.com 	*.google.com 	s.yimg.com 	t.paypal.com 	www.facebook.com 	www.google.ie 	www.google-analytics.com 	www.googletagmanager.com 	www.gstatic.com 	*.teads.tv 	data: 	blob: 	'unsafe-inline';     media-src 	static.zdassets.com;      font-src 	'self' 	app-nc.global.ssl.fastly.net 	*.fls.doubleclick.net 	*.google.com 	arrivabus.cloudflareaccess.com 	assets.braintreegateway.com 	assets.zendesk.com 	fonts.googleapis.com 	fonts.gstatic.com;   frame-src  assets.braintreegateway.com  www.paypal.com 	pay.google.com 	9458815.fls.doubleclick.net 	www.youtube.com 	'self';     style-src 	*.arrivabus.co.uk 	assets.braintreegateway.com fonts.googleapis.com 	www.paypal.com 	vimeo.com 	www.youtube.com 	'unsafe-inline'; 2
connect-src 'self' https://api.github.com https://api.mypurecloud.ie https://googleads4.g.doubleclick.net wss://carrier-pigeon.mypurecloud.ie https://privacyportal.cookiepro.com https://app.altocloud.com https://*.pingdom.net https://*.twitter.com https://stats.g.doubleclick.net https://*.cludo.com https://*.bankofireland.com https://*.bsw-dev.net https://siteintercept.qualtrics.com https://www.google-analytics.com https://gmspri.boi.com https://gkcpri.boi.com https://gkcsec.boi.com https://analytics.google.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com 2
upgrade-insecure-requests ; default-src * 'unsafe-inline' 'unsafe-eval' data: 2
img-src https://*; 2
frame-ancestors http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com 'self'; 2
frame-src https://*.kelloggsfamilyrewards.com/ https://cdns.us1.gigya.com/ https://sr.rlcdn.com/ https://www.google.com/ https://kellogg.demdex.net/ https://*.pricespider.com/ https://*.bazaarvoice.com/ https://s7.addthis.com/ https://us-d.wayin.com/  https://services.kelloggs.com; object-src https://*.kelloggsfamilyrewards.com/ https://cdns.us1.gigya.com/ https://sr.rlcdn.com/ https://www.google.com/ https://*.pricespider.com/ https://*.bazaarvoice.com/ https://s7.addthis.com/; 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com; frame-src https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com; 2
frame-ancestors 'self' https://online.superoffice.com https://online2.superoffice.com https://zamnesiasp.inone.useinsider.com https://www.zamn.eu 2
frame-ancestors 'self' api.sheetmusicdirect.com 2
default-src 'self'; connect-src 'self'; font-src 'self' data:; img-src 'self' csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'unsafe-inline' 'self'; 2
default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com 2
frame-ancestors https://*.trend.at http://*.trend.at; upgrade-insecure-requests; block-all-mixed-content 2
default-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com www.ounass.ae ar.ounass.ae en-saudi.ounass.com saudi.ounass.com oman.ounass.com ar-oman.ounass.com kuwait.ounass.com ar-kuwait.ounass.com bahrain.ounass.com ar-bahrain.ounass.com www.ounass.qa ar.ounass.qa; frame-src 'self' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com; font-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com; img-src * 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com; style-src 'self' 'unsafe-inline' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com 2
default-src 'self' https://pf-marketing.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 2
default-src https:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 2
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 2
default-src 'none'; connect-src *.ap-southeast-2.amazonaws.com *.mynrma.com.au *.mynrma.com.au:* *.thrifty.com.au *.thrifty.com.au:* *.nr-data.net *.newrelic.com *.google.com *.gstatic.com *.everydaygiftcards.com.au *.feefo.com *.googleapis.com *.google-analytics.com *.crazyegg.com; font-src https://fonts.gstatic.com https://fonts.googleapis.com *.stackla.com *.rokt.com 'self' data: ; img-src blob: data: https: *.google-analytics.com *.mynrma.com.au; script-src *.mynrma.com.au *.thrifty.com.au *.newrelic.com *.googletagmanager.com  *.google.com *.google.com.au *.gstatic.com *.google-analytics.com *.googleapis.com *.nr-data.net *.facebook.net *.plavxml.com *.doubleclick.net *.stackla.com  *.rokt.com *.quantcount.com *.crazyegg.com *.zencdn.net https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://js-agent.newrelic.com/nr-spa-1118.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/vJuUWXolyYJx1oqUVmpPuryQ/recaptcha__en.js https://www.googleadservices.com/pagead/conversion_async.js https://connect.facebook.net/en_US/fbevents.js https://bat.bing.com/bat.js https://vxml4.plavxml.com/sited/ref/ctrk/139 https://everydaygiftcards.com.au/media/javascript/member/members_v1.js https://polyfill.io/v3/polyfill.min.js https://giftcards.woolworths.com.au/medias/members-v1.js https://script.crazyegg.com/pages/scripts/0013/7505.js https://secure.quantserve.com/quant.js https://snap.licdn.com/li.lms-analytics/insight.min.js 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline' 'self';frame-src *.mynrma.com.au *.thrifty.com.au *.doubleclick.net  *.rokt.com https://www.google.com https://4315425.fls.doubleclick.net https://www.apollocamper.com/ https://www.facebook.com/ https://www.racq.com.au/ https://widget.stackla.com/ https://www.youtube.com/ https://www.google.com.au/ https://www.roadtripforgood.org.au/ https://old.apollocamper.com/ https://evexperience.evenergi.com/ https://www.mynrma.com.au https://www.thrifty.com.au http://www.mynrma.com.au http://www.thrifty.com.au https://www.nrmasaferdriving.com.au *.stackla.com *.nsw.gov.au *.virginaustralia.com 'self'; frame-ancestors 'self';base-uri 'self'; form-action *.mynrma.com.au *.mynrma.com.au:* *.thrifty.com.au *.thrifty.com.au:* *.securepay.com.au  *.rokt.com https://giftcards.woolworths.com.au/memberRedirect https://www.facebook.com/ https://www.racq.com.au/ https://widget.stackla.com/ https://www.youtube.com/ https://www.google.com.au/ https://www.roadtripforgood.org.au/ https://old.apollocamper.com/ https://evexperience.evenergi.com/ https://www.mynrma.com.au https://www.thrifty.com.au http://www.mynrma.com.au http://www.thrifty.com.au https://www.nrmasaferdriving.com.au *.stackla.com *.paypal.com 'self'; 2
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://www.aparat.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com http://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://www.aparat.com; frame-ancestors 'self' https://trustseal.enamad.ir 2
frame-ancestors 'self' *.ancestrydata.com genlookups.com *.genlookups.com *.legacy.com 2
frame-ancestors https://*.lifecell.com.ua https://*.lifecell.ua 2
default-src 'self' https: data: blob:;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests; 2
frame-ancestors https://*.isracard.co.il https://*.americanexpress.co.il https://*.netapoz.com 2
default-src 'self' *.brilliantcollector.com  *.studio  *.hotjar.io  *.arena.im/  *.gstatic.com  in.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: edit.co.uk *.brilliantcollector.com  *.cookiebot.com *.allinleeds.com *.googleadservices.com giphy.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com stats.g.doubleclick.net googleadservices.com px.ads.linkedin.com static.ads-twiter.com facebook.com googleads.g.doubleclick.net t.co google.com googletagmanager.com hotjar.com *.hotjar.com snap.licdn.com *.twitter.com platform.twitter.com analytics.twitter.com connect.facebook.net apis.google.com; img-src * data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.allinleeds.com *.vimeo.com giphy.com latex.codecogs.com platform.twitter.com; font-src 'self' *.gstatic.com  data:; frame-src 'self' *.studio  https://public.flourish.studio  www.youtube.com *.vimeo.com *.cookiebot.com www.facebook.com *.facebook.com *.hotjar.com *.allinleeds.com giphy.com platform.twitter.com syndication.twitter.com; 2
frame-ancestors 'self' http://*.iframely.com 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
frame-ancestors 'self' *.adiglobaldistribution.us; 2
default-src https: blob: data: 'unsafe-inline' 2
frame-ancestors 'self' http://www.axe.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn www.zhidaoai.com 2
default-src'self 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 2
default-src https:; connect-src https:; font-src 'self' https: data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2
frame-ancestors 'self' http://*.olympus-ims.com http://*.olympus-lifescience.com *.olympus-ims.com *.olympus-lifescience.com www.olympusamerica.com *.aspiresoft.com *.ceros.com; 2
default-src * 'unsafe-inline' data: 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://stats.g.doubleclick.net https://*.iis.se https://*.readspeaker.com https://tagmanager.google.com https://www.googletagmanager.com https://*.bugsnag.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.amazonaws.com https://secure.gravatar.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://yoa.st https://html5-player.libsyn.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /en-us/report-csp-violation 2
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagservices.com https://ad.doubleclick.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net https://*.googleusercontent.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io https://static-cdn.jtvnw.net https://i.ytimg.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://cloud.webtype.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://*.wistia.com https://cloud.webtype.com https://static.hotjar.com https://fonts.gstatic.com; img-src 'self' https://pls.webtype.com https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data:; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net; 2
object-src 'none'; form-action 'self'; frame-ancestors 'none' 2
upgrade-insecure-requests; frame-ancestors 'none' 2
frame-ancestors 'self' http://www.iffas.org; 2
frame-ancestors 'self' http://*.cheltenham.ecctis.co.uk; 2
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 2
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-nyrabets.com https://test02-nyrabets.com https://*.gbe.global https://gbe.global; 2
base-uri 'self'; upgrade-insecure-requests 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://ssl.p.jwpcdn.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://cloud.webtype.com https://fonts.googleapis.com; connect-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com; font-src 'self' https://maps.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com data:; img-src 'self' https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://pls.webtype.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io data:; object-src 'self'; frame-src 'self'  https://information.huntonak.com https://cdn.yoshki.com https://www.youtube.com https://player.vimeo.com https://app.powerbi.com; 2
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com smrtsrc.com *.smrtsrc.com jahia-macpd-03.smartsource.local jahia-macpd-04.smartsource.local jahia-mactd-01.smartsource.local jahia-macdd-01.smartsource.local 2
frame-ancestors https://rajaview.id; 2
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; frame-ancestors 'self' skmmall.17life.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com http://youtube.com/iframe_api https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://player.vimeo.com/api/player.js https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://analytics.twitter.com/i/adsct https://tagmanager.google.com/debug https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://tagmanager.google.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js https://cdn1.readspeaker.com/script/9190/webReader/webReader.js https://cdn1.readspeaker.com/script/9190/webReader/ReadSpeaker.pub.Config.js https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Core.js https://cdn1.readspeaker.com/ *.lfeeder.com *.leadfeeder.com https://code.jquery.com/jquery-3.4.1.min.js https://www.googletagmanager.com/gtag/js https://twitter.com/ https://pi.pardot.com/pd.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles-Button.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles.css https://cdn1.readspeaker.com/script/9190/webReader/r/ https://cdn1.readspeaker.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://www.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/ https://maps.google.com/; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://www.digitale-exzellenz.de/feed/ https://www.digitale-exzellenz.de/category/branchen/ https://www.digitale-exzellenz.de/tag/ https://www.instagram.com/ https://www.instagram.com/soprasteria_fr/ https://www.instagram.com/instagram/ *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; 2
frame-ancestors 'self' https://content.amplience.net; 2
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' *; script-src-elem 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' * data:  ; frame-src 'self' *; connect-src 'self' *; img-src 'self' *; 2
script-src 'self' http://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widgetapi.js http://s.ytmig.com https://s.ytimg.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widget.js https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://www.gstatic.com/ https://www.google.com/recaptcha/api.js http://www.google.com/recaptcha/api.js https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com http://maps.googleapis.com https://ssl.google-analytics.com http://ssl.google-analytics.com https://connect.facebook.net http://tagmanager.google.com https://assets.adobedtm.com http://assets.adobedtm.com http://jscdn.appier.net http://track.adform.net https://track.adform.net http://track.omguk.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ 'unsafe-inline' 'unsafe-eval'; object-src 'self'; default-src 'self' https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ http://wogadobeanalytics.sc.omtrdc.net/ *.appier.net *.doubleclick.net www.youtube.com *.google.com *.google.com.sg; img-src 'self' data: https://wogadobeanalytics.sc.omtrdc.net/ http://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ *.google-analytics.com *.appier.net *.doubleclick.net ssl.socdm.com *.facebook.com *.google.com.sg *.google.com http://va.ecitizen.gov.sg https://va.ecitizen.gov.sg i.ytimg.com *.onemap.sg; connect-src 'self' http://va.ecitizen.gov.sg https://va.ecitizen.gov.sg developers.onemap.sg https://*.wogaa.sg http://*.wogaa.sg https://dpm.demdex.net/ http://dpm.demdex.net/ *.appier.net; style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg; font-src 'self' data: https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg *.amazonaws.com; 2
-Report-Only '/some-report-uri'; 2
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 2
script-src 'self' https://flat.io https://*.flat.io https://*.flat-cdn.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://*.youtube.com https://*.ytimg.com https://w.soundcloud.com https://player.vimeo.com https://*.stripe.com https://*.paypal.com https://*.algolianet.com https://*.algolia.net 'unsafe-inline' 'unsafe-eval' data: blob:;connect-src * wss://* data:;font-src 'self' https://*.flat-cdn.com https://fonts.gstatic.com;frame-src blob: *;base-uri https://flat.io https://*.flat.io;report-uri https://peoc.flat.io/api/25/csp-report/?sentry_version=5&sentry_key=24549ed8ab89447988b5ffba60385de7 2
default-src 'unsafe-inline' https:; img-src data: https: 2
frame-ancestors 'self' https://www.bharatpetroleum.com https://*.bpcl.in 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ http://*.amazon.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css http://*.amazon.com/ https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.amazon.com/ http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media;media-src 'none';frame-src 'self' https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://players.brightcove.net;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com;report-uri /WebResource.axd?cspReport=true 2
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 2
frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 2
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' 2
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
frame-ancestors 'self'; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' http://www.growingio.com https://www.growingio.com 2
frame-ancestors 'self' http://www.hellmanns.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.t-d.se; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://bodrumarchlib.blob.core.windows.net https://cdn.plyr.io/ https://www.youtube.com https://s.ytimg.com/ https://www.googletagmanager.com https://istatistik.kultur.gov.tr https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://apis.google.com/ http://www.geoplugin.net 2
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2
default-src 'self' data: 'unsafe-inline' *; 2
default-src 'none'; object-src 'self'; media-src blob: https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typeform.com https://play.pod.co https://cdnjs.cloudflare.com https://*.okadoc.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://*.createsend.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://browser-update.org https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://soundcloud.com/; connect-src 'self'  https://*.okadoc.com https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com/ https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://*.typeform.com https://*.doubleclick.ne https://play.pod.co https://*.okadoc.com https://*.onedoc.ch https://onedoc.ch https://vimeo.com/ https://*.vimeo.com/ https://*.brightcove.net/ https://mixlr.com/ https://*.mixlr.com/ https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch  https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://*.createsend.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com/ https://cdn.dotcy.com.cy https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.ch https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 2
default-src 'self'http://sdnats.com https://sdnats.com wss://sparnove.com wss://www.reasedoper.pw wss://www.nathetsof.com http://nathetsof.com https://nathetsof.com http://reasedoper.pw http://sparnove.com https://reasedoper.pw https://sparnove.com wss://gridiogrid.com http://gridiogrid.com https://gridiogrid.com https://ff-input.mxpnl.net http://reasedoper.pw https://reasedoper.pw https://ff-input.mxpnl.net https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src * data:;script-src http://sdnats.com https://sdnats.com http://nathetsof.com https://nathetsof.com http://gridiogrid.com https://gridiogrid.com http://rigaletto.info/ http://listat.org https://listat.org https://retukalone.pw/ https://static.reasedoper.pw http://static.reasedoper.pw http://html5shiv.googlecode.com http://prscripts.com/ http://*.smi2.net/ http://smi2.ru/ http://mediametrics.ru/ http://chat.krible.ru/ http://xml.zorkabiz.ru/ http://xml.zorkabiz.ru/ http://t.insigit.com/ http://kitbit.net/ http://front.facetz.net/ http://share.pluso.ru/ https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ 'self' http://mytomatosoup.com/ http://utarget.ru/ https://*.metabar.ru/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://www.gridiogrid.com/ https://cdn.api.twitter.com/ https://vk.com/ https://retukalone.pw/ http://nathetsof.com https://nathetsof.com http://www.nathetsof.com https://www.nathetsof.com https://ff-input.mxpnl.net/ http://gridiogrid.com https://gridiogrid.com wss://gridiogrid.com https://static.reasedoper.pw/ wss://www.nathetsof.com wss://www.nathetsof.com wss://www.reasedoper.pw/ wss://sparnove.com https://sparnove.com https://sparnove.com http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com http://jsc.marketgid.com 2
default-src 'self'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' kampyle.com *.kampyle.com mobileapi.locatorsearch.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' *.tvsquared.com google-analytics.com *.google-analytics.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline' kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com; font-src 'self' data: kampyle.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com; 2
default-src 'self'; connect-src 'self' s3.us-west-2.amazonaws.com/upload.com.fmod/uploads/ www.google-analytics.com/j/collect; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com; font-src 'self' cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com code.jquery.com; img-src 'self' d1s9dnlmdewoh1.cloudfront.net d26jga8jjsa591.cloudfront.net www.google-analytics.com; frame-src 'self' www.youtube.com player.twitch.tv; media-src 'self' d26jga8jjsa591.cloudfront.net 2
frame-ancestors https://*.1-grid.com/ 'self'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8090 https://cdn.polyfill.io https://seal.verisign.com https://uniteddomainsus.zendesk.com https://static.zdassets.com https://assets.zendesk.com https://v2.zopim.com https://polyfill.io https://cdn.ravenjs.com; object-src 'self'; 2
default-src * https:; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; style-src 'unsafe-inline' https:; img-src data: https:; font-src data: https:; connect-src https: wss://ws5.hotjar.com/; media-src * blob:; 2
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com;         connect-src * 'self' data: *.hubspot.com https://optimize.google.com;         frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net;        style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com;         media-src 'self' data: www.qualia.com;         object-src 'none';         upgrade-insecure-requests 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com; img-src * blob: data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.app.khoros.com *.smooch.io; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/  https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com  https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; 2
base-uri 'self'; connect-src 'self'  *.edgy.app; media-src 'self'  *.edgy.app; frame-ancestors 'self'  *.edgy.app 2
default-src 'self' * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com data:;connect-src 'self' blob: *.bg.co.uk *.wgp-bgs.co.uk *.birdguides.com *.birdguides-cdn.com https://vimeo.com https://api.raygun.io https://apikeys.civiccomputing.com https://clapi.civiccomputing.com ws://am.freshrelevance.com http://am.freshrelevance.com *.traveldesk.io *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com *.g.doubleclick.net;base-uri 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com cdn.jsdelivr.net *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com sibforms.com bam.eu01.nr-data.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com snap.licdn.com *.userlike.com *.linkedin.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com; img-src * data:; frame-src *; connect-src *; font-src * data:; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.actility.io *.cedexis.com cdnjs.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.twitter.com *.ytimg.com *.mgr.consensu.org; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src *; img-src * data: blob:; font-src 'self' *.gstatic.com data:; media-src *; connect-src * 2
frame-ancestors http://*.iow.gov.uk 2
worker-src 'self' 2
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 2
frame-ancestors 'self' *.wildberries.am 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com code.jquery.com ajax.googleapis.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com storage.googleapis.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com translate.googleapis.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.interactions.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com service.giosg.com s3.amazonaws.com/beacon.pmmimediagroup.com/ *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; font-src 'self' data: *.typekit.net fonts.gstatic.com fonts.googleapis.com storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io www.google-analytics.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com translate.google.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com tagmanager.google.com ssl.gstatic.com translate.googleapis.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com commondatastorage.googleapis.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net optimize.google.com *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com www.google-analytics.com stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com tagmanager.google.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com api.giosg.com *.typekit.net *.interactions.giosgusercontent.com service.giosg.com prospector.pmmimediagroup.com wss://www.upm.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com optimize.google.com service.giosg.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com service.giosg.com go.upmspecialtypapers.com upm.leadfamly.com tools.eurolandir.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2
default-src 'none'; img-src 'self' data: https://*.google.com https://*.google.co.uk https://*.google.com.au https://*.google.fr https://*.google.es https://*.google.ro https://*.google.dk https://*.google.de https://*.google.co.nz https://*.google.ch https://*.google.nl https://*.google.co.jp https://*.google.com.ar https://*.google.com.br https://*.google.com.kw https://*.google.com.co https://*.google.co.zm https://*.google.ca https://*.google.be https://*.google.it https://*.google.ie https://*.google.co.id https://*.google.co.il https://*.google.ae https://*.google.cz https://*.google.is https://*.google.co.kr https://*.google.com.cy https://*.google.hr https://*.google.co.in https://*.google.pt https://*.google.pl https://*.google.gr https://*.google.no https://*.google.com.my https://*.google.se https://*.google.com.mt https://*.google.sg https://*.google.com.np https://*.google.fi https://*.google.cl https://*.google.com.mx https://*.google.eg https://*.google.az https://*.google.al https://*.google.co.za https://*.google.com.gt https://*.google.com.hk https://*.google.co.th https://*.google.co.cr https://assets-prod.lhsenv.com https://optimised-assets.lovehomeswap.com https://media.graphcms.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://bat.bing.com https://www.facebook.com https://www.gstatic.com https://maps.gstatic.com https://logs.convertexperiments.com https://*.hotjar.com https://*.hotjar.io https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; script-src 'self' 'unsafe-inline' https://*.track.convertexperiments.com https://js.intercomcdn.com https://app.intercom.io https://widget.intercom.io https://www.gstatic.com/ https://*.js.ubembed.com https://assets.ubembed.com https://connect.facebook.net https://cdn-3.convertexperiments.com https://www.google-analytics.com https://bat.bing.com https://*.hotjar.io https://widget.trustpilot.com https://maps.googleapis.com https://www.googletagmanager.com https://*.hotjar.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: https://js.intercomcdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src 'self' https://*.google.com https://*.google.co.uk https://*.google.com.au https://*.google.fr https://*.google.es https://*.google.ro https://*.google.dk https://*.google.de https://*.google.co.nz https://*.google.ch https://*.google.nl https://*.google.co.jp https://*.google.com.ar https://*.google.com.br https://*.google.com.kw https://*.google.com.co https://*.google.co.zm https://*.google.ca https://*.google.be https://*.google.it https://*.google.ie https://*.google.co.id https://*.google.co.il https://*.google.ae https://*.google.cz https://*.google.is https://*.google.co.kr https://*.google.com.cy https://*.google.hr https://*.google.co.in https://*.google.pt https://*.google.pl https://*.google.gr https://*.google.no https://*.google.com.my https://*.google.se https://*.google.com.mt https://*.google.sg https://*.google.com.np https://*.google.fi https://*.google.cl https://*.google.com.mx https://*.google.eg https://*.google.az https://*.google.al https://*.google.co.za https://*.google.com.gt https://*.google.com.hk https://*.google.co.th https://*.google.co.cr https://apiv3.lovehomeswap.com https://webhook.pingdom.com https://api.pingdom.com https://*.pingdom.com https://api.lhsdev.com https://bat.bing.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://logs.convertexperiments.com https://sentry.io wss://*.intercom.io https://*.intercom.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.events.ubembed.com https://stats.g.doubleclick.net https://api-euwest.graphcms.com https://api-eu-central-1.graphcms.com https://www.googleadservices.com https://www.facebook.com http://www.bing.com/bingbot.htm http://www.google.com/bot.html http://*.bing.com http://*.google.com https://*.googlebot.com; child-src 'self' https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com; report-uri https://sentry.io/api/3044989/security/?sentry_key=a0c4b84593374c75a40cc3100cfa2e4f; media-src 'self' https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; base-uri 'self'; frame-src 'self' https://widget.trustpilot.com https://*.pages.ubembed.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://mozbar.moz.com https://www.googletagmanager.com; upgrade-insecure-requests 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://assets.scrivito.com https://matomo.rz.hs-heilbronn.de/ https://fiona8-backend.hs-heilbronn.de/; object-src 'none'; block-all-mixed-content 2
default-src 'self'; img-src 'self' data: https: *.wp.com *.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com *.wp.com *.wordpress.com; font-src 'self' data: https: fonts.googleapis.com *.wp.com *.wordpress.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.wp.com *.wordpress.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv-static.azureedge.net gcv-cms-static.azureedge.net gcv-staging-static.azureedge.net gcv-dev-static.azureedge.net gcv-qa-static.azureedge.net gcv-qa2-static.azureedge.net gcv-qa3-static.azureedge.net www-gcv-static.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com; 2
frame-ancestors 'self' apply.v12finance.com 2
default-src 'self' https://derpicdn.net; script-src 'self' https://derpicdn.net; style-src 'self' https://derpicdn.net; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://derpicdn.net https://camo.derpicdn.net; block-all-mixed-content 2
frame-ancestors 'self' https://*.moody.edu 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src https: blob: 2
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; script-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; connect-src * 'unsafe-inline' 2
default-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src https:; object-src 'none' 2
default-src https:; frame-ancestors 'none' 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.eum-appdynamics.com https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://*.baidu.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.beautyexpert.com https://checkout.beautyexpert.com https://www.beautyexpert.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://translate.yandex.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com cdn.proctorauth.com *.olark.com; img-src 'self' data: www.google-analytics.com cdn.proctorauth.com *.olark.com; style-src 'self' 'unsafe-inline' cdn.proctorauth.com *.olark.com; font-src 'self' data: cdn.proctorauth.com; media-src 'self' cdn.proctorauth.com *.olark.com; frame-src 'self' www.youtube-nocookie.com docs.google.com *.olark.com; connect-src 'self' www.google-analytics.com cdn.proctorauth.com *.olark.com script.google.com; object-src 'none'; 2
frame-ancestors 'self' http://jobcloud.ch http://*.jobcloud.ch http://jobs.ch http://*.jobs.ch http://jobup.ch http://*.jobup.ch http://ingjobs.ch http://ictcareer.ch http://jobs4sales.ch http://financejobs.ch http://medtalents.ch http://jobwinner.ch http://alpha.ch http://topjobs.ch http://*.jobscout24.ch http://impieghi.ch http://*.impieghi.ch http://*.stellenmarkt.ch 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2
connect-src 'self'       https://www.google-analytics.com       https://open.http.mp.streamamg.com     *.schema.org   *.streamamg.com  https://cf.vod.mp.streamamg.com        http://www.aragontelevision.es       *.twitch.tv    *.cloudfront.net       *.yourcommunify.com       yourcommunify.com        *.google-analytics.com;              default-src *.realsociedad.com       *.realsociedad.eus       blob:       'self';              style-src 'self' 'unsafe-inline'     *.schema.org *.streamamg.com  *.cloudfront.net       *.googleapis.com;              img-src 'self'     *.schema.org     *.streamamg.com     http://placehold.it        https://twitter.github.io        https://stats.g.doubleclick.net/        https://www.google.com        https://www.facebook.com/        https://www.google.es        http://realsociedadcdnpre.barrabes.biz                       https://cdn.realsociedad.eus        https://cdntienda.realsociedad.eus                       https://cdntienda.realsociedad.com                        http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com        *.cloudfront.net         *.vimeo.com              https://img.youtube.com    *.genial.ly    *.azureedge.net        *.google-analytics.com        https://cdn.realsociedad.com        data:    *.schema.org *.streamamg.com    https://maps.googleapis.com        https://open.http.mp.streamamg.com        https://cdn.bleacherreport.net/        *.w55c.net         *.gstatic.com;              media-src 'self'               *.schema.org *.streamamg.com         https://cdn.realsociedad.eus                        https://cdntienda.realsociedad.com        https://cdntienda.realsociedad.eus                              http://twemoji.maxcdn.com                        https://pbs.twimg.com                        *.cdninstagram.com                        *.fbcdn.net                        www.google-analytics.com         *.vimeo.com     *.genial.ly         https://img.youtube.com        http://www.aragontelevision.es        *.twimg.com;              font-src 'self'    *.schema.org *.streamamg.com   https://open.http.mp.streamamg.com       *.gstatic.com;               script-src 'self'                          'unsafe-inline'        https://stats.mp.streamamg.com       http://open.http.mp.streamamg.com                         https://www.realsociedad.com       https://www.realsociedad.eus                         https://www.googletagmanager.com                          http://www.google-analytics.com       https://ssl.google-analytics.com       'unsafe-eval'  *.vimeo.com   *.genial.ly  https://www.youtube.com     *.twitch.tv     https://connect.facebook.net       *.ytimg.com       *.cloudfront.net       *.w55c.net        *.hspvst.com       *.yourcommunify.com       yourcommunify.com       https://maps.googleapis.com;    object-src https://www.realsociedad.eus                          https://fundazioa.realsociedad.eus;    frame-src *.realsociedad.com        *.realsociedad.eus        *.cloudfront.net       *.yourcommunify.com       yourcommunify.com   *.vimeo.com  *.genial.ly   http://www.youtube.com       https://www.youtube.com       https://connect.facebook.net       https://www.facebook.com       https://open.http.mp.streamamg.com/       https://www.eitb.eus       https://www.aragontelevision.es       http://www.aragontelevision.es      *.twitch.tv    *.powerbi.com *.flipsnack.com; 2
frame-ancestors 'self' www.kamababa.com kamababa.com www.kamamela.com kamamela.com kamababa2.com www.kamababa2.com; 2
default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; 2
frame-ancestors 'self' https://www.yammer.com/         https://customer.al-enterprise.com https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/;         child-src 'self' https://www.yammer.com/ https://customer.al-enterprise.com         https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/; 2
frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th smart.amway.co.th admin.smart.amway.co.th 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.youtube.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com; frame-src 'self' *.google.com *.youtube.com; font-src 'unsafe-eval' 'unsafe-inline' 'self' https://themes.googleusercontent.com https://fonts.gstatic.com data:; object-src 'self' 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://connect.facebook.net; frame-src 'self' https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://transaction.hostedpayments.com https://certtransaction.hostedpayments.com https://*.afterdigital.uk https://skyway.honolulumuseum.org; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://services.postcodeanywhere.co.uk https://api.addressy.com https://skyway.honolulumuseum.org https://*.afterdigital.uk https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com; img-src 'self' https://skyway.honolulumuseum.org https://*.cdninstagram.com https://*.afterdigital.uk https://art.honolulumuseum.org https://t-bridge.s3.eu-west-1.amazonaws.com https://skyway-us-cms-assets.s3.us-east-2.amazonaws.com https://www.google-analytics.com https://www.instagram.com https://*.doubleclick.net; font-src 'self' 'unsafe-inline' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://we-pay.dodopizza.com https://eu2-pay.dodopizza.com https://dodopizza-a.akamaihd.net https://dodopizza.azureedge.net https://cdn.dodostatic.net https://eu2dodostatic.blob.core.windows.net https://globalapi.dodopizza.com https://publicapi.dodois.io https://*.ivideon.com https://*.extcam.com https://eventstream.dodopizza.com https://api.mindbox.ru https://www.google.com https://www.google.ru https://pay.google.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://mc.yandex.ru https://yastatic.net https://top-fwz1.mail.ru https://connect.facebook.net https://www.facebook.com https://vk.com https://login.vk.com https://ssp.adriver.ru https://www.artfut.com https://z.asbmit.com https://pafutos.com https://ad.admitad.com https://inv-dmp.admixer.net/ https://*.appsflyer.com https://impressions.onelink.me https://config.metomic.io/ https://apipub.metomic.io/ https://consent-manager.metomic.io/ https://api.rollbar.com https://dodopizza428687.typeform.com/ 2
frame-ancestors 'self'; object-src 'none'; form-action 'self'; base-uri 'none'; data: http://portal.comunique-se.com.br 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ch *.gstatic.com *.launchdarkly.com *.instavid360.com *.hotjar.com *.intercom.io *.intercomcdn.com secure.adnxs.com acdn.adnxs.com *.googleadservices.com *.criteo.net *.criteo.com *.youtube.com *.ytimg.com securepubads.g.doubleclick.net *.googletagservices.com adservice.google.ch tpc.googlesyndication.com *.da-services.ch cdn.adsafeprotected.com pixel.adsafeprotected.com tagger.opecloud.com beagle.dev.tda.link beagle.prod.tda.link https://assets.carforyou.ch https://emotional-takeover.carforyou.ch ad.doubleclick.net 2
frame-ancestors https://l7804403c1dev-admin.occa.ocs.oraclecloud.com https://l7804403c1dev-store.occa.ocs.oraclecloud.com https://www.milanomalpensa-airport.com https://www.milanolinate-airport.com https://external.airport.ai 2
frame-ancestors 'self' https://*.flemingcollege.ca https://*.flemingc.on.ca; default-src *; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://stats.g.doubleclick.net https://www.facebook.com https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://maps.gstatic.com https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://bankmozliwosci.santander.pl https://www.googletagmanager.com www.google.com http://www.webankieta.pl www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://optimize.google.com https://ent.activeforms.com http://ent.activeforms.com opinia.santander.pl http://formularze.santander.pl https://www.webankieta.pl https://cloud.webankieta.pl http://datacloud.tealiumiq.com https://formularze.santander.pl https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.script.crazyegg.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://maps.googleapis.com http://www.script.crazyegg.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://code.jquery.com www.google.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com http://script.crazyegg.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://omnibot.santander.pl https://www.google-analytics.com https://my.tealiumiq.com https://collect.tealiumiq.com 'self' 2
base-uri self 2
frame-ancestors 'self' http://www.degreedeodorant.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net *.api.here.com *.wp.com lftracker.leadfeeder.com; object-src 'self'; img-src * 'self' https: data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net; style-src 'unsafe-inline' 'self' fonts.googleapis.com js.api.here.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com dq4irj27fs462.cloudfront.net *.api.here.com; connect-src 'self' blob: *.lancom-systems.de *.lancom-systems.com wss://chat.userlike.com chat.userlike.com api.userlike.com www.google-analytics.com *.doubleclick.net *.hereapi.com js.api.here.com ; media-src 'self' dq4irj27fs462.cloudfront.net blob: ; worker-src 'self' blob: ; 2
true 2
base-uri 'self'; object-src 'none'; img-src 'self' https://www.google-analytics.com https://storage.googleapis.com/operating-anagram-8280/ https://lh3.googleusercontent.com/ https://stats.g.doubleclick.net/r/collect https://i.ytimg.com/ https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com data:; script-src 'self' 'unsafe-eval' 'sha256-If5YkXjOaX9+Y2b1TABwFRqsMHrOMW2l2cQ5lJdj3w8=' https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular-animate.min.js https://ajax.googleapis.com/ajax/libs/angularjs/1.6.8/angular-touch.min.js https://www.gstatic.com/brandstudio/kato/cookie_choice_component/cookie_consent_bar.v2.js https://www.gstatic.com/external_hosted/hammerjs/v2_0_2/hammer.min.js https://www.googletagmanager.com/gtag/js https://stats.g.doubleclick.net/r/collect https://www.youtube.com/iframe_api https://s.ytimg.com/yts/ 2
default-src 'self' polska.pl;frame-src 'self' www.youtube.com www.flickr.com; style-src  'unsafe-inline' 'self' ;object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; script-src  www.google-analytics.com  maps-api-ssl.google.com maps.googleapis.com 'self' 'sha256-hSKFpkCaj1fog8/oqTGSt73LiPQHQ6PlNdS1BvIisYI=' 'sha256-3EZfXh3VS4fiZSZk7hoFtQsV0SUGRnA2D8qYVKOVbDk=' 'sha256-8290JQd/ST+MhN5OI6dR/+ppjuu/6B7WqyH60ZoTQvc=' 'unsafe-eval' ;img-src  http://polska.pl/ *.google-analytics.com maps.gstatic.com  'self' 2
frame-ancestors 'self';upgrade-insecure-requests 2
script-src 'unsafe-inline' 'unsafe-eval' * data: 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
report-uri https://top100golf.report-uri.com/r/d/csp/wizard;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: www.googletagmanager.com *.google.co.uk *.google.com *.google-analytics.com *.doubleclick.net platform.twitter.com;style-src 'self' 'unsafe-inline' platform.twitter.com https: 2
default-src 'self' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://www.google-analytics.com *.doubleclick.net https://staticxx.facebook.com https://platform.twitter.com http://i.vimeocdn.com https://player.vimeo.com *.youtube-nocookie.com https://www.youtube.com/iframe_api *.linkedin.com *.mktoresp.com http://stats.sa-as.com https://www.facebook.com https://www.google.com https://tracking.leadlander.com *.siteimproveanalytics.io https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com *.fullstory.com https://api.company-target.com https://static.smartrecruiters.com https://www.smartrecruiters.com https://subscriptions.smartrecruiters.com/ https://cdn.jsdelivr.net https://scripts.demandbase.com https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://bam.nr-data.net/events/1/f277460712 https://public.tableau.com/; img-src 'self' data: https://public.tableau.com/static/images/cy/cybersecurity_tool/Story1/1.png https://cdn.bizible.com/ https://cdn.bizibly.com https://www.facebook.com https://stats.g.doubleclick.net https://tracking.leadlander.com https://*.global.siteimproveanalytics.io https://px.ads.linkedin.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://s.ytimg.com http://siteimproveanalytics.com https://www.google-analytics.com https://sjs.bizographics.com *.linkedin.com http://connect.facebook.net https://apis.google.com http://platform.twitter.com http://*.marketo.net https://*.marketo.net http://*.marketo.com https://*.marketo.com http://t.sf14g.com http://stats.sa-as.com https://d6digital.atlassian.net https://player.vimeo.com http://i.vimeocdn.com *.youtube-nocookie.com https://www.youtube.com/iframe_api https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com https://fullstory.com/s/fs.js https://tag.demandbase.com https://scripts.demandbase.com https://static.smartrecruiters.com/job-widget/1.4.2/script/smart_widget.js https://static.smartrecruiters.com/job-widget/1.4.2/script/jquery.min.js https://use.fontawesome.com/releases/v5.8.2/js/all.js https://use.fontawesome.com/releases/v5.8.2/js/v4-shims.js https://www.smartrecruiters.com https://trk.techtarget.com/tracking.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.1.min.js https://subscriptions.smartrecruiters.com/widget/v1/sr-job-alerts.js https://cdn.jsdelivr.net https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://public.tableau.com/javascripts/api/viz_v1.js https://cdn.bizible.com app-sj21.marketo.com https://www.youtube.com pagecdn.io; style-src 'self' 'unsafe-inline' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://tagmanager.google.com https://fonts.googleapis.com https://static.smartrecruiters.com/job-widget/1.4.2/css/smart_widget.css https://scripts.demandbase.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ 2
object-src 'self' *; 2
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' msg.playcanvas.com code.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com cdn.webglstats.com https://s3-eu-west-1.amazonaws.com 2
frame-ancestors https://*.acufinder.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com  https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 2
default-src *;     frame-src 'self' *.google.com *.youtube.com https://staticxx.facebook.com https://dw408jcu6cqwk.cloudfront.net https://accounts.livechatinc.com https://secure.livechatinc.com http://4511566.fls.doubleclick.net/ http://tags.tiqcdn.com/ https://bid.g.doubleclick.net/;     font-src * 'self' data: fwd-chatbot-tools.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com fonts.gstatic.com fonts.googleapis.com;     img-src * 'self' data: chatbot-ph.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com;     style-src * 'self' 'unsafe-inline' cdnjs.cloudflare.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fwd.com.hk cdnjs.cloudflare.com execution-apn.ci360.sas.com browser-update.org cdn.mouseflow.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://fwd.api.useinsider.com *.useinsider.com https://search.fwd.com.hk http://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph https://connect.fwd.co.th https://line.fwd.co.th https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com tagmanager.google.com *.googleapis.com www.googletagmanager.com *.livechatinc.com connect.facebook.net *.turn.com *.zopim.com *.zopim.io cdn-akamai.mookie1.com tags.tiqcdn.com t.mookie1.com b3.mookie1.com *.zopim.com api.map.baidu.com *.maxmind.com *.map.bdimg.com *.bdstatic.com wss://*.zopim.com https://*.zopim.io *.googleadservices.com *.adnxs.com *.doubleclick.net *.cloudfront.net *.mimecast.com *.adsrvr.org *.facebook.com *.youtube.com *.bing.com *.ytimg.com *.visualwebsiteoptimizer.com *.yahoo.com bs.serving-sys.com https://*.analytics.yahoo.com *.yimg.com *.taboola.com *.innity.net *.innity.com *.zdassets.com wss://chatbot.fwd.com.hk https://portal.fwd.com.vn https://dw408jcu6cqwk.cloudfront.net;     connect-src 'self' *.fwd.com.hk geoip-js.com execution-apn.ci360.sas.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://api.useinsider.com https://location.api.useinsider.com https://hit.api.useinsider.com https://fwd.api.useinsider.com https://category-collector.api.useinsider.com http://dev.surfer.seasonalife.com https://surfer.seasonalife.com *.surfer.seasonalife.com *.seasonalife.com https://image.useinsider.com https://*.api.useinsider.com wss://directline.botframework.com https://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph http://search.fwd.com.hk https://connect.fwd.co.th https://line.fwd.co.th https://portal.fwd.com.vn wss://*.zopim.com *.maxmind.com api.map.baidu.com *.adnxs.com *.turn.com *.adsrvr.org *.botframework.com *.facebook.com *.vimeo.com *.youtube.com *.taboola.com *.yimg.com *.innity.net *.innity.com wss://*.fwd.com.hk *.yahoo.com *.mouseflow.com wss://chatbot.fwd.com.hk trc.taboola.com cdn.taboola.com *.zdassets.com *.doubleclick.net *.tigcdn.com www.google-analytics.com wss://api.livechatinc.com https://api.livechatinc.com https://h49u5ppoz9.execute-api.ap-southeast-1.amazonaws.com https://1z4ebxptw1.execute-api.ap-southeast-1.amazonaws.com https://hooks.slack.com;     object-src 'none';     form-action 'self' *.fwd.com.hk;  2
default-src 'self' *.persistent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://match.prod.bidr.io/  https://d26x5ounzdjojj.cloudfront.net/ https://plugins.eventable.com/ https://www.recaptcha.net/  https://add.eventable.com  https://twitter.com/ https://script.hotjar.com https://static.hotjar.com/ https://maxcdn.bootstrapcdn.com/ https://dn1f1hmdujj40.cloudfront.net  https://tagmanager.google.com https://googleads.g.doubleclick.net  https://www.google-analytics.com  https://www.googleadservices.com/ https://geolocation.onetrust.com https://cookiepro.blob.core.windows.net https://code.jquery.com https://pi.pardot.com/ https://go.persistent.com  http://www.persistent.com https://www.google.com/ https://www.gstatic.com  https://analytics.twitter.com https://t.co  https://px.ads.linkedin.com  https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net  https://web-analytics.engagio.com/  https://platform.twitter.com/ https://cdn.syndication.twimg.com  https://s.ytimg.com  https://www.youtube.com/ https://connect.facebook.net/ https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' https://tagmanager.google.com https://googleads.g.doubleclick.net https://fonts.googleapis.com  https://cookiepro.blob.core.windows.net https://use.fontawesome.com http://www.persistent.com  https://optanon.blob.core.windows.net  https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://script.hotjar.com  https://www.google-analytics.com https://use.fontawesome.com https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://accounts.google.com/ http://cal.events https://outlook.live.com/ https://login.yahoo.com/ https://calendar.yahoo.com/  https://calendar.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://add.eventable.com/ https://vars.hotjar.com/ http://go.persistent.com/  https://bid.g.doubleclick.net/ http://get.adobe.com/  https://web.facebook.com/ https://www.google.com/  https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://plugins.eventable.com/ https://add.eventable.com/  https://p.adsymptotic.com https://content.persistent.com https://px.ads.linkedin.com https://www.google.com https://www.google.co.in  https://ssl.gstatic.com https://www.gstatic.com https://cookiepro.blob.core.windows.net  http://www.persistent.com https://t.co/  https://optanon.blob.core.windows.net  https://*.twitter.com  https://syndication.twitter.com  https://*.twimg.com/  https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/  data:;connect-src 'self' https://com-thebigwillow-prod1.collector.snplow.net/ https://www.googleapis.com/  https://my.yoast.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com https://ws6.hotjar.com/  https://in.hotjar.com/ wss://ws6.hotjar.com  https://www.facebook.com/  https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://accounts.google.com/  https://www.youtube.com;plugin-types application/pdf  application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 2
default-src 'self'; frame-ancestors 'self' https://www.iil.slackandcompany.com/ https://iil.slackandcompany.com/ http://www.iil.slackandcompany.com/ http://iil.slackandcompany.com/ https://www.insideidealabs.com/ https://insideidealabs.com/ http://www.insideidealabs.com/ http://insideidealabs.com/ https://www.insideidealabs.com.ar https://insideidealabs.com.ar http://www.insideidealabs.com.ar http://insideidealabs.com.ar https://www.insideidealabs.de https://insideidealabs.de http://www.insideidealabs.de http://insideidealabs.de https://www.insideidealabs.pe https://insideidealabs.pe http://www.insideidealabs.pe http://insideidealabs.pe https://www.insideidealabs.com.br https://insideidealabs.com.br http://www.insideidealabs.com.br http://insideidealabs.com.br https://www.insideidealabs.jp https://insideidealabs.jp http://www.insideidealabs.jp http://insideidealabs.jp https://www.insideidealabs.eu https://insideidealabs.eu http://www.insideidealabs.eu http://insideidealabs.eu https://www.insideidealabs.co.kr https://insideidealabs.co.kr http://www.insideidealabs.co.kr http://insideidealabs.co.kr https://www.insideidealabs.kr https://insideidealabs.kr http://www.insideidealabs.kr http://insideidealabs.kr https://www.insideidealabs.cn https://insideidealabs.cn http://www.insideidealabs.cn http://insideidealabs.cn https://www.insideidealabs.com.cn https://insideidealabs.com.cn http://www.insideidealabs.com.cn http://insideidealabs.com.cn https://www.insideidealabs.mx https://insideidealabs.mx http://www.insideidealabs.mx http://insideidealabs.mx https://www.insideidealabs.sg https://insideidealabs.sg http://www.insideidealabs.sg http://insideidealabs.sg https://www.insideidealabs.asia https://insideidealabs.asia http://www.insideidealabs.asia http://insideidealabs.asia https://www.insideidealabs.co https://insideidealabs.co http://www.insideidealabs.co http://insideidealabs.co https://www.insideidealabs.co.uk https://insideidealabs.co.uk http://www.insideidealabs.co.uk http://insideidealabs.co.uk https://www.insideidealabs.uk https://insideidealabs.uk http://www.insideidealabs.uk http://insideidealabs.uk http://iildev.rivetagency.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; media-src 'self' *; connect-src 'self' *; frame-src  'self' *; style-src 'self' 'unsafe-inline' * 2
child-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; frame-src 'self' *.youtube.com *.vimeo.com *.dailymotion.com *.europa.eu europa.eu youtube.com *.dailymotion.com *.vimeo.com *.amazonaws.com *.arcgis.com *.arte.tv *.babahh.com *.bbc.co.uk *.blitzvideoserver.de *.bpb.de *.brightcove.com *.btv.bg *.cc.cec *.cimo.fi *.cjelozivotno-ucenje.hr *.cnbc.com *.coe.int *.communi-k.eu *.compareyourcountry.org *.crp.education *.cy2012.eu *.dacast.com *.dcdn.lt debategraph.org digital-agenda-data.eu *.disaster-resilience.com *.docdroid.net *.d-portal.org *.easme-web.eu *.edcc.eu *.euneighbours.eu *.euronews.com *.europeandataportal.eu *.facebook.com https://familymeal.eu *.flickr.com *.franceculture.fr *.franceinter.fr *.freecaster.com *.freezbee.tv *.genial.ly *.giphy.com *.github.io *.google.be *.google.co.uk *.google.com *.google.fr *.grnet.gr *.index.hu *.instantflipbook.com *.issuu.com *.jrc.nl *.jwplatform.com *.learningandwork.org.uk *.libsyn.com *.live.com livestream.com *.mentimeter.com *.metoo.sk *.mostra.eu *.neteyes.hu *.oecd.org *.openstreetmap.fr *.openstreetmap.org *.ourworldindata.org *.polarhd.com *.public-i.tv *.qbrick.com *.rackcdn.com *.rambla.be *.roguemotion.graphics *.sharepoint.com *.sketchfab.com *.slideshare.net *.solidtango.com *.soonfeed.com *.soundcloud.com *.streamamg.com *.streamcode.net *.streamdis.eu streamer.bg *.streaming.at *.streaming.sk *.streamovations.be *.sway.com *.tagesschau.de *.telemak.tv *.testa.eu *.thinglink.com *.tiesraides.lv *.top-ix.org *.tsnmalta.org *.tv1.eu *.tv-on-web.de *.twinix.eu *.typeform.com *.uc3m.es *.uplynk.com *.ustream.tv *.uu.se *.videliostreaming.com *.videolevels.com *.walls.io *.weforum.org *.westream.com *.wyng.com *.youongroup.com *.youtu.be *.youtube-nocookie.com *.zdf.de *.michael-lurquin.com; 2
default-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io https://www.googletagmanager.com https://cdn.taboola.com data:; script-src 'self' *.bootstrapcdn.com *.rawgit.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io https://tdns4.gtranslate.net https://mc.yandex.ru https://www.googletagmanager.com https://cdn.taboola.com https://s.yimg.com https://sp.analytics.yahoo.com https://js-agent.newrelic.com https://bam.nr-data.net data:; img-src * 'self' data:; media-src 'self' *.youtube.com *.ltts.com; frame-src  *.ltts.com *.linkedin.com *.youtube.com youtube.com *.facebook.com *.twitter.com www.google.com *.google.com *.hotjar.com https://www.easytourz.com/; connect-src 'self' https://tdns4.gtranslate.net https://mc.yandex.ru https://in.hotjar.com https://www.linkedin.com https://translate.googleapis.com https://vc.hotjar.io https://www.google-analytics.com https://trc.taboola.com https://s.yimg.com https://bam.nr-data.net; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com s.ytimg.com *.googletagmanager.com *.google-analytics.com *.serving-sys.com *.ads-twitter.com *.twitter.com *.facebook.net *.readspeaker.com sadmin.brightcove.com syndication.twitter.com cdn.syndication.twimg.com tagmanager.google.com; img-src 'self' data: ssl.gstatic.com www.gstatic.com *.youtube.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.facebook.com t.co fonts.googleapis.com stats.g.doubleclick.net caixaforum.emexs.es cosmocaixa.emexs.es ucarecdn.com *.readspeaker.com syndication.twitter.com *.twimg.com platform.twitter.com *.fbcdn.net *.ytimg.com *.cdninstagram.com; frame-src 'self' fls.doubleclick.net open.spotify.com caixaforum.emexs.es cosmocaixa.emexs.es *.youtube.com www.google.com *.readspeaker.com platform.twitter.com players.brightcove.net syndication.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com caixaforum.emexs.es cosmocaixa.emexs.es *.readspeaker.com platform.twitter.com *.twimg.com tagmanager.google.com; font-src 'self' data: *.google-analytics.com *.serving-sys.com caixaforum.emexs.es cosmocaixa.emexs.es fonts.gstatic.com *.readspeaker.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://p.typekit.net https://fonts.gstatic.com https://siteimproveanalytics.com https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/ https://cdn.cookielaw.org;                                                          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://view.ceros.com https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/ https://cdn.cookielaw.org;                                                          frame-ancestors 'self' http://goodwinlaw.com https://goodwinlaw.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io;                                                          frame-src 'self'  https://goodwin.photoshelter.com http://players.brightcove.net https://www.google.com https://www.youtube.com https://player.simplecast.com https://embed.simplecast.com https://players.brightcove.net https://ud.tiaa-cref.org https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/;                                                          img-src 'self' data: https://us1.siteimprove.com https://www.google-analytics.com https://nowexttype.com https://p.typekit.net https://www.googletagmanager.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://cdn.cookielaw.org;                                                          font-src 'self' https://fonts.gstatic.com https://advance.lexis.com https://use.typekit.net https://61282325.global.siteimproveanalytics.io;                                                          connect-src 'self' https://performance.typekit.net https://www.google-analytics.com https://61282325.global.siteimproveanalytics.io https://cdn.cookielaw.org;                                                          report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 2
default-src 'unsafe-inline'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.facebook.com https://*.bgk.pl; img-src 'self'  https://emplocity.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl data: 2
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
script-src 'unsafe-inline' 'unsafe-eval' *.museumofthehome.org.uk *.cloudflare.com *.aspnetcdn.com *.ajax.googleapis.com maps.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.addthis.com *.addthisedge.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.fonts.net; 2
default-src https:  wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; 2
frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.klm.com https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.accorhotels.com https://*.accor.com https://*.usabilla.com https://*.hotjar.com https://*.decibelinsight.net https://*.google.com https://*.google-analytics.com https://*.iadvize.com https://*.salesforceliveagent.com/ https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.optimizely.com 'unsafe-eval' 'unsafe-inline' 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https: twitter:; frame-ancestors http: https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval'  https:; worker-src 'self' blob:; child-src 'self' blob:;  style-src 'unsafe-inline' https:; 2
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 2
default-src 'self' data: 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net *.twitter.com *.jquery.com https://assets.ubembed.com *.gstatic.com https://p.adsymptotic.com *.linkedin.com *.licdn.com t.co *.facebook.com *.ubembed.com *.googleapis.com *.ads-twitter.com *.bronto.com *.visualwebsiteoptimizer.com *.crazyegg.com *.hotjar.com *.hotjar.io *.appspot.com *.klaviyo.com *.kmail-lists.com *.doubleclick.net; style-src 'self' data: 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net *.twitter.com *.jquery.com https://assets.ubembed.com *.gstatic.com https://p.adsymptotic.com *.linkedin.com *.licdn.com t.co *.facebook.com *.ubembed.com *.googleapis.com *.ads-twitter.com *.bronto.com *.visualwebsiteoptimizer.com *.crazyegg.com *.hotjar.com *.hotjar.io *.appspot.com *.klaviyo.com; img-src 'self' data: 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net *.twitter.com *.jquery.com https://assets.ubembed.com *.gstatic.com https://p.adsymptotic.com *.linkedin.com *.licdn.com t.co *.facebook.com *.ubembed.com *.googleapis.com *.ads-twitter.com *.bronto.com *.visualwebsiteoptimizer.com *.crazyegg.com *.hotjar.com *.hotjar.io *.appspot.com *.klaviyo.com *.kmail-lists.com *.cloudfront.net *.webdamdb.com *.google.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com *.facebook.net *.twitter.com *.jquery.com https://assets.ubembed.com *.gstatic.com https://p.adsymptotic.com *.linkedin.com *.licdn.com t.co *.facebook.com *.ubembed.com *.googleapis.com *.ads-twitter.com *.bronto.com *.visualwebsiteoptimizer.com *.crazyegg.com *.hotjar.com *.hotjar.io *.appspot.com *.klaviyo.com *.kmail-lists.com *.google.com *.cloudflare.com *.mygildan.com; frame-src 'self' *.mygildan.com *.google.com *.facebook.com; 2
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 2
default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com ; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com https://fonts.gstatic.com https://sxt.cdn.skype.com ; frame-src https: ; report-uri /cspreport.htm 2
frame-ancestors 'self'; object-src 'none'; base-uri 'none' 2
default-src 'self' *.binomoofficial.com *.binomo.com; child-src *; connect-src 'self' *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.optimizely.com *.zopim.com *.launchdarkly.com api.exponea.com ekr.zdassets.com analytics.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com app.getsentry.com *.binomoofficial.com *.binomo.com wss://as.binomoofficial.com:* wss://as.binomo.com:* wss://ws.binomoofficial.com:* wss://ws.binomo.com:* s.yimg.com; font-src data: 'self' *.zopim.com themes.googleusercontent.com *.binomoofficial.com *.binomo.com; img-src * data:; media-src 'self' *.binomoofficial.com *.binomo.com; script-src 'self' *.hotjar.io *.hotjar.com www.redditstatic.com *.googleoptimize.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co *.adroll.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com www.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomoofficial.com *.binomo.com; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.binomoofficial.com *.binomo.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com ajax.googleapis.com cdn.jsdelivr.net www.google-analytics.com platform.twitter.com platform.instagram.com syndication.twitter.com player.ooyala.com linkhelp.clients.google.com cdn.syndication.twimg.com js.gleam.io www.instagram.com www.recaptcha.net connect.facebook.net ; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com platform.twitter.com ajax.googleapis.com cdn.jsdelivr.net ; img-src * data:; media-src *; child-src 'self' www.google.com www.twitch.tv player.twitch.tv clips.twitch.tv www.youtube.com player.ooyala.com giphy.com plays.tv *.twitter.com www.instagram.com gleam.io viewer.autodesk.com open.spotify.com www.facebook.com ; frame-ancestors 'self'; font-src fonts.googleapis.com fonts.gstatic.com; connect-src 'self' tl.net; block-all-mixed-content; 2
default-src * 'unsafe-inline' 'unsafe-eval' data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: https://www.youtube.com/ static.issuu.com e.issuu.com docs.google.com www.google-analytics.com fonts.googleapis.com *.disquscdn.com www.votervoice.net www.googletagmanager.com ims.informz.net connect.facebook.net www.google.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://pbs.twimg.com platform.twitter.com www.facebook.com staticxx.facebook.com disqus.com fonts.gstatic.com stats.g.doubleclick.net referrer.disqus.com https://services.texmed.org/45/Tma.CspReportApi/api/csp *.blubrry.com *.feathr.co servedbyadbutler.com *.fontawesome.com *.vimeo.com p2a.co *.jotform.com *.sharethis.com *.cognitoforms.com https://cognitoforms.com/ *.blogspot.com; 2
unsafe-inline 2
frame-src https://secure.livechatinc.com/ https://metroonlinepk.firebaseapp.com/ https://metro-online-web.firebaseapp.com/ https://app.adfilius.com/ https://bid.g.doubleclick.net/ 2
default-src 'self' https://*.google-analytics.com https; script-src 'self' 'unsafe-inline' 'unsafe-eval' https https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://js-agent.newrelic.com/nr-1071.min.js https://bam.nr-data.net; object-src 'none'; style-src 'self' 'unsafe-inline' https; img-src 'self' 'unsafe-inline' https data: https://*.google-analytics.com https://stats.g.doubleclick.net ; frame-src 'self' https://player.vimeo.com https://*.davispolk.com https://html5-player.libsyn.com/ https://api-6fc85ce3.duosecurity.com/ https://cdn.yoshki.com/iframe/ https://www.youtube.com; report-uri /report-csp-violation 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 2
frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2
default-src 'self'; frame-ancestors 'self'; sandbox allow-same-origin; reflected-xss block; referrer no-referrer-when-downgrade 2
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-b771a836-adf0-4ced-ad6b-86fabd860f1a'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-b771a836-adf0-4ced-ad6b-86fabd860f1a'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi; form-action 'self' 2
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * data: blob: 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://ssl.google-analytics.com https://www.google-analytics.com https://yui-s.yahooapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://vms.boldchat.com https://vmss.boldchat.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://www.googleadservices.com https://static.hotjar.com https://www.googletagmanager.com https://script.hotjar.com https://code.jquery.com https://maps.googleapis.com https://livechat.boldchat.com https://platform-api.sharethis.com https://*.sharethis.com https://connect.facebook.net https://ajax.googleapis.com https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://graph.facebook.com https://api-public.addthis.com https://widgets.pinterest.com https://widgets.pinterest.com https://assets.pinterest.com https://edge.addthis.com; img-src * 'self' data: https://ssl.google-analytics.com https://www.google-analytics.com https://yui-s.yahooapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://vms.boldchat.com https://vmss.boldchat.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://www.googleadservices.com https://static.hotjar.com https://www.googletagmanager.com https://script.hotjar.com https://code.jquery.com https://maps.googleapis.com https://livechat.boldchat.com https://platform-api.sharethis.com https://*.sharethis.com https://connect.facebook.net https://ajax.googleapis.com https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://graph.facebook.com https://api-public.addthis.com https://widgets.pinterest.com https://widgets.pinterest.com https://assets.pinterest.com https://edge.addthis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://cbi.boldchat.com https://cdnjs.cloudflare.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://use.fontawesome.com; font-src 'self'  data: https://netdna.bootstrapcdn.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://use.fontawesome.com https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://www.youtube.com https://*.fls.doubleclick.net https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://googleads.g.doubleclick.net https://vars.hotjar.com https://livechat.boldchat.com https://c.sharethis.mgr.consensu.org https://www.facebook.com https://s7.addthis.com https://assets.pinterest.com https://edge.addthis.com; connect-src 'self' data: wss: https://www.google-analytics.com https://*.carlsoncraft.com https://*.theoccasionsgroup.com https://vms.boldchat.com http://blog.carlsoncraft.com https://in.hotjar.com https://vc.hotjar.io https://*.sharethis.com https://m.addthis.com https://www.facebook.com https://graph.facebook.com https://maps.googleapis.com https://visitor-services.boldchat.com; 2
default-src 'self' 'unsafe-eval' https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi blob:; connect-src 'self' https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https:; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; form-action *; frame-ancestors 'self' https://heatmap.it/; upgrade-insecure-requests; base-uri 'self'; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ;  2
frame-ancestors 'self' https://www.kabeldeutschland.de https://www.vodafone.de https://kabel.vodafone.de https://gigakombi.vodafone.de 2
connect-src 'self' disqus.com *.disqus.com *.disquscdn *.addthis.com *.gstatic.com *.googlesyndication.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://cdn.sendpulse.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.sendpulse.com https://fonts.googleapis.com https://platform.twitter.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com; 2
media-src * 2
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 2
default-src 'self'; connect-src 'self' *; font-src 'self' data: fonts.googleapis.com *.fonts.googleapis.com *.gstatic.com *.tagmanager.google.com tagmanager.google.com *.paypalobjects.com *.cloudfront.net; img-src 'self' data: *; object-src jsctool.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; media-src 'self' *.youtube.de *.youtube-nocookie.com *.youtube.com *.youtu.be; frame-src 'self' *.adup-tech.com adup-tech.com *.youtube.de youtube.de *.youtube-nocookie.com *.youtube.com youtube.com *.youtu.be youtu.be *.herma.de *.umfragen-einfach.de *.test.umfragen-einfach.de umfragen-einfach.de *.doubleclick.net *.criteo.com *.webmasterplan.com *.paypal.com paypal.com *.paypal.de paypal.de uc8.tv *.uc8.tv; manifest-src 'self'; upgrade-insecure-requests 2
style-src 'unsafe-inline' data: *; img-src 'unsafe-inline' data: *; report-uri /report-csp-violation 2
frame-ancestors 'self' homedna.com *.homedna.com 2
frame-ancestors 'self' http://*.vseigru.net http://vseigru.net 2
default-src *; style-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/Swiper/ 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://pininfarina.altamiraweb.com/ https://maps.googleapis.com/ https://pi.pardot.com/ https://www.youtube.com/ https://s.ytimg.com/ 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://americannational.com https://*.assistant.watson.appdomain.cloud https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
frame-ancestors 'self' covid-check.generali.de 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
frame-ancestors 'self' https://tektronix.lookbookhq.com https://buzz.tek.com 2
frame-ancestors 'self' 'unsafe-inline' 2
form-action https:; upgrade-insecure-requests 2
default-src: https: 2
frame-ancestors 'self' http://www.omo.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
frame-ancestors 'self' *.career-inspiration.com *.pathmotion.com *.talent-soft.com; 2
default-src 'self';script-src 'self' 'unsafe-inline' https://young.scot https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com http://www.googleadservices.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.co.uk https://googleads.g.doubleclick.net https://www.google.com https://*.vo.msecnd.net https://www.instagram.com http://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.tiktok.com https://s16.tiktokcdn.com;style-src 'self' 'unsafe-inline' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net https://platform.twitter.com https://s16.tiktokcdn.com;img-src 'self' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://*.cdninstagram.com http://*.cdninstagram.com https://*.twitter.com https://*.twimg.com https://sf-tb-sg.ibytedtos.com data:;media-src 'self' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com;font-src 'self' https://young.scot https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://s16.tiktokcdn.com;connect-src 'self' https://dc.services.visualstudio.com https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://sf-hs-sg.ibytedtos.com;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.playbuzz.com http://*.playbuzz.com https://www.surveygizmo.eu http://cdn.thinglink.me https://www.thinglink.com https://www.google.com https://www.instagram.com http://www.instagram.com https://*.twitter.com https://prezi.com https://soundcloud.com https://w.soundcloud.com https://open.spotify.com https://www.tiktok.com https://www.facebook.com;report-uri https://stormid.report-uri.com/r/d/csp/enforce 2
script-src 'self' data: https://optimize.google.com http://100012771.collect.igodigital.com/ https://dc.ads.linkedin.com/ https://www.linkedin.com/ https://analytics.twitter.com/ https://px.ads.linkedin.com/ https://script.hotjar.com https://sjs.bizographics.com https://static.hotjar.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://connect.facebook.net https://bat.bing.com https://collector-1623.tvsquared.com https://s.ytimg.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://apis.google.com https://ajax.googleapis.com https://dl.episerver.net https://platform.twitter.com https://tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://plusone.google.com https://facebook.com https://platform.twitter.com https://www.googletagmanager.com https://tagmanager.google.com; frame-src 'self' https://www.youtube.com https://vars.hotjar.com/ https://www.facebook.com/ https://optimize.google.com 2
frame-ancestors 'self' https://us-sunset-public.prd.invesco.net; 2
frame-ancestors 'self' https://www.hvfcuonline.org 2
default-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com liberapay.com data: 2
script-src 'self' assets.adobedtm.com https://www.gstatic.com/recaptcha/api2* *.adform.net *.cognizant.com www.cognizant.com.au insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net consent.truste.com api.demandbase.com assets.adobedtm.com stats.g.doubleclick.net www.googleadservices.com cm.g.doubleclick.net dpm.demdex.net snap.licdn.com global.cognizant.com px.ads.linkedin.com trackcmp.net amplify.outbrain.com 2899686.fls.doubleclick.net api.company-target.com d.company-target.com segments.company-target.com pixel.advertising.com s.ytimg.com www.linkedin.com *.doubleclick.net match.adsrvr.org  fonts.gstatic.com msdn.microsoft.com ajax.googleapis.com api.soundcloud.com cdnjs.cloudflare.com *.AKAMAIHD.NET *.akamai.edgekey.net public.inpwrd.com consent.trustarc.com *.cognizant.co.jp  cognizant.co.jp www.gstatic.com www.google.com in.taskanalytics.com v2.listenloop.com web-analytics.engagio.com api.company-target.com dn1f1hmdujj40.cloudfront.net digitally.cognizant.com t.contentsquare.net code.jquery.com app.hubspot.com js.hsleadflows.net js.usemessages.com js.hs-analytics.net bat.bing.com go.pardot.com t.contentsquare.net c.contentsquare.net l.contentsquare.net *.contentsquare.net s.yimg.com sp.analytics.yahoo.com j.6sc.co webapi.amap.com vdata.amap.com restapi.amap.com mapclick.amap.com *.turtl.co s.go-mpulse.net t.contentsquare.net/uxa/* pixel.sitescout.com app.contentsquare.com t.contentsquare.net.*  'unsafe-inline' 'unsafe-eval' data: blob: 2
report-uri 'self' 2
frame-ancestors 'self' indianpornvideos.vip indianpornvideos2.com www.indianpornvideos2.com www.indianpornvideos.vip; 2
script-src 'self' https: 'unsafe-eval' 2
default-src 'self'; object-src 'self' blob:; style-src * 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' acsbap.com *.paypal.com *.facebook.com *.facebook.net *.criteo.net *.criteo.com *.doubleclick.net *.twitter.com *.ads-twitter.com *.trackedlink.net *.cloudfront.net *.xg4ken.com *.bing.com *.getcandid.com *.pinterest.com *.amazonaws.com *.googletagmanager.com tagmanager.google.com *.shopbot.ca *.pinimg.com *.pinterest.com *.youtube.com *.adnxs.com *.yimg.com *.ytimg.com *.hotjar.com *.amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.adroll.com *.jsdelivr.net *.typekit.net *.adsrvr.org *.rubiconproject.com *.casalemedia.com *.openx.net *.pubmatic.com *.richemontpartners.com *.kaptcha.com *.impactradius-event.com *.rolex.com *.flexiti.fi *.smaato.net *.sharethrough.com chimpstatic.com *.braintreegateway.com tools-cartier.ctxprod1.com maisonbirks-cartier.ctxprod1.com *.breitling.com *.jquery.com *.vimeocdn.com *.google.com *.gstatic.com *.tudorwatch.com ajax.cloudflare.com odcc2.bell.ca z.moatads.com *.krxd.net; font-src 'self' data: *.gstatic.com maxcdn.bootstrapcdn.com maps.googleapis.com; img-src * data:; frame-src 'self' acsbap.com *.paypal.com *.facebook.com *.facebook.net *.criteo.net *.criteo.com *.doubleclick.net *.twitter.com *.ads-twitter.com *.trackedlink.net *.cloudfront.net *.xg4ken.com *.bing.com *.getcandid.com *.pinterest.com *.amazonaws.com *.googletagmanager.com tagmanager.google.com *.shopbot.ca *.pinimg.com *.pinterest.com *.youtube.com *.adnxs.com *.yimg.com *.ytimg.com *.hotjar.com *.amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.adroll.com *.jsdelivr.net *.typekit.net *.adsrvr.org *.rubiconproject.com *.casalemedia.com *.openx.net *.pubmatic.com *.richemontpartners.com *.moneris.com birksgroup.pxf.io *.flexiti.fi *.smaato.net *.sharethrough.com *.vimeo.com *.braintreegateway.com tools-cartier.ctxprod1.com maisonbirks-cartier.ctxprod1.com *.rolex.com *.breitling.com *.tudorwatch.com *.patek.com *.google.com odcc2.bell.ca *.krxd.net; connect-src *; media-src 'none'; report-uri /csp-violation.php; 2
frame-ancestors https://planet-imex.co.uk/ https://planet-imex.com/ https://planetimex.co.uk/ https://planetimex.com/ https://www.imexexhibitions.com/ https://www.imex-frankfurt.com/ https://de.imex-frankfurt.com/ https://www.imexamerica.com/ https://www.stage.imex.cti.digital/ http://america.stage.imex.cti.digital/ http://frankfurt.stage.imex.cti.digital/ http://de-frankfurt.stage.imex.cti.digital/ https://www.reactive.imex.cti.digital/ https://frankfurt.reactive.imex.cti.digital/ https://de-frankfurt.reactive.imex.cti.digital/ https://america.reactive.imex.cti.digital/ https://www.qa.imex.cti.digital/ http://america.qa.imex.cti.digital/ http://frankfurt.qa.imex.cti.digital/ http://de-frankfurt.qa.imex.cti.digital/ https://www.imex.ctidev/ https://frankfurt.imex.ctidev/ https://de.frankfurt.imex.ctidev/ https://america.imex.ctidev/; 2
default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com; child-src 'self' data: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.efix.local; report-uri https://content.webapi-services.net/csp-reports; 2
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src 'self' https://submit.jotform.com/ https://form.jotform.com/ https://www.youtube.com/ https://lpcdn.lpsnmedia.net/ https://sy.msg.liveperson.net/ https://sy.idp.liveperson.net/ https://www.facebook.com/ https://m.facebook.com/ https://omny.fm/ https://cdn.flipsnack.com/ https://player.vimeo.com/ https://roller.app/ ; connect-src 'self' https://weather-ydn-yql.media.yahoo.com wss://sy.msg.liveperson.net/ws_api/account/1987918/messaging/consumer; media-src 'self' https://lpcdn.lpsnmedia.net/; 2
frame-ancestors 'self' http://zpe20virtual.expo-ip.com/ 2
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.t-systems-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net; connect-src 'self' https: *.t-systems-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 2
default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; 2
frame-ancestors 'self' app.vwo.com subs09.app.clicktale.com dev.renovateamerica.com qa.renovateamerica.com stage.renovateamerica.com authoring.renovateamerica.com www.renovateamerica.com training.renovateamerica.com go.renovateamerica.com go.pardot.com apply.renovateamerica.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *;        script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'        'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'         'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'         'unsafe-inline' 'unsafe-eval'; font-src 'self'                                                          'unsafe-inline' 'unsafe-eval' 2
style-src 'self' 'unsafe-inline' *.wales.ac.uk 2
script-src 'self' data: da.beethoven.de ajax.googleapis.com www.google.com www.gstatic.com 'unsafe-eval' 'unsafe-inline' www.google-analytics.com *.google.com www.googleadservices.com www.googletagmanager.com code.jquery.com *.twitter.com cdn.syndication.twimg.com; img-src 'self' *.ggpht.com *.googleusercontent.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com *.google.com data: 'unsafe-inline' *.twitter.com *.twimg.com; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com maps.google.de www.youtube.com da.beethoven.de *.appspot.com katalog.beethoven.de *.twitter.com panorama.beethoven.de data: *.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twitter.com *.twimg.com *.google.com; media-src 'self' internet.beethoven.de; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 2
default-src 'self' vk.com yastatic.net *.yandex.md *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com top-fwz1.mail.ru *.facebook.net *.facebook.com client.taxsee.com taximaximblog.disqus.com *.taxsee.ru 'unsafe-inline' 'unsafe-eval' data: blob:; block-all-mixed-content; upgrade-insecure-requests 2
manifest-src 'self' https://*.ng-source.com 2
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 2
base-uri 'self' 123456789; connect-src 'self' www.sd.be http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://sdworx.breezy.hr https://*.events.ubembed.com https://*.botframework.com https://*.cleverpush.com https://server.smartsupp.com wss://server.smartsupp.com wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://ldynamicspublicapi.leadforensics.com; default-src 'self'; font-src https: data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org; frame-src https: https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.sdworx.at https://www.sdworx.be https://www.sdworx.ch https://www.sdworx.fr https://www.sdworx.de https://www.sdworx.lu https://www.sdworx.nl https://www.sdworx.co.uk; img-src https: data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org cdn.cookielaw.org; media-src 'self' https://smartsupp-widget-161959.c.cdn77.org/ https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org; script-src 'unsafe-eval' 'unsafe-inline' https: data: requirejs.org http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.smartsuppchat.com https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org cdn.cookielaw.org; style-src https: 'unsafe-inline' https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org; worker-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.twitter.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://static.zdassets.com https://static.ads-twitter.com; img-src * data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src https://contactnash.zendesk.com https://www.youtube.com; connect-src 'self' https://d2044444.sibforms.com https://www.google-analytics.com https://ekr.zdassets.com https://contactnash.zendesk.com wss://widget-mediator.zopim.com https://nashproxy.dev.nash.io; object-src 'none'; media-src 'self' https://static.zdassets.com; 2
default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 2
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src * data: * blob:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com blob: data:; 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com pwna4hope.org; report-uri http://www.nativepartnership.org/site/XFrameViolation 2
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' https://sgl-live01.mcon-group.com https://logon.sglcarbon.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.cbbd.be www.stripmuseum.be www.comicscenter.net csi.gstatic.com ssl.google-analytics.com code.jquery.com ajax.googleapis.com img.youtube.com www.youtube.com api-public.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com www.google-analytics.com maps.googleapis.com www.google.com reservation.elloha.com 2
frame-ancestors *.bellmts.ca http://*.mts.ca https://*.mts.ca http://mts.yellowpages.ca http://mts.canada411.ca https://icmanitoba.com https://login.stingray.com https://webplayer.stingray.com; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com apollo.mydomaine.com apollo.local.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 2
frame-ancestors 'self' psa.digitalinsight.com; 2
default-src 'self' ; connect-src 'self' https://www.google-analytics.com https://api.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://talentforjobs.com https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://authedmine.com https://ssl.google-analytics.com https://ajax.cloudflare.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com;img-src 'self' https://talentforjobs.com https://curatorio.s3.amazonaws.com https://*.uecdn.es https://www.google.com https://www.instagram.com https://*.curator.io https://www.googletagmanager.com https://www.auchan-retail.com http://pbs.twimg.com https://pbs.twimg.com https://image-store.slidesharecdn.com https://i.ytimg.com https://*.licdn.com https://*.ggpht.com https://*.fbcdn.net https://*.twimg.com https://*.cdninstagram.com https://*.googleusercontent.com https://secure.gravatar.com https://ps.w.org https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://secure.gravatar.com https://ssl.google-analytics.com data:;style-src 'self' 'unsafe-inline' data: https://talentforjobs.com https://cdn.curator.io https://www.auchan-retail.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.curator.io https://www.auchan-retail.com https://themes.googleusercontent.com https://fonts.gstatic.com data:; child-src https://talentforjobs.com https://www.auchan-retail.com https://www.youtube.com https://indd.adobe.com https://player.vimeo.com https://www.youtu.be; media-src 'self' https://www.instagram.com https://dms.licdn.com https://www.youtu.be https://www.youtube.com https://www.auchan-retail.com https://www.youtube.com https://video.twimg.com https://*.cdninstagram.com; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; 2
frame-ancestors https://www.usgacardshop.com http://www.usgacardshop.com http://www.123print.com http://www.brookhollowcards.com http://www.cardsdirect.com https://www.123print.com https://www.brookhollowcards.com https://www.cardsdirect.com http://*.cardsdirect.com https://*.123print.com http://*.123print.com https://*.brookhollowcards.com http://*.brookhollowcards.com; 2
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.youtube.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.greenwichcompliance.com; 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' 2
frame-src 'self' https://intranet.m800.com https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com 2
frame-ancestors 'self' *.authorize.net 2
policy-uri /'none' 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: blob: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net blob: 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src 'none'; script-src 'self' 'unsafe-eval' cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com *.algolia.net *.algolianet.com mc.yandex.ru; style-src 'self' 'unsafe-inline'; img-src 'self' blog-images.clickhouse.tech data: mc.yandex.ru; connect-src 'self' mc.yandex.ru cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru www.youtube.com datalens.yandex; font-src 'self' data:; base-uri 'none'; form-action 'self'; frame-ancestors webvisor.com metrika.yandex.ru; prefetch-src 'self' 2
frame-ancestors 'self' *.knak.com; 2
default-src * 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:*  *.bootstrapcdn.com:*  *.gstatic.com:* http://*:*; style-src 'self' 'unsafe-inline' *.google.com:*  *.bootstrapcdn.com:* ; img-src data: blob: 'self' *.google.com:*  *.bootstrapcdn.com:* http://*:*; connect-src 'self' http://*:* ws://localhost:*; child-src 'self' *.google.com:*  *.bootstrapcdn.com:*   *.gstatic.com:*; frame-src 'self' *.google.com:*  *.bootstrapcdn.com:*   *.gstatic.com:*; frame-ancestors 'self' *.google.com:*  *.bootstrapcdn.com:*  *.gstatic.com:*; reflected-xss filter; referrer no-referrer-when-downgrade;  2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com *.republer.com 2
frame-ancestors 'self' * 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com *.google.com *.bing.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net  *.kissmetrics.com *.googlesyndication.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com *.renewedvision.com *.livechatinc.com *.livechat.com livechat.com *.stackadapt.com *.srv.stackadapt.com; 
	script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.googlesyndication.com *; 
	img-src 'unsafe-inline' 'unsafe-eval' data: *; 
	frame-src 'unsafe-inline' 'unsafe-eval' data:  *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net  *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 2
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.youtube.com *.googleapis.com *.googletagmanager.com *.sharethis.com *.eyereturn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.facebook.net *.licdn.com *.ads.linkedin.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com *.fontawesome.com *.myfonts.net; font-src 'self' *.gstatic.com *.fontawesome.com *.myfonts.net data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.ca *.eyereturn.com *.g.doubleclick.net *.adsrvr.org *.facebook.com *.pubmatic.com *.casalemedia.com *.search.spotxchange.com *.eyedemand.com *.sharethis.com; frame-src 'self' localhost:* *.google.com *.doubleclick.net *.youtube.com go.loyalty.com *.sharethis.com c.sharethis.mgr.consensu.org *.facebook.com; connect-src 'self' *.sharethis.com; 2
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 2
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 2
default-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.google.com.ua *.google.com.hk *.jivosite.com *.witget.com *.mebelion.ru *.yandex.ru *.yandex.net *.googleusercontent.com *.googleapis.com *.gstatic.com yandex.ru; connect-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.cackle.me media.cackle.me *.plerdy.com plerdy.com *.popmechanic.ru sentry.popmechanic.ru *.google.com.ua *.google.com.hk api.mindbox.ru mindbox.ru *.mindbox.ru tracker.esputnik.com whitesaas.com chat.envybox.io wss://*.firebaseio.com *.firebaseio.com prodalet.ru mebelion.push4site.com push4site.com api.push.world *.onesignal.com onesignal.com *.antisov.ru *.mebelion.ru vk.com aprtx.com *.jivosite.com wss://*.jivosite.com *.witget.com wss://*.cackle.me yandex.ru *.yandex.ru *.yandex.net *.google.ru *.google.com *.googleusercontent.com *.google-analytics.com *.mail.ru *.selcdn.ru *.enkod.ru tracker.enkod.ru chat.callbackkiller.com code.jivosite.com ws://*.jivosite.com api.jivosite.com web.popmechanic.ru rupertino.ru *.kealabs.com kealabs.com ; script-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.plerdy.com plerdy.com *.google.com.ua *.google.com.hk api.mindbox.ru mindbox.ru *.mindbox.ru esputnik.com *.esputnik.com *.ytthn.com ytthn.com *.pwieu.com pwieu.com *.firebaseio.com envybox-1e1bf.firebaseio.com cdnjs.cloudflare.com *.sendpulse.com static-login.sendpulse.com *.adriver.ru tags.soloway.ru *.me-talk.ru zcdn.ru analytics.prodalet.ru prodalet.ru mebelion.push4site.com push4site.com mebelionru.push.world *.aprtn.com aprtn.com *.onesignal.com onesignal.com *.antisov.ru retagro.com aprtx.com *.aprtx.com *.artfut.com apypp.com vk.com *.jivosite.com cackle.me *.cackle.me *.witget.com yandex.ru *.yandex.ru *.yandex.by yandex.st *.ytimg.com *.mail.ru *.inettorg.ru *.doubleclick.net *.yandex.net yastatic.net *.google.ru *.google-analytics.com *.googleapis.com *.google.com *.googleusercontent.com *.googletagmanager.com *.googleadservices.com *.adv-cake.ru *.asbmit.com *.admitad.com lenkmio.com pafutos.com *.bamitdo.com *.dumedia.ru sas-pro.ru *.gdeslon.ru gdeslon.ru *.criteo.com *.criteo.net x.cnt.my *.lenmit.com code.jquery.com *.selcdn.ru *.enkod.ru tracker.enkod.ru cdn.envybox.io *.envybox.io cdn.saas-support.com cdn.callbackkiller.com whitesaas.com rbnt.org sas-pro.ru ixseptor.ru statistik1.ru qoopler.ru apypx.com statad.ru x01.aidata.io callbackhunter.com callbaska.ru my.callbaska.ru perezvoni.com yadro.ro statik-us.info *.jivosite.com static.popmechanic.ru x.cnt.my advergine.ru *.facebook.net *.boxberry.ru *.boxberry.de *.kealabs.com kealabs.com rupertino.ru data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.popmechanic.ru static.popmechanic.ru *.google.com.ua *.google.com.hk static-login.sendpulse.com prodalet.ru push4site.com *.onesignal.com onesignal.com *.jivosite.com *.witget.com cackle.me *.cackle.me *.mebelion.ru yandex.ru *.yandex.ru *.yandex.net *.ytimg.com *.google.com *.google.ru *.googleusercontent.com *.googleapis.com *.opera-mini.net cdn.envybox.io cdn.saas-support.com cdn.callbackkiller.com *.jivosite.com *.boxberry.de rupertino.ru *.kealabs.com kealabs.com 'unsafe-inline'; img-src 'self' *.facebook.com *.enkod-a.akamaihd.net enkod-a.akamaihd.net cdn.enkod.ru *.mebelion.me mebelion.me i.pinimg.com *.popmechanic.ru popmechanic-media.popmechanic.ru storage.yandexcloud.net static.popmechanic.ru media.popmechanic.io *.google.com.ua *.google.com.hk whitesaas.com saas-support.com static-login.sendpulse.com analytics.prodalet.ru prodalet.ru push4site.com *.onesignal.com onesignal.com artfut.com *.artfut.com apypp.com *.jivosite.com *.witget.com gravatar.com i1.wp.com cackle.me *.cackle.me *.mebelion.ru photo.mebelion.ru yandex.ru *.yandex.ru yandex.st *.yandex.net *.maps.yandex.net yastatic.net *.mail.ru *.inettorg.ru *.google.ru *.google.by *.google.nl *.google.kz *.google.lv *.google.cz *.google.de *.google.com *.google.com.ua *.google-analytics.com *.googleapis.com *.yadro.ru *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.doubleclick.net *.ytimg.com *.asbmit.com *.admitad.com lenkmio.com pafutos.com *.bamitdo.com sas-pro.ru cityadspix.com vk.com *.facebook.com *.adv-cake.ru *.criteo.com *.criteo.net *.envybox.io cdn.saas-support.com cdn.callbackkiller.com ps.ntvk1.ru rbnt.org my.rtmark.net apypx.com statad.ru *.amazonaws.com web.popmechanic.ru static.popmechanic.ru x.cnt.my advergine.ru  *.boxberry.de rupertino.ru statistik1.ru apypp.com data:; font-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.popmechanic.ru static.popmechanic.ru media.popmechanic.io  *.bootstrapcdn.com prodalet.ru *.jivosite.com *.witget.com *.mebelion.ru cdn.saas-support.com fonts.gstatic.com data: ; media-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me cdn.saas-support.com *.envybox.io *.jivosite.com *.witget.com *.mebelion.ru  cdn.jivosite.com;frame-src 'self' *.facebook.com cdn.enkod.ru *.mebelion.me mebelion.me *.google.com.ua *.google.com.hk *.firebaseio.com *.adriver.ru *.me-talk.ru mebelionru.push.world events.sendpulse.com *.onesignal.com onesignal.com *.jivosite.com *.witget.com cackle.me sovest.ru *.cackle.me *.mebelion.ru yandex.ru *.yandex.ru *.youtube.com yastatic.net *.yandex.net *.googleusercontent.com *.google.com *.google.ru *.google.by *.google.de *.google.cz *.doubleclick.net *.criteo.com *.criteo.net *.asbmit.com *.admitad.com lenkmio.com pafutos.com *.bamitdo.com rbnt.org www.facebook.com rupertino.ru *.boxberry.de; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org; script-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.livehelpnow.net lptag.liveperson.net public.tableau.com *.tableau.com *.tableausoftware.com googleads.g.doubleclick.net *.googleadservices.com www.googleadservices.com connect.facebook.net *.google.com *.juicer.io chooserestaurants.org *.chooserestaurants.org maxcdn.bootstrapcdn.com cdnjs.cloudflare.com use.fontawesome.com maps.googleapis.com munchkin.marketo.net impactapi.causeview.com ; style-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org 'unsafe-inline' *.googleapis.com *.juicer.io chooserestaurants.org *.chooserestaurants.org maxcdn.bootstrapcdn.com use.fontawesome.com impactapi.causeview.com; font-src 'self' *.servsafe.com chooserestaurants.org *.chooserestaurants.org fonts.gstatic.com *.juicer.io maxcdn.bootstrapcdn.com use.fontawesome.com impactapi.causeview.com; img-src 'self' data: *.servsafe.com chooserestaurants.org *.chooserestaurants.org *.juicer.io *.google.com www.livehelpnow.net cdn.livehelpnow.net www.google-analytics.com *.doubleclick.net *.google.com www.textbooks.restaurant.org flex.msn.com www.googleadservices.com i.imgur.com *.xx.fbcdn.net scontent.cdninstagram.com placehold.it live.staticflickr.com; connect-src 'self' *.servsafe.com www.juicer.io graph.facebook.com *.mktoresp.com impactapi.causeview.com; frame-ancestors 'self' *.servsafe.com *.discoverlink.com; object-src 'self' *.servsafe.com; frame-src 'self' *.servsafe.com bid.g.doubleclick.net *.discoverlink.com *.google.com www.youtube.com *.instagram.com cdn.flipsnack.com *.jotform.com; child-src 'self' *.servsafe.com bid.g.doubleclick.net 2
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 2
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 2
default-src 'self' static.mycity.travel static.j3l.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 2
default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com; img-src 'self' data: adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net; font-src 'self' data: fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' iscan: data: *.sysnetgs.com *.vimeo.com *.boldchat.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rta.ae *.salik.gov.ae *.salik.ae *.readspeaker.com/ *.google-analytics.com *.botframework.com/ wss://directline.botframework.com *.dubai.gov.ae/ *.google.ae *.googleapis.com *.gstatic.com data: 2
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src 'self' data: *; 2
script-src 'self' 'unsafe-inline' *.ellaskitchen.co.uk *.googletagmanager.com tagmanager.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.fls.doubleclick.net *.youtube.com s.ytimg.com *.livechatinc.com *.zendesk.com *.facebook.net sc-static.net data:; img-src 'self' www.google.com www.google.co.uk *.google-analytics.com *.gstatic.com *.googleusercontent.com stats.g.doubleclick.net *.facebook.com s-static.ak.facebook.com *.zendesk.com *.livechatinc.com *.livechat-static.com tr.snapchat.com *.prismic.io cdn.shopify.com data:; media-src 'self' *.livechatinc.com; object-src 'none'; default-src 'self'; font-src 'self' *.ellaskitchen.co.uk *.livechatinc.com *.livechat-static.com themes.googleusercontent.com; frame-src *.ellaskitchen.co.uk *.livechatinc.com *.youtube.com *.zendesk.com *.facebook.com s-static.ak.facebook.com www.google.com *.fls.doubleclick.net tr.snapchat.com; style-src 'self' 'unsafe-inline' tagmanager.google.com *.googleapis.com *.zendesk.com 2
frame-ancestors 'self';form-action 'self' https://www.paypal.com/cgi-bin/webscr https://gateway.payulatam.com/ppp-web-gateway/ https://*.coinbase.com https://www.mercadopago.com.co https://www.coinpayments.net/index.php;img-src 'self' 'unsafe-inline' https://promillsa.com https://chart.googleapis.com/;connect-src 'self' 'unsafe-inline' wss://ws-us2.pusher.com https://*.pusher.com https://api.ipify.org/ *.epayco.co wss://ws.blockchain.info/inv;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://conektaapi.s3.amazonaws.com/v0.3.2/js/conekta.js www.google.com www.gstatic.com *.pusher.com https://checkout.epayco.co/checkout.js;default-src 'none'; base-uri 'none';form-action 'none';frame-src 'self' 'unsafe-inline' https://www.google.com https://www.youtube.com *.epayco.co https://www.mercadopago.com.co https://softwaremillenium.com;object-src 'self' 2
base-uri ' ' 2
frame-ancestors 'self' *.wildberries.kg 2
script-src 'self' https://maps.googleapis.com https://www.google.com 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://pagead2.googlesyndication.com https://adservice.google.es https://adservice.google.com https://www.googletagservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.netdna-ssl.com *.google-analytics.com app.quotemedia.com oss.maxcdn.com rangeme-production-environment.s3-ap-southeast-2.amazonaws.com *.pcdn.co;font-src 'self' *.netdna-ssl.com fonts.gstatic.com *.pcdn.co;img-src 'self' data: *.netdna-ssl.com *.google-analytics.com *.googleapis.com *.glensmarkets-email.com app.quotemedia.com secure.gravatar.com s3-ap-southeast-2.amazonaws.com *.pcdn.co;style-src 'self' 'unsafe-inline' *.netdna-ssl.com *.googleapis.com *.pcdn.co;frame-src 'self' *.netdna-ssl.com *.youtube.com *.calameo.com *.pcdn.co;connect-src 'self' *.netdna-ssl.com query.yahooapis.com *.pcdn.co;object-src 'self' *.netdna-ssl.com *.pcdn.co;media-src 'self' *.netdna-ssl.com *.pcdn.co; 2
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 2
default-src 'self'; connect-src 'self' wss: anvil.opentok.com api-enterprise.opentok.com api-standard.opentok.com config.opentok.com hlg.tokbox.com mantis005-pdx.tokbox.com mantis014-pdx.tokbox.com; font-src 'self' orbisv4head.blob.core.windows.net fonts.gstatic.com; frame-src 'self' s7.addthis.com static.addtoany.com www.google.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: orbisv4head.blob.core.windows.net s3-us-west-2.amazonaws.com maps.googleapis.com maps.gstatic.com; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' orbisv4head.blob.core.windows.net m.addthis.com maps.googleapis.com s.ytimg.com s7.addthis.com static.addtoany.com v1.addthisedge.com www.google.com www.gstatic.com www.youtube.com; style-src 'self' 'unsafe-inline' orbisv4head.blob.core.windows.net fonts.googleapis.com static.addtoany.com; worker-src 'self' blob:; 2
font-src data: *.klaviyo.com *.gstatic.com *.trustedshops.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.de *.kmail-lists.com 'self' 'unsafe-inline'; frame-ancestors *.amazon.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.klaviyo.com *.jsctool.com *.stripe.com *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it *.google.com *.maxcluster.net *.payments-amazon.com *.amazon.de *.amazon.com *.hotjar.com *.mhdirekt.ladesk.com *.ladesk.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.pinterest.com *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it *.google.com *.google.at *.doubleclick.net *.googletagmanager.com *.trustedshops.com data: blob: *.klaviyo.com *.cloudfront.net *.lgw.io *.amazon.com *.ssl-images-amazon.com *.media-amazon.com *.facebook.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com *.pinimg.com *.googletagmanager.com *.klaviyo.com *.pinterest.com polyfill.io *.a.klaviyo.com *.payments-amazon.com *.ratepay.com *.stripe.com *.google.com *.trustedshops.com *.newrelic.com *.nr-data.net *.facebook.net *.hotjar.com *.doubleclick.net *.cloudflareinsights.com *.googleapis.com *.ladesk.com *.algolianet.com *.algolia.net js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klaviyo.com *.googleapis.com *.ratepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klaviyo.com *.pinterest.com *.amazon.com *.amazon.de *.amazon.fr *.amazon.it *.ratepay.com *.cookie-script.com *.google-analytics.com *.g.doubleclick.net *.trustedshops.com *.etrusted.com *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it *.hotjar.io *.nr-data.net *.facebook.com *.algolia.net *.algolianet.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src *.radbag.de *.radbag.at *.radbag.ch *.radbag.nl *.radbag.be *.radbag.dk *.cadeauxfolies.fr *.cadeauxfolies.ch *.cadeauxfolies.be *.troppotogo.it blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors www.youtube.com www.googletagmanager.com resursbank.se.localhost *.resursbank.se.localhost *.resursbank.se *.resursbank.no *.resursbank.fi *.resursbank.dk *.resurs.com resurs.mvp.24hr.se *.resurs.mvp.24hr.se preprod.signicat.com 2
base-uri 'self'; default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://adservice.google.com https://adservice.google.es https://adservice.google.fr https://www.googletagservices.com https://cse.google.com https://*.disqus.com https://*.facebook.net https://*.googlesyndication.com; img-src 'self' data: https://media.ustility.com https://www.google.com https://*.gstatic.com https://www.google-analytics.com https://*.googlesyndication.com https://img.youtube.com https://i.ytimg.com https://cdn.jsdelivr.net https://referrer.disqus.com https://c.disquscdn.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://c.disquscdn.com/; font-src 'self' data: https://cdn.jsdelivr.net; object-src 'none'; frame-src https: data:; script-src-elem 'unsafe-inline' https:; connect-src https://api.usitility.com https://*.googlesyndication.com https://*.gstatic.com https://www.google-analytics.com https://cse.google.com 2
default-src *; script-src 'self' http://www.google-analytics.com http://suggest.infospace.com http://api.autocompleteplus.com http://www.googletagservices.com http://d.yimg.com https://completr.appspot.com https://s.yimg.com http://js.wincyahoocontent.com ; frame-src  'self' http://*.yhs4.search.yahoo.com http://ad.adserver-pro.net https://s.yimg.com ; font-src 'none'; connect-src 'self'; media-src 'self'; object-src 'none'; style-src 'self'; 2
default-src * data: https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 2
frame-src https://www.facebook.com 2
default-src 'self' 'unsafe-inline'  'unsafe-eval' data: blob: tagmanager.google.com *.crazyegg.com *.baidu.com  *.typekit.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net *.amap.com *.youku.com *.amorepacificmall.com *.amorepacific.com 2
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://cvonline.lt https://www.cvonline.lt; 2
frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src www.gstatic.com translate.googleapis.com 'unsafe-inline' 'self'; script-src www.gstatic.com translate.google.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com 'sha256-NNiElek2Ktxo4OLn2zGTHHeUR6b91/P618EXWJXzl3s=' 'self'; img-src * data:; connect-src * data:; frame-src 'self' * 2
default-src 'self' *.kampyle.com *.medallia.com *.google-analytics.com *.gstatic.com ;               script-src 'self' *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.medallia.com *.kampyle.com *.googletagmanager.com  *.google-analytics.com  *.jquery.com *.marketo.net 'unsafe-inline' 'unsafe-eval';                script-src-elem 'self' *.bootstrapcdn.com *.googleapis.com *.gstatic.com  *.medallia.com *.kampyle.com *.googletagmanager.com  *.google-analytics.com  *.jquery.com *.marketo.net 'unsafe-inline' 'unsafe-eval';    connect-src 'self' *.kampyle.com *.medallia.com *.mktoresp.com;                object-src 'self' *.kampyle.com *.medallia.com;                style-src 'self' *.kampyle.com *.medallia.com *.gstatic.com   *.bootstrapcdn.com *.googleapis.com *.jquery.com 'unsafe-inline' 'unsafe-eval';                 font-src 'self' *.kampyle.com *.medallia.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com data:;                frame-src 'self' *.astfinancial.com *.exacttarget.com *.gstatic.com  *.googletagmanager.com *.kampyle.com *.medallia.com;            img-src 'self' *.gravatar.com *.kampyle.com  *.medallia.com *.umbraco.org *.google-analytics.com umbraco.tv *.googletagmanager.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' 'unsafe-inline' data:; img-src 'self' blob: data:; media-src 'self'; frame-src 'self' www.youtube.com; font-src 'self'; connect-src 'self' sentry.io 2
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 2
frame-src 'self' *.fundinfo.com secure.mari4norm.com edge-cdn.net; font-src 'self' *.bootstrapcdn.com *.gstatic.com data:; img-src * data: ; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fundinfo.com *.cloudflare.com tagmanager.google.com data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.lfeeder.com *.fundinfo.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.tinymce.com secure.mari4norm.com *.msecnd.net *.visualstudio.com tagmanager.google.com *.consensu.org *.quantserve.com *.quantcount.com; default-src 'self' *.fundinfo.com *.visualstudio.com *.consensu.org; base-uri 'self'; report-uri 'self'/error/csp 2
default-src 'self' blob:; script-src 'self' blob: https://d1g3mdmxf8zbo9.cloudfront.net/js/; object-src 'self' https://d1g3mdmxf8zbo9.cloudfront.net/images/; img-src 'self' data: https://d1g3mdmxf8zbo9.cloudfront.net/images/; frame-src https://d1g3mdmxf8zbo9.cloudfront.net/images/; style-src 'self' 'unsafe-inline' https://d1g3mdmxf8zbo9.cloudfront.net/css/; font-src 'self' data: https://d1g3mdmxf8zbo9.cloudfront.net/fonts/; worker-src blob:; media-src 'self' blob: about: https://media.luffy.cx/videos/ https://d1g3mdmxf8zbo9.cloudfront.net/images/; connect-src 'self' https://media.luffy.cx/videos/ https://comments.luffy.cx; base-uri 'none'; form-action https://duckduckgo.com; frame-ancestors 'none'; block-all-mixed-content; 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 2
upgrade-insecure-requests; default-src  'unsafe-inline' 'unsafe-eval' 'self' *.ria.ee www.google-analytics.com *.plumbr.io themes.googleusercontent.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com docs.google.com; img-src data: 'self' *.ria.ee www.google-analytics.com; 2
frame-ancestors 'self' *.optimizely.com 2
frame-src https:; report-uri /csp-violation-endpoint/ 2
default-src 'none'; frame-src https://www.youtube.com/; img-src 'self' data: https://track.hubspot.com https://forms.hsforms.com https://analytics.helio.app https://js.intercomcdn.com https://static.intercomassets.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-scripts.com https://analytics.helio.app https://static.cloudflareinsights.com https://ajax.cloudflare.com https://js.intercomcdn.com https://widget.intercom.io https://www.googletagmanager.com https://d20luy73ujukeu.cloudfront.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://analytics.helio.app; object-src 'none'; media-src 'self' https://js.intercomcdn.com https://d20luy73ujukeu.cloudfront.net; font-src 'self' data: https://js.intercomcdn.com; connect-src 'self' https://forms.hubspot.com https://analytics.helio.app https://www.google-analytics.com https://api-m.helio.app *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io 2
default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 2
manifest-src 'self' 2
default-src https://www.gmp.de; img-src 'self' data: https://matomo.gmp.de; connect-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline'; frame-src data: https://player.vimeo.com https://www.youtube.com https://www.google.com; script-src-elem data: https://ajax.googleapis.com 'self' 'unsafe-inline' https://matomo.gmp.de; 2
frame-ancestors www-preprod.vegatele.com cabinet.vegatele.com vega.ua my.vega.ua gigabit.vega.ua;
        script-src 'unsafe-eval' 'unsafe-inline' 'self' cdn.smile-soft.com static.hotjar.com script.hotjar.com vega.pbx.vega.ua connect.facebook.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com vega.phonet.com.ua optimize.google.com;
        block-all-mixed-content; 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/ https://devicedatasubmissions.azurewebsites.net/api/Submit;font-src 'self';img-src 'self' data: http://images.51degrees.mobi;frame-src 'self' 2
default-src https: 'self' *.mohrsiebeck.com; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.mohrsiebeck.com; style-src https: 'self' 'unsafe-inline' *.mohrsiebeck.com; img-src https: 'self' *.mohrsiebeck.com 2
default-src 'self' blob:;connect-src 'self' wss: *.mywebinar.com *.mywebinar.io *.mywebinar.live myownconference.net *.myownconference.net v2.zopim.com widget-mediator.zopim.com static.zdassets.com ekr.zdassets.com www.google-analytics.com stats.g.doubleclick.net chimpstatic.com yoast.com my.yoast.com;frame-src 'self' www.youtube.com www.google.com yoa.st;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.myownconference.com *.mywebinar.com *.mywebinar.net *.mywebinar.io www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.google-analytics.com ajax.googleapis.com v2.zopim.com widget-mediator.zopim.com static.zdassets.com chimpstatic.com a.quora.com;img-src 'self' data: *;media-src 'self' blob: *.mywebinar.com *.mywebinar.net *.mywebinar.io myownconference.net *.myownconference.net v2.zopim.com static.zdassets.com;style-src 'self' 'unsafe-inline' *.mywebinar.com *.mywebinar.net *.mywebinar.io;font-src 'self' data: *.mywebinar.net *.mywebinar.io static.zdassets.com v2.zopim.com;object-src 'self' *.mywebinar.net *.mywebinar.io; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.nzbvortex.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' *.google.com; object-src 'none'; frame-ancestors 'self' 2
default-src 'self';frame-ancestors 'none';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com;child-src 'self';form-action 'self' *.facebook.com;img-src 'self' data: *.kromtech.net *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.outbrain.com *.taboola.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.doubleclick.net *.outbrain.com *.taboola.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net;object-src 'none';connect-src 'self' *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com *.google.com *.taboola.com wss://*.hotjar.com 2
frame-ancestors https://*.net10wireless.com 2
frame-ancestors 'self' https://*.tonies.de https://*.tonies.com https://*.tonie.cloud 2
report-uri https://sentry.io/api/1206618/security/?sentry_key=4b848061416d44a9bc925db5abadefe2; script-src 'sha256-4s6iHDKHRjeDzzKmqzfChPVPLZtZ4o8WHOwbZlzS/RA=' 'self' https://static.smartrecruiters.com https://cdn.materialdesignicons.com https://fonts.googleapis.com https://fonts.gstatic.com https://breadwallet.us14.list-manage.com; default-src 'self'; connect-src 'self' https://sentry.io https://storerocket.io https://api.mapbox.com; style-src 'self' blob: 'unsafe-inline' cdn.materialdesignicons.com fonts.googleapis.com api.tiles.mapbox.com; font-src 'self' cdn.materialdesignicons.com fonts.gstatic.com; worker-src 'self' blob:; child-src 'self' blob:; img-src 'self' data: blob: https://storage.googleapis.com/ https://brd.imgix.net/; frame-src 'self' blob: https://www.youtube.com/ 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 2
font-src 'self' 2
default-src 'self' s.amazon-adsystem.com d.adroll.com s.adroll.com https: http:; img-src * 'self' p.alocdn.com data: https: http:; style-src 'self' 'unsafe-inline' www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com seal-sanjose.bbb.org s.amazon-adsystem.com s.adroll.com a.adroll.com d.adroll.mgr.consensu.org d.adroll.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com cdn.syndication.twimg.com platform.twitter.com platform.instagram.com www.instagram.com cdn1.developermedia.com cdn2.developermedia.com apis.google.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com www.google-analytics.com s.adroll.com a.adroll.com seal-sanjose.bbb.org d.adroll.mgr.consensu.org d.adroll.com s.amazon-adsystem.com; 2
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 2
frame-ancestors 'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 2
upgrade-insecure-requests; object-src 'none' 2
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' kaldewei-ass.secure.footprint.net kaldewei-tt.secure.footprint.net https://www.kaldewei.de *.kaldewei.de https://www.kaldewei.com http://test-lieferzeitenauskunft.kaldewei.de test-lieferzeitenauskunft.kaldewei.de lieferzeitenauskunft.kaldewei.de *.hotjar.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com jwpsrv.com www.polantis.com maps.googleapis.com maps.gstatic.com bat.bing.com https://interaktiv.contilla.de/15012d2d2e303369c8628723/0/webapp.js https://www.recaptcha.net/recaptcha/api.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/206776544034462 https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ privacy-proxy-server.usercentrics.eu privacy-proxy.usercentrics.eu app.usercentrics.eu https://ct.pinterest.com/user/; 2
frame-ancestors https://*.protoshare.com http://*.protoshare.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; 2
font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com/ 2
frame-ancestors *.entertainmentcruises.com *.odysseycruises.com *.spiritcruises.com *.mysticbluecruises.com *.seadogcruises.com *.bateauxnewyork.com reservations.entertainmentcruises.com; 2
frame-ancestors 'self' dev.dieselserviceandsupply.com www.dieselserviceandsupply.com ; 2
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 2
default-src 'self' 'unsafe-eval' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/  https://www.youtube-nocookie.com/ http://www.un.org/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net  https://comvivasocial.com/ https://platform.twitter.com https://www.googletagmanager.com http://platform.twitter.com/ https://ajax.googleapis.com/  https://s0.wp.com/ https://stats.wp.com/ https://s1.wp.com/; style-src 'self' 'unsafe-inline' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net http://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.google.co.in https://stats.g.doubleclick.net https://p.adsymptotic.com https://www.facebook.com https://www.google.com/ http://t.co https://ps.w.org/ *.gravatar.com https://s.w.org/ https://i.ytimg.com http://img.youtube.com https://img.youtube.com https://cdn1.iconfinder.com https://pixel.wp.com/; connect-src 'self' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/ https://stats.g.doubleclick.net https://developer.hirexp.com/; font-src 'self' data: http://fonts.gstatic.com; report-uri https://www.comviva.com; upgrade-insecure-requests 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://fonts.gstatic.com 2
default-src 'none'; connect-src *; img-src 'self' data: https:; style-src 'self' * 'unsafe-inline' ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' ;font-src * ;frame-src *;media-src 'self' http: data: ;prefetch-src *; 2
: default-src 'self' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 2
frame-ancestors 'self' *.swoogo.com 2
default-src 'none';connect-src 'self';font-src 'self' fonts.gstatic.com;frame-src *.actiris.brussels www.facebook.com player.vimeo.com youtu.be www.youtube.com www.gstatic.com www.google.com static.ak.facebook.com s-static.ak.facebook.com connect.facebook.net;frame-ancestors 'self';img-src 'self' data: www.google-analytics.com *.actiris.brussels *.selectactiris.brussels *.basemaps.cartocdn.com i.ytimg.com www.facebook.com stats.g.doubleclick.net https://yestest.actiris.brussels:4443 *.actiris.brussels:4443;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; 2
frame-ancestors https://*.hussle.com https://apps.facebook.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com  *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.cybersource.com https://*.mapbox.com https://*.tiles.mapbox.com https://cdn.loop11.com https://*.readspeaker.com https://www.bugherd.com https://*.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.segment.com https://d2iiunr5ws5ch1.cloudfront.net https://h.online-metrix.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net/ https://optimize.google.com; child-src blob: https://*.vic.gov.au https://*.cybersource.com https://*.readspeaker.com https://*.youtube.com https://h.online-metrix.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net ; img-src 'self' * data: blob: https://*.cybersource.com https://*.google-analytics.com https://optimize.google.com ; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *.readspeaker.com https://d6tizftlrpuof.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net; frame-src https://app.powerbi.com 'self' https://optimize.google.com https://h.online-metrix.net https://*.cybersource.com *.readspeaker.com https://*.youtube.com https://d6tizftlrpuof.cloudfront.net; 2
default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' 2
upgrade-insecure-requests; default-src 'none'; frame-src https://wpower.typeform.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; font-src 'self'; img-src https: data:; object-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://embed.typeform.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://a.quora.com https://*.twitter.com/ 'sha256-OsY0ogz1cLhr5tz6P1rgSkpX6WO/2EEqBkm/hdkOXrI=' 'sha256-X7AoVSC5ydl8R8CLlhFK43/bUu2pEp5lNUd5ehDYKns=' 'sha256-THCBjpkpjlruCtGs6yEhjShSdvHeINtLMlqiBA4X7dE=' 'sha256-kEM/SiGiA7GZbnKudp+pf6hzp4a5mbgWJ/T87pHRpUQ=' 'sha256-aaKpaL6BsGrknhezcXXT3jMl0XJjay7M33x67Ql5i00=' 'sha256-SlR47P5OhpAwZ6nt+bCWB7V6mje3XwkceP6wwK2iEGo=' 'sha256-xwnDakAb2Gj3mzOl/BXY9gYUmKxyS3dIHmQDIayX/hc='; style-src 'self' https://embed.typeform.com 'unsafe-inline'; media-src 'self' 2
frame-ancestors 'self' *.veepee.be  *.veepee.nl *.veepee.lu 2
default-src 'self' https://www.bam.eu01.nr-data.net edge.api.brightcove.com viz.tools.investis.com *.brightcove.com *.jsdelivr.net www.facebook.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net stats.g.doubleclick.net https://brightcove.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net cdn.rawgit.com cdnjs.cloudflare.com https://www.bam.eu01.nr-data.net ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com boards.greenhouse.io https://js-agent.newrelic.com https://bam.eu01.nr-data.net  https://www.youtube.com https://s.ytimg.com tagmanager.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net greenhouse-integration-demo.herokuapp.com tagmanager.google.com; img-src 'self' 'unsafe-inline' *; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com boards.greenhouse.io www.ocado.com www.youtube.com jobsfeed.ocado.com https://players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' https://www.bam.eu01.nr-data.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://edge.api.brightcove.com https://viz.tools.investis.com https://stats.g.doubleclick.net https://www.facebook.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 2
object-src 'self'; img-src 'self'; frame-src 'self' 2
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 2
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
frame-ancestors 'self' https://moebel-kraft.de http://images.google.de http://images.google.com https://images.google.de https://images.google.com https://ogone.test.v-psp.com https://secure.ogone.com 2
default-src 'self' http: https: ; img-src http: https: data: ; font-src http: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; connect-src 'self' https: wss: ; style-src 'unsafe-inline' http: https: ; frame-ancestors 'self' http://*.stage.peri.info https://*.stage.peri.info http://*.live.peri.info https://*.live.peri.info ; child-src 'self' * ;frame-src 'self' * 2
default-src 'unsafe-inline' *.stahlwille.fr *.werkzeugschmiede.de *.stahlwille.de *.stahlwille.es *.stahlwille.it *.stahlwille.nl *.stahlwille.be *.stahlwille.se *.stahlwille.dk *.stahlwille-americas.com *.stahlwille.co.uk  *.tagwork-one.de; script-src 'unsafe-inline' 'unsafe-eval' *.stahlwille.fr *.werkzeugschmiede.de *.stahlwille.de *.stahlwille.es *.stahlwille.it *.stahlwille.nl *.stahlwille.be *.stahlwille.se *.stahlwille.dk *.stahlwille-americas.com *.stahlwille.co.uk  *.tagwork-one.de https://www.googletagmanager.com https://www.google-analytics.com maps.google.com maps.googleapis.com *.jobbase.io *.cookiebot.com; font-src 'self'; style-src 'unsafe-inline' *.stahlwille.fr *.werkzeugschmiede.de *.stahlwille.de *.stahlwille.es *.stahlwille.it *.stahlwille.nl *.stahlwille.be *.stahlwille.se *.stahlwille.dk *.stahlwille-americas.com *.stahlwille.co.uk  *.tagwork-one.de; img-src 'self' data: *.stahlwille.fr *.werkzeugschmiede.de *.stahlwille.de *.stahlwille.es *.stahlwille.it *.stahlwille.nl *.stahlwille.be *.stahlwille.se *.stahlwille.dk *.stahlwille-americas.com *.stahlwille.co.uk  *.tagwork-one.de https://www.google-analytics.com/ https://stats.g.doubleclick.net/ maps.gstatic.com maps.google.com *.prescreenapp.io; frame-src *.youtube-nocookie.com https://player.vimeo.com/ *.jobbase.io *.youtube.com *.cookiebot.com; connect-src *.stahlwille.fr *.werkzeugschmiede.de *.stahlwille.de *.stahlwille.es *.stahlwille.it *.stahlwille.nl *.stahlwille.be *.stahlwille.se *.stahlwille.dk *.stahlwille-americas.com *.stahlwille.co.uk  *.tagwork-one.de *.prescreenapp.io 2
upgrade-insecure-request 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline'; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://www.loginpostnl.net https://*.cldsvc.net https://*.salesforce.com https://*.googleapis.com https://*.google.com https://*.abtasty.com https://*.apsis1.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://*.postnl.sogeticloudservices.com https://*.usabilla.com https://www.googletagmanager.com https://www.googleadservices.com https://*.cloudfront.net https://*.innomdc.com https://connect.facebook.net https://platform.twitter.com https://*.linkedin.com https://*.pushcall.com https://*.pusher.com https://www.gstatic.com https://s3.amazonaws.com https://*.ads-twitter.com https://*.doubleclick.net https://*.twitter.com https://cdn.segment.com https://cdn.mxpnl.com https://pi.pardot.com https://*.salesforceliveagent.com https://postnl-frontend-locker.herokuapp.com https://*.hotjar.com https://postnlwebintelligence.s3-eu-west-1.amazonaws.com/analytics_global_new https://*.maglr.com https://quadia.webtvframework.com; connect-src 'self'  https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.adreskenmerken.eu https://*.cldsvc.net https://*.abtasty.com https://dc.services.visualstudio.com https://*.cloudfront.net https://*.abtasty.com https://*.pushcall.com wss://*.pusherapp.com https://*.pusher.com https://postnl.cubonacci.com https://twmmxtqwx0.execute-api.eu-central-1.amazonaws.com https://api.segment.io https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.usabilla.com https://b54wh2j6xi.execute-api.eu-central-1.amazonaws.com; img-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://services.geodan.nl https://api.innomdc.com https://*.cloudfront.net https://*.usabilla.com https://*.facebook.com https://*.atdmt.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.twitter.com https://*.pinterest.com https://t.co https://*.abtasty.com https://apccdn.apsis1.com https://conv.indeed.com https://*.tradetracker.net https://*.maglr.com; frame-src 'self' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://quadia.webtvframework.com https://*.cloudfront.net https://*.salesforce.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.twitter.com https://*.googletagmanager.com https://*.doubleclick.net https://ir.q4europe.com https://w.soundcloud.com https://projects.ivorystudio.net https://*.salesforceliveagent.com https://*.hotjar.com https://*.us.mytracking.net https://us.mytracking.net; style-src 'self' 'unsafe-inline' https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://*.salesforce.com https://*.apsis1.com https://*.abtasty.com https://*.googleapis.com https://*.cloudfront.net https://*.maglr.com https://*.usabilla.com; font-src 'self' data: https://*.postnl.nl https://*.postnl.be https://*.spring-gds.com https://*.nexive.it https://api.mixpanel.com https://fonts.gstatic.com https://teddytor.abtasty.com https://*.cloudfront.net 2
default-src 'self' *.fluvius.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io *.hotjar.com https://*.geopunt.be static.ads-twitter.com analytics.twitter.com *.bizographics.com translate.google.com translate.googleapis.com  cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com  https://amp.cloudflare.com cdn.sparkcentral.com translate.googleapis.com cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net; img-src 'self' data: www.google-analytics.com *.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com  https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io *.fluvius.be https://s3.eu-central-1.amazonaws.com blob: t.co *.linkedin.com translate.googleapis.com cdn-fluvius.azureedge.net  cdn-o-fluvius.azureedge.net; media-src 'self' https://cdn.sparkcentral.com; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube-nocookie.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com *.hotjar.com datastudio.google.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.sparkcentral.com data:; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io *.geopunt.be *.hotjar.com *.hotjar.io translate.googleapis.com; report-uri /report-csp-violation 2
frame-ancestors *.cas.cn 2
frame-ancestors 'self' *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 2
frame-ancestors 'self' https://*.facebook.com/; 2
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com	https://www.paypalobjects.com; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/uc.js https://www.google-analytics.com/analytics.js https://cdn.segment.com/analytics.js/v1/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/analytics.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js https://unpkg.com/@segment/consent-manager@4.2.2/standalone/consent-manager.js https://www.google.com/jsapi https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cookieinformation.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://i.ytimg.com https://secure.gravatar.com https://tags.w55c.net; font-src 'self' data: https://ecostruxureit.com/wp-content/plugins/tablepress/css/tablepress.svg https://fonts.googleapis.com https://fonts.gstatic.com https://ecostruxureit.com/wp-content/plugins/tablepress/css/tablepress.ttf; connect-src 'self' https://consent.app.cookieinformation.com https://api.segment.io https://my.wpengine.com https://cdn.segment.com/v1/projects/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/integrations; media-src 'self' https://www.youtube.com; object-src 'self'; frame-src 'self' http://localhost:9100/ https://www.youtube.com https://policy.app.cookieinformation.com; frame-ancestors 'self' http://localhost:9100/ https://app.ecostruxureit.com/ https://dev-app.ecostruxureit.xyz/; report-uri https://ecostruxureit.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; script-src 'self' https://*.consensu.org https://*.onetrust.com https://*.cookielaw.org https://*.googletagmanager.com https://*.yahoo.com https://*.msn.com https://*.googleadservices.com https://*.addthisedge.com https://*.mixpanel.com https://*.mxpnl.com https://*.facebook.net https://*.addthis.com https://*.google-analytics.com https://*.lassocrm.com https://*.googleapis.com https://*.moatads.com https://*.adroll.com https://*.snapengage.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*; connect-src 'self' https://*.consensu.org https://*.onetrust.com https://*.cookielaw.org https://*.cavco.com https://*.addthis.com https://*.mixpanel.com https://*.facebook.com 2
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://87.98.176.191 http://176.9.86.142 http://176.9.142.103 http://144.76.24.149 http://136.243.73.233 http://148.251.0.18 http://144.76.218.27 http://148.251.136.187; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
default-src https: 'unsafe-inline' 2
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2
connect-src 'self' wss:             *.maxict.nl            *.maxshop.test            *.doubleclick.net            *.google-analytics.com            *.hotjar.com            *.hotjar.io            *.pro6pp.nl            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com;        default-src 'none';        font-src 'self' data:            *.maxict.nl            *.maxshop.test             *.gstatic.com            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com            *.hotjar.com;        frame-src 'self' 'unsafe-inline' about:             *.maxict.nl            *.maxshop.test            *.criteo.com            *.google.com            *.dpd.de            *.eetgroup.com            *.facebook.com            *.hotjar.com            *.hotjar.io            *.kingston.com            *.newstar.eu            *.newstar.nl            *.startech.com            *.tawk.to            *.twindis.com            *.youtube.com            *.psaparts.co.uk            *.gls-info.nl            *.gls-netherlands.com            *.dwin1.com            unpkg.com            *.zenaps.com;        img-src 'self' data: https:             *.maxict.nl            *.maxshop.test            *.google.com;        manifest-src 'self' *.maxict.nl;        object-src 'self' *.maxict.nl;        script-src 'self' 'unsafe-inline' 'unsafe-eval' about:             *.maxict.nl            *.maxshop.test            *.bing.com            *.bizographics.com            *.cloudfront.net            *.criteo.com            *.criteo.net            *.doubleclick.net            *.facebook.net            *.flix360.com            *.flixcar.com            *.flixfacts.com            *.google-analytics.com            *.googleadservices.com            *.googletagmanager.com            *.google.com            *.hotjar.com            *.hotjar.io            *.iceleads.com            *.jsdelivr.net            *.licdn.com            *.linkedin.com            *.list-manage.com            *.mailchimp.com            *.tawk.to            *.vane3alga.com            *.dwin1.com            unpkg.com            *.zenaps.com;        style-src 'self' 'unsafe-inline'             *.maxict.nl            *.maxshop.test            *.cloudfront.net            *.googleapis.com            *.google.com            *.jsdelivr.net            *.mailchimp.com            *.dwin1.com            unpkg.com            *.zenaps.com;        upgrade-insecure-requests; 2
frame-ancestors 'self' https://*.schwab.com https://*.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.uat-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwabcharitable.org https://*.schwabmoneywise.com; report-uri /report-csp-violation 2
block-all-mixed-content;frame-ancestors *.web.de web.de http://images.google.de 2
frame-ancestors https://www.awr.com https://stage.awr.com https://resources.pcb.cadence.com http://cadence.pathfactory.com https://cadence.pathfactory.com http://paths.pcb.cadence.com https://paths.pcb.cadence.com http://awr.docker.localhost; report-uri /report-csp-violation 2
frame-ancestors 'self' https://secure.simplepart.com https://secure.cml.oeconnection.com https://portal.oeconnection.com; 2
worker-src 'self' blob:; script-src 'unsafe-inline' 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  https://tags.iag.com.au  https://tags.tiqcdn.com  https://www.youtube.com  https://s.ytimg.com  https://pym.nprapps.org  https://js-agent.newrelic.com  https://static.whatshelp.io  https://*.whatshelp.io  https://bothelp.io  https://engine.api.myjrny.ai  https://bundle.static.myjrny.ai  https://www.staticcdn.co.nz  'unsafe-eval' cdnjs.cloudflare.com cdn.ampproject.org dev.visualwebsiteoptimizer.com www.googletagmanager.com i.kissmetrics.com cdn.inspectlet.com maps.gstatic.com s3.amazonaws.com code.jquery.com doug1izaerwt3.cloudfront.net maps.googleapis.com fonts.googleapis.com mt1.googleapis.com mt0.googleapis.com www.googleapis.com ad.doubleclick.net www.google-analytics.com clients1.google.com mts0.googleapis.com mts1.googleapis.com cbks0.googleapis.com; img-src * data:; style-src 'self' stackpath.bootstrapcdn.com cdnjs.cloudflare.com  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  https://tags.iag.com.au  https://tags.tiqcdn.com  https://www.youtube.com  https://s.ytimg.com  https://pym.nprapps.org  https://js-agent.newrelic.com  https://static.whatshelp.io  https://*.whatshelp.io  https://bothelp.io  https://engine.api.myjrny.ai  https://bundle.static.myjrny.ai  https://www.staticcdn.co.nz  'unsafe-inline' fonts.googleapis.com www.google.com 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://chatbot.elmuemasz.hu/; style-src 'self' 'unsafe-inline' https://storage.chatbot.elmuemasz.hu/ https://elmurg11chatbot.blob.core.windows.net/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://chatbot.elmuemasz.hu/; img-src 'self' 'unsafe-inline' data: https://storage.chatbot.elmuemasz.hu/ https://elmurg11chatbot.blob.core.windows.net/ https://i.ibb.co/61frh4q/elmuelek.png https://i.imgur.com/ https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://ssl.gstatic.com/ https://chatbot.elmuemasz.hu/; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com;connect-src 'self' https://elmu.proebiz.com/ https://api.cai.tools.sap/ https://www.google-analytics.com https://chatbot.elmuemasz.hu/ wss://chatbot.elmuemasz.hu/; frame-src https://www.google.com/recaptcha/ https://www.facebook.com https://staticxx.facebook.com https://docs.google.com/forms/ https://my.matterport.com/show/ https://www.youtube.com/embed/;frame-ancestors 'self'; form-action 'self'; 2
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors * 2
frame-ancestors http://ne.snn-unit.de https://ne.snn-unit.de 'self' 2
block-all-mixed-content; base-uri 'none'; default-src 'none'; frame-ancestors 'none'; frame-src consentcdn.cookiebot.com player.vimeo.com www.google.com www.youtube.com; object-src 'self'; media-src 'self'; form-action 'self' dmtrk.net; script-src 'self' 'unsafe-inline' consent.cookiebot.com consentcdn.cookiebot.com bam.nr-data.net js-agent.newrelic.com vimeo.com player.vimeo.com maps.googleapis.com ssl.google-analytics.com www.googleadservices.com www.google-analytics.com www.google.com/recaptcha/ www.googletagmanager.com www.gstatic.com/recaptcha/ cdnjs.cloudflare.com/ajax/libs/gsap/2.1.3/; connect-src 'self' skyfire.vimeocdn.com maps.googleapis.com; img-src 'self' maps.gstatic.com maps.googleapis.com www.google-analytics.com www.google.com www.google.co.uk *.doubleclick.net data:; style-src 'self' 'unsafe-inline' maps.googleapis.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; 2
frame-ancestors 'self' tvoy-priz.ru lasterlast.ru guru-games.ru gigath.oneth.ru oneth.ru netheml.ru gamazer.ru gamcloud.ru maigamers.ru sotgame.ru igamir.ru girgame.ru vk.com livehelp.trueplay.io 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://apis.google.com https://fonts.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://www.googleadservices.com https://panel.stopthehacker.com https://www.googlecommerce.com https://www.gstatic.com https://*.facebook.net https://*.addthis.com https://*.addthisedge.com https://*.bing.com https://*.pinterest.com https://*.powerreviews.com https://*.nr-data.net https://*.doubleclick.net https://*.typekit.net https://*.marinsm.com https://*.googletagmanager.com https://*.tm00.com https://*.cloudfront.net https://*.zendesk.com https://*.newrelic.com https://*.zdassets.com https://*.zopim.com https://*.steelhousemedia.com https://*.newrelic.com https://*.godatafeed.com https://*.steelhousemedia.com https://maps.googleapis.com https://s3.amazonaws.com https://mpsnare.iesnare.com https://www.googleapis.com https://*.nexcesscdn.net https://r2-t.trackedlink.net https://static.trackedweb.net https://h.online-metrix.net https://z.moatads.com https://*.youtube.com https://*.ytimg.com https://tagmanager.google.com https://*.yotpo.com; connect-src 'self' 'unsafe-inline' https://www.google.com https://ssl.google-analytics.com https://www.facebook.com https://panel.stopthehacker.com https://www.google.com https://insights.hotjar.com https://*.addthis.com https://*.bing.com https://*.zdassets.com https://*.zendesk.com https://*.typekit.net/ https://*.zopim.com ws://*.zopim.com ws://*.zendesk.com https://*.wyng.com https://bam.nr-data.net https://api.offerpop.com https://www.google-analytics.com https://*.nexcesscdn.net https://r2.trackedweb.net https://*.yotpo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.nexcesscdn.net https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com; img-src 'self' https://www.facebook.com https://ssl.google-analytics.com https://panel.stopthehacker.com https://*.doubleclick.net https://*.google.com https://*.bing.com https://*.googleadservices.com https://*.outdoorsignsamerica.com https://*.magentocommerce.com https://*.pinterest.com https://*.addthis.com https://*.amazon-adsystem.com https://*.typekit.net https://*.cloudinary.com https://*.adsymptotic.com https://*.adsrvr.org https://*.zopim.com https://www.google-analytics.com https://www.googletagmanager.com https://dsum-sec.casalemedia.com https://images.ebsco.com https://*.googleapis.com data: https://*.advertising.com https://dpm.demdex.net https://maps.gstatic.com https://*.adnxs.com https://ads.yahoo.com https://m.addthisedge.com https://*.amazonaws.com https://*.steelhousemedia.com https://pixel.rubiconproject.com https://pixel.tapad.com https://*.bluekai.com https://s.thebrighttag.com https://simage2.pubmatic.com https://adadvisor.net https://beacon.krxd.net https://uipglob.semasio.net https://x.bidswitch.net https://match.sharethrough.com https://ads.scorecardresearch.com https://aa.agkn.com https://*.cloudfront.net https://use.fontawesome.com https://use.typekit.net https://privacy-policy.truste.com https://www.oakmountainoutfitters.com https://*.nexcesscdn.net https://ssl.gstatic.com https://www.gstatic.com https://*.yotpo.com; font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://*.bootstrapcdn.com https://*.zopim.com data: https://*.cloudfront.net https://*.amazonaws.com https://*.nexcesscdn.net https://use.fontawesome.com https://*.yotpo.com; frame-src 'self' https://www.google.com https://*.googleadservices.com https://*.doubleclick.net https://*.facebook.com https://connect.facebook.net https://www.youtube-nocookie.com https://*.addthis.com https://*.authorize.net https://*.bing.com https://*.pinterest.com https://*.zendesk.com https://*.youtube.com https://*.wyng.com https://*.cybersource.com; object-src 'self' https://mpsnare.iesnare.com; media-src 'self' https://static.zdassets.com 2
script-src 'self' https://az416426.vo.msecnd.net/; form-action 'self'; font-src 'self'; frame-ancestors 'self'; 2
default-src 'none'; img-src * data:; media-src *; font-src * data:; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://www.google-analytics.com https://connect.facebook.net https://maps.google.com https://maps.googleapis.com https://player.vimeo.com https://ajax.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://fonts.googleapis.com; connect-src 'self' https://sandberg.world https://files.sandberg.world https://cdn.sandberg.world https://sandberg.gl https://sandberg.es https://sandberg.pt https://sandberg.cz https://sandberg.si https://sandberg.lt https://sandberg.is https://sandberg.bg https://sandberg.fr https://sandberg.at https://sandberg.rs https://sandberg.ae https://sandberg.ie https://www.google-analytics.com https://vimeo.com 2
frame-ancestors 'self' https://www.pcschool.tv; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: http://mshcentraldbdev.prod.acquia-sites.com *.balladhealthcrm.org *.crazyegg.com; frame-ancestors 'self'; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net 2
default-src *; style-src  data: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.com https://www.gstatic.com 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: data: * 2
default-src 'self' http://* https://*; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' http://* https://* *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' http://* https://* accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://tpc.googlesyndication.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 2
script-src 'self'; 2
default-src 'self' www.mega-porno.me mega-porno.me *.mega-porno.me *.mega-porno.tv megabc.info mega-bc.info *.fcdn.net *.kxcdn.com *.fex.net *.pljs.ru https://fex.net https://n161adserv.com *.advertserve.com advrich.com prfctmney.com chsrkred.com mikellli.com jmpmedia.club jmpmedia.info bmrdrct.best ggbuy.info bmrdrct.info razdvabm.com gcvbmb.com cdnbmb.com jumpbmb.com cdn-r02.cdnbmb.com cdn-r01.cdnbmb.com kokorzabil.com messiupal.com dzubavstal.com bigbonga.com bigoff.info bcnewltd.club bctwe.com 69v.club *.mpay69.net *.mpay69.org *.mpay69.info test.test-mp.info http://mp-https.info http://bobi-bobi.info http://mpay3.info http://plpromos.com http://fderty.com promo-bc.com ajx161.online *.n161adserv.com u2bmco.com vast.yomeno.xyz *.protovid.com protovid.com *.baimgfroggd.site mtrcss.com *.thevideome.site *.visitstats.com *.cloudfrale.com franecki.net *.cdnbmb.com *.ankunding.biz *.bongacash.com mibmcbm.com orjzy.com *.iwad.ru 11flexiblebig9.website syndication.exosrv.com *.trfmxt.com mtrcss.com bestrrd.com mtrcdn.com zrlcr.com *.spylees.com covivado.club *.traffic8.net ebetoni.com *.exdynsrv.com *.traffer.net *.zerocdn.com *.vids69.com *.mega-porno.me *.advertserve.com http://counter.rambler.ru my2.imgsmail.ru www.gstatic.com yandex.st an.yandex.ru pagead2.googlesyndication.com www.youtube.com vk.com cdn.connect.mail.ru *.gstatic.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com https://apis.google.com www.gstatic.com *.xcvgdf.party 'unsafe-inline' 'unsafe-eval' http://www.mega-porno.me http://mega-porno.me data: 0.gravatar.com http://0.gravatar.com/ 1.gravatar.com http://1.gravatar.com/ an.yandex.ru/count http://an.yandex.ru/count/ favicon.yandex.net http://favicon.yandex.net avatars-fast.yandex.net http://avatars-fast.yandex.net/ vk.com yastatic.net counter.rambler.ru top-fwz1.mail.ru www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com yastatic.net http://yastatic.net/ connect.mail.ru an.yandex.ru www.youtube.com googleads.g.doubleclick.net vk.com userapi.com site.yandex.net yastatic.net https://yastatic.net http://site.yandex.net https://site.yandex.net *.gstatic.com https://vk.com fonts.googleapis.com mc.yandex.ru *.gstatic.com 2
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.largolibrary.com https://*.revize.com https://cdnjs.cloudflare.com https://cdn.userway.org https://www.gstatic.com https://*.google.com https://siteimproveanalytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://chat.uniqueic.com https://api.instagram.com https://*.facebook.com https://*.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://s3-us-west-2.amazonaws.com https://crm.bloomerang.co https://ajax.aspnetcdn.com; style-src * 'unsafe-inline' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: 2
block-all-mixed-content; base-uri 'none'; default-src 'self' * data:; frame-ancestors 'self'; frame-src 'self' *; form-action 'self' webto.salesforce.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * data:; 2
default-src 'self' https://connect.facebook.net/en_US/fbevents.js https://www.google.com/recaptcha/api.js https://fonts.gstatic.com/  https://fonts.googleapis.com https://www.googletagmanager.com ;script-src 'self'  'sha256-ZFgEXkseyEt3CFGjUxYUE6rV3zJeeINABgKRBELxcrM=' 'sha256-eHvlfSp4WdmxVEF62vHFKGeY5BrXBPmZer3n9XNFfyU=' 'sha256-7Ia7ivoj7HI/U+5g2XG9hbQ69AbUohgkE2T1pl/AAjE=' https://www.grupoanaya.es/js/btn_compra.js https://www.gstatic.com/ https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/recaptcha/releases/66WEle60vY1w2WveBS-1ZMFs/recaptcha__es.js https://www.gstatic.com/recaptcha/api2/v1566858990656/recaptcha__es.js https://connect.facebook.net/signals/config/1610730305895192  https://www.googletagmanager.com https://rec.smartlook.com/ https://track.oniad.com/ https://track.adform.net/  https://scontent.cdninstagram.com/  https://platform.oniad.com  https://track.adform.net/serving/scripts/trackpoint/async/  https://www.google-analytics.com/  https://www.googletagmanager.com https://api.instagram.com https://ajax.googleapis.com/* https://www.google.com/recaptcha/api.js ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/count/36c8c0  ;img-src * data: 'unsafe-inline';connect-src * 'unsafe-inline';frame-src *;base-uri 'self'; 2
frame-ancestors 'self' https://www.veinteractive.com/ 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.exposebox.com *.windows.net *.googletagmanager.com *.google-analytics.com *.jquery.com *.us4.list-manage.com yoast.com unpkg.com *.cookiepro.com *.facebook.net *.cloudflare.com fast.wistia.com;style-src 'self' 'unsafe-inline' *.windows.net *.googleapis.com unpkg.com *.fontawesome.com *.cookiepro.com yoast.com;img-src 'self' 'unsafe-inline' data: blob: *;child-src 'self' facebook.com instagram.com twitter.com *.exposebox.com yoast.com *.vimeo.com;connect-src 'self' yoast.com *.joomunited.com *.arcgis.com *.mapbox.com stats.g.doubleclick.net;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com yoast.com;frame-src 'self' *.exposebox.com *.vimeo.com *.facebook.com *.cdnx.co.uk;worker-src 'self' blob:;upgrade-insecure-requests;report-to default; 2
frame-ancestors 'self' https://www.roberta-home.de https://bigdata.fraunhofer.de https://vocol.iais.fraunhofer.de *.open-roberta.org https://www.arise-project.org https://emili-projects.eu https://companyengineering.iais.fraunhofer.de https://jira.iais.fraunhofer.de https://www.bigdata.fraunhofer.de; report-uri /csp-violation-report/ 2
frame-ancestors 'self' *.cotabank.com.tw *.cotabank.com 2
default-src=self 2
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://87.98.171.25 http://176.9.86.142 http://176.9.142.103 http://144.76.24.149 http://136.243.73.233 http://148.251.0.18 http://144.76.218.27 http://148.251.136.187; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2
frame-ancestors 'self' http://webvisor.com; default-src 'self' https://yandex.ru; font-src 'self'; script-src 'self' https://api-maps.yandex.ru https://maps.google.com https://code.jivosite.com https://www.googletagmanager.com https://stats.hts.ru https://mc.yandex.ru https://yastatic.net https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://mc.yandex.ru https://code.jivosite.com https://*.jivosite.com; img-src 'self' https://ext.host-tracker.com https://api-maps.yandex.ru https://counter.yadro.ru http://cp.hts.ru https://mc.yandex.ru https://*.maps.yandex.net http://www.hts.ru http://hubble.ht-systems.ru https://stats.hts.ru https://www.google-analytics.com data:; media-src 'self' https://code.jivosite.com; style-src 'self' 'unsafe-inline'; object-src 'self' 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' stage-portal.aerztekammer-hamburg.org portal.aerztekammer-hamburg.org; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/charts/ 2
default-src 'self' data: code.jquery.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com; frame-src 'self' *.youtube-nocookie.com 2
frame-ancestors http://awards.ratingruneta.ru aer.aero uplab.uplab.digital 2
default-src 'self'; object-src 'none'; connect-src 'self' api.formbucket.com; script-src 'self' 'unsafe-inline' *.doubleclick.net connect.facebook.net px.ads.linkedin.com sjs.bizographics.com tagmanager.google.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; img-src 'self' data: *.doubleclick.net *.gstatic.com images.ctfassets.net www.facebook.com www.google.com www.google-analytics.com; media-src 'self' images.ctfassets.net videos.ctfassets.net; frame-src 'self' bid.g.doubleclick.com player.vimeo.com; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.brightcove.com hm.baidu.com *.google.com *.quantserve.com *.en25.com *.googletagmanager.com *.eloqua.com *.addthis.com *.gstatic.com *.google-analytics.com *.googleadservices.com connect.facebook.net *.moatads.com *.typekit.net; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com *.brightcove.com hm.baidu.com *.google.com *.quantserve.com *.en25.com *.googletagmanager.com *.eloqua.com *.addthis.com *.gstatic.com *.google-analytics.com *.googleadservices.com connect.facebook.net *.moatads.com *.typekit.net; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src 'self' *.googleapis.com *.gstatic.com; connect-src 'self' *.brightcove.net *.addthis.com *.facebook.com; media-src 'self'; object-src; prefetch-src 'self' *.addthis.com; child-src; frame-src 'self' *.google.com www.googletagmanager.com players.brightcove.net s7.addthis.com; worker-src; frame-ancestors 'self'; form-action 'self' *.eloqua.com *.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri; manifest-src; plugin-types application/pdf; report-uri https://58f7e81f3af4aa169a065fe008c31ddd.report-uri.com/r/d/csp/reportonly; report-to 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 2
frame-ancestors 'self' https://www.domainedevillers.fr 2
frame-src https: 2
connect-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com  https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;default-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;frame-ancestors 'self'  ;frame-src https://www.google.com https://staticxx.facebook.com https://www.facebook.com/ https://www.youtube.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com ;img-src 'self' data: blob: https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;media-src 'none';object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;font-src data: 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.google.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net; frame-src 'self' www.gstatic.com www.google.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self' 2
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none' 2
default-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js; script-src 'self' https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/; style-src 'self' 'unsafe-inline'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 2
default-src 'self' http: https: data: blob: 'unsafe-inline' blob: 'unsafe-eval' 2
upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 2
frame-ancestors 'self' https://kuleuven.be https://*.kuleuven.be ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mediawijzer.net cdn.mediaukkies.nl cdn.weekvandemediawijsheid.nl cdn.mediawijsheid.nl cdnjs.cloudflare.com *.pinterest.com *.wp.com *.googletagmanager.com www.google-analytics.com *.googleapis.com platform.twitter.com static.addtoany.com cdn.rawgit.com *.google.com cdn.syndication.twimg.com connect.facebook.net widget.surveymonkey.com *.sogosurvey.com cdn.hoezomediawijs.nl cdn.weekvandemediawijsheid.nl cdn.mediaukkies.nl cdn.mediaukkiedagen.nl www.gstatic.com js-agent.newrelic.com www.instagram.com bam.nr-data.net www.aanmelder.nl cdn.aanmelder.nl 2
default-src 'self' static.mycity.travel static.aigle-leysin-lesmosses.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 2
frame-ancestors https: 2
default-src 'unsafe-inline' 'unsafe-eval' 'self'  https://www.mincotur.gob.es http://www.mincotur.gob.es https://use.fontawesome.com https://comercio.gob.es/ https://comercio.gob.es.aplicaciones https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://cdn.syndication.twimg.com/; img-src 'unsafe-inline' 'self' https://www.mincotur.gob.es http://www.mincotur.gob.es https://* http://* data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://*; style-src-elem 'unsafe-inline' 'self' https://www.mincotur.gob.es http://www.mincotur.gob.es https://fonts.googleapis.com http://fonts.googleapis.com https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.mincotur.gob.es http://www.mincotur.gob.es https://platform.twitter.com; media-src 'unsafe-inline' 'unsafe-eval' 'self' https://* http://* 2
object-src 'self' www.google.com transac.telebec.com google-analytics.com api.google-analytics.com; frame-ancestors 'self'; 2
script-src 'self'; object-src 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.connexity.net *.googleadservices.com *.ubembed.com *.msn.com *.pricegrabber.com https://client.perimeterx.net https://collector-pxd62eqwow.perimeterx.net *.bizrate.com t.pepperjamnetwork.com http://www.pricegrabber.com/14C *.bing.com *.dsply.com *.webcollage.net https://gateway.answerscloud.com/eastcoasthardware/production/gateway.min.js *.cloudflare.com http://www.eastcoasthardware.com *.eastcoasthardware.com *.pupdaddy.com http://www.pupdaddy.com *.gracesgreens.com http://www.gracesgreens.com *.yumza.com http://www.yumza.com *.marinescreens.com http://www.marinescreens.com *.iovation.com seal-newjersey.bbb.org *.cloudfront.net *.doubleclick.net *.newrelic.com bam.nr-data.net *.google-analytics.com gsa://onpageload *.linkedin.com *.pinterest.com *.certona.net *.googleapis.com *.google.com *.gstatic.com *.yotpo.com *.googlecommerce.com *.iesnare.com pixeleze.com *.pixeleze.com shop.pe *.shop.pe *.klaviyo.com *.segment.io *.res-x.com https://www.googletagmanager.com https://settings.luckyorange.net wss://in.visitors.live wss://visitors.live https://sentry.io https://cdn.segment.com https://api.luckyorange.com https://use.fontawesome.com; 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: 2
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
frame-ancestors 'self' https://www.googletagmanager.com 2
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 2
'unsafe-inline'; 2
frame-ancestors 'self' *.selwo.es *.selwomarina.es 2
frame-ancestors 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com  www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com  fonts.googleapis.com tagmanager.google.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.gstatic.com *.googleapis.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.pardot.com cdnjs.cloudflare.com cdn.rawgit.com static-ssl.responsetap.com metrics.responsetap.com tagmanager.google.com connect.facebook.net static.ads-twitter.com *.google-analytics.com *.cloudfront.net *.facebook.com *.twitter.com *.doubleclick.net *.hotjar.com bam.nr-data.net go.theofficegroup.com optimize.google.com cookie-cdn.cookiepro.com geolocation.onetrust.com sjs.bizographics.com *.licdn.com *.twitter.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.gstatic.com *.googleapis.com *.googletagmanager.com  *.pardot.com cdnjs.cloudflare.com cdn.rawgit.com tagmanager.google.com *.doubleclick.net https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: cdn.jsdelivr.net *.google.com *.google.co.uk *.gstatic.com *.googleapis.com *.googletagmanager.com  *.pardot.com *.webdamdb.com cdnjs.cloudflare.com tagmanager.google.com *.facebook.com *.twitter.com *.google-analytics.com *.doubleclick.net t.co script.hotjar.com cookie-cdn.cookiepro.com *.adnxs.com *.linkedin.com *.adsymptotic.com *.google.co.in; media-src 'self' *.webdamdb.com; frame-src 'self' *.webdamdb.com *.youtube.com *.hotjar.com https://optimize.google.com *.facebook.com *.vimeo.com *.matterport.com; frame-ancestors 'self'; child-src 'self' *.webdamdb.com *.youtube.com vars.hotjar.com *.matterport.com; font-src 'self' data: *.gstatic.com script.hotjar.com ; connect-src 'self' *.luckyorange.net *.hotjar.com bam.nr-data.net wss://*.hotjar.com vc.hotjar.io cookie-cdn.cookiepro.com google-analytics.com *.facebook.com ; report-uri /report-csp-violation 2
default-src 'self' *.legocdn.com *.lego.com; script-src 'self' https: *.legocdn.com *.lego.com lego.com *.akamai.net googletagmanager.com 'unsafe-eval' 'unsafe-inline'; connect-src 'self' http: *.lego.com https: *.lego.com https: dpm.demdex.net; style-src 'self'  https: *.legocdn.com 'unsafe-inline'; img-src 'self' https: *.legocdn.com http://c.analytics.lego.com data:; font-src 'self' https: fonts.gstatic.com data:; frame-src 'self' https: http://legoeducation.23video.com legoeducation.23video.com lego.demdex.net legoeducation.com *.legoeducation.com; frame-ancestors 'self' legoeducation.com *.legoeducation.com; object-src 'self' 2
allow 'self'; 2
default-src 'self'; script-src 'self' https://ajax.googleapis.com https://adservice.google.co.uk https://adservice.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://survey.g.doubleclick.net https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.mouseflow.com https://sharecdn.social9.com https://share.social9.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://sharecdn.social9.com https://sharec.social9.com; font-src 'self' https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://bid.g.doubleclick.net https://platform.twitter.com https://syndication.twitter.com; connect-src 'self' https://www.google.com https://www.google.co.uk https://www.google-analytics.com 2
default-src 'self'; script-src 'self'     'unsafe-inline'     'unsafe-eval'     data:     www.google-analytics.com     widget.intercom.io/widget/     cdnjs.cloudflare.com/ajax/libs/handlebars.js/     cdnjs.cloudflare.com/ajax/libs/jquery/     cdnjs.cloudflare.com/ajax/libs/jsoneditor/     cdnjs.cloudflare.com/ajax/libs/vis/     cdnjs.cloudflare.com/ajax/libs/modernizr/     cdnjs.cloudflare.com/ajax/libs/webshim/     cdnjs.cloudflare.com/ajax/libs/jstree/     js.intercomcdn.com     jochen-destimo-family.s3-website.eu-central-1.amazonaws.com; style-src 'self'     'unsafe-inline'     cdnjs.cloudflare.com; img-src 'self'     data:     www.google-analytics.com     cdnjs.cloudflare.com/ajax/libs/handlebars.js/     cdnjs.cloudflare.com/ajax/libs/jquery/     cdnjs.cloudflare.com/ajax/libs/jsoneditor/     cdnjs.cloudflare.com/ajax/libs/vis/     cdnjs.cloudflare.com/ajax/libs/modernizr/     cdnjs.cloudflare.com/ajax/libs/webshim/     cdnjs.cloudflare.com/ajax/libs/jstree/     js.intercomcdn.com    downloads.intercomcdn.com    static.intercomassets.com;font-src 'self'     data:  js.intercomcdn.com/fonts/     fonts.gstatic.com; child-src www.youtube.com/; connect-src 'self'    *.intercom.io     wss://*.intercom.io/    *.tui-destiservices.com     *.tui-destimo.com; 2
default-src 'self' https:;     	script-src 'self' 'unsafe-inline' https: 'unsafe-eval';     	connect-src 'self' https: wss:;     	style-src 'self' 'unsafe-inline' https:;     	img-src 'self' https: data:;     	font-src 'self' https: data:;     	media-src 'self' https: blob:;     	object-src 'self' https: 2
object-src 'none'; frame-ancestors 'none' 2
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se; font-src 'self' 2
img-src blob: https: data:; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.easygis.eu *.cloudflare.com *.ogone.com https://connect.facebook.net *.google.com https://www.gstatic.com https://cdn.rawgit.com *.instagram.com/embed.js http://www.googleadservices.com *.hotjar.com https://googleads.g.doubleclick.net; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com *.googleapis.com https://api.easygis.eu *.cloudflare.com *.ogone.com *.google.com; img-src 'self' http://*.visitlimburg.be *.gstatic.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net data: https://*.easygis.eu/ https://*.mailchimp.com *.ogone.com *.facebook.com *.google.com *.google.be; media-src 'self'; frame-src 'self' https://*.hotjar.com https://*.youtube.com http://plugin.routeyou.com *.joomag.com *.resengo.com *.google.com *.ogone.com *.wlp-acs.com *.wandeleninlimburg.be *.limburg.be https://vlaanderenfietsland.azurewebsites.net *.vlaanderen-fietsland.be https://apps.nodemapp.com *.instagram.com https://player.kinomap.com *.vimeo.com; font-src 'self' https://fonts.gstatic.com *.googleapis.com data: https://api.easygis.eu; connect-src 'self' https://public.easygis.eu *.hotjar.com *.hotjar.io; report-uri /report-csp-violation 2
default-src 'self'; connect-src https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://api.addressy.com https://*.lot.to https://*.sportcaller.com https://*.mixpanel.com https://cdn.contentful.com https://preview.contentful.com https://sentry.io https://*.pusher.com wss://*.pusher.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://www.facebook.com https://*.crazyegg.com https://*.maxmind.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.launchdarkly.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://adservice.google.com https://*.secure.footprint.net https://*.atgvision.com https://geoip-js.com https://*.upscope.io wss://*.upscope.io https://banner.appsflyer.com https://bat.bing.com https://*.oscato.com; form-action 'self' https://bridge.aircall.io https://intercom.help https://api-iam.intercom.io https://verify.monzo.com https://www.facebook.com https://*.oscato.com https://webapp.securetrading.net; frame-ancestors 'self'; frame-src https://account.tote.digital https://account.test.tote.digital https://account.dev.tote.digital https://account.migration.tote.digital https://www.google.com https://account.staging.tote.live https://account.performance.tote.live https://account.live.tote.live https://account.tote.live https://account.staging.tote.co.uk https://account.performance.tote.co.uk https://account.live.tote.co.uk https://account.tote.co.uk https://thetote.atlassian.net https://tentofollow.tote.digital https://tentofollow-internal.tote.digital https://tentofollow.tote.live https://tentofollow.tote.co.uk https://flattentofollow.tote.co.uk https://development.tote.digital https://test.tote.digital https://stage.tote.co.uk https://tote.co.uk https://test-branch.tote.digital https://intercom-sheets.com https://*.pariplaygames.com https://d21j22mhfwmuah.cloudfront.net https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://cdn.sportcaller.com https://*.adsrvr.org https://*.blueprintgaming.com https://*.rubyplay.com https://*.inspiredvirgo.com https://*.upscope.io https://servedby.flashtalking.com/ https://wab-visualisation.performgroup.com/ https://www.facebook.com https://*.inseincvirtuals.com/ https://*.oscato.com; img-src 'self' blob: data: https://icard.gbiracing.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://images.ctfassets.net https://images.racingpost.com https://www.googletagmanager.com https://static.intercomassets.com https://*.intercomcdn.com https://*.gstatic.com https://*.aircall.io https://*.micpn.com https://*.intercom.io https://*.intercom-attachments.com https://uploads.intercomusercontent.com https://lotto.nyc3.cdn.digitaloceanspaces.com https://www.facebook.com https://t.myvisualiq.net https://bat.bing.com https://tapestry.tapad.com https://t.co https://*.doubleclick.net https://tags.bluekai.com https://dpm.demdex.net https://loadus.exelator.com https://idsync.rlcdn.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://insight.adsrvr.org https://*.crazyegg.com https://*.google-analytics.com https://cx.atdmt.com https://*.upscope.io https://servedby.flashtalking.com https://cdn.sportcaller.com https://*.oscato.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pusher.com https://*.gstatic.com https://www.googletagmanager.com https://*.intercom.io https://js.intercomcdn.com https://*.google.com https://*.mxpnl.com https://thetote.atlassian.net https://*.micpn.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.myvisualiq.net https://www.googleadservices.com https://analytics.twitter.com https://*.crazyegg.com https://js.adsrvr.org https://*.google-analytics.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://*.maxmind.com https://*.upscope.io https://websdk.appsflyer.com https://cdn4.userzoom.com https://*.oscato.com; font-src 'self' data: https://js.intercomcdn.com https://*.gstatic.com https://fonts.intercomcdn.com https://*.upscope.io https://cdn.tote.co.uk; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.upscope.io https://*.oscato.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk; media-src 'self' https://js.intercomcdn.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.secure.footprint.net https://*.atgvision.com https://*.upscope.io https://wab-visualisation.performgroup.com/ blob:; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://wab-visualisation.performgroup.com/ https://*.upscope.io https://*.oscato.com blob:; worker-src blob:; upgrade-insecure-requests; report-uri https://thetote.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' * ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src data: *; object-src 'self' 2
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 2
script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net mdbootstrap.com https://www.googletagmanager.com https://ws.facil-iti.com https://www.google-analytics.com; script-src-elem 'self' https://www.googletagmanager.com https://ws.facil-iti.com https://www.google-analytics.com https://cdn.jsdelivr.net mdbootstrap.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com mdbootstrap.com use.fontawesome.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://groupe-rocher.com/report-uri/reportOnly 2
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.devplayground.com.br *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com; connect-src 'self' data: https://freegeoip.app *.plyr.io https://noembed.com *.devplayground.com.br *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com; img-src 'self' data: *.youtube.com *.ytimg.com *.devplayground.com.br *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.devplayground.com.br *.googleapis.com *.google.com *.shopback.net; font-src 'self' data: *.devplayground.com.br *.gstatic.com script.hotjar.com; worker-src https: blob: 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data: 2
frame-ancestors 'self' https://classic.hidrive.com https://config-legacy.stratoserver.net https://serverlogin.qa.rz-ip.net https://serverlogin.qa2.rz-ip.net https://serverlogin.qa3.rz-ip.net https://staging.stratoserver.net https://serverlogin.entw.rz-ip.net https://config.strato.de 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com *.livechatinc.com; 2
frame-ancestors 'self' http://www.galaxyclub.cn https://www.galaxyclub.cn http://www.samsungmembers.cn https://www.samsungmembers.cn 2
frame-ancestors 'self' http://www.mobility-room.com:3000 http://mobility-room.com:3000; 2
child-src 'self' www.google.com player.vimeo.com s7.addthis.com www.youtube.com *.webspellchecker.net platform.twitter.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.twitter.com cdn.syndication.twimg.com www.gstatic.com www.google.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.webspellchecker.net www.linkedin.com www.gstatic.com graph.facebook.com v1.addthisedge.com  ; frame-src 'self' platform.twitter.com player.vimeo.com www.google.com *.das.co.uk s7.addthis.com cdn.yoshki.com 2
default-src * data: blob: about:;script-src 'self' https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 2
default-src 'self'; script-src 'self' https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com 'unsafe-inline'; img-src 'self' data: https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://*.googleapis.com https://vk.com https://*.vk.com https://www.facebook.com; child-src 'self' https://*.google.com https://www.youtube.com https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://*.amazonaws.com; media-src 'self' https://www.youtube.com/ https://*.amazonaws.com; font-src 'self' https://fonts.gstatic.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sompojapan.com.tr *.somposigorta.com.tr *.google.com *.google-analytics.com *.googleapis.com *.facebook.com *.gstatic.com *.facebook.net *.googletagmanager.com *.bootstrapcdn.com *.hotjar.com *.onesignal.com onesignal.com mc.yandex.ru track.adform.net *.googleadservices.com googleads.g.doubleclick.net *.cloudflare.com *.polyfill.io polyfill.io transloadit.edgly.net pisano.com.tr *.pisano.com.tr cdn.jsdelivr.netajax.aspnetcdn.com *.typeform.com jira.spartez.com 2
font-src * ; media-src * ; 2
default-src https: data: ws: wss: 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; form-action: http://go.aclara.com/*; 2
frame-ancestors  'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.eum-appdynamics.com https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.christopherobin.co.uk https://m.christopherobin.co.uk https://checkout.christopherobin.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 2
block-all-mixed-content; report-uri /v1/csplog 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand-ar.com flightbookings.airnewzealand-br.com flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw flightbookings.cn.airnewzealand.com flightbookings.airnewzealand.com.cn flightbookings.en.airnewzealand-ar.com flightbookings.en.airnewzealand-br.com flightbookings.grabaseat.co.nz flightbookings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp auth.airnewzealand.co.nz auth.airnewzealand.eu; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.googletagservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info auth.airnewzealand.co.nz auth.airnewzealand.eu ssl.google-analytics.com cdnjs.cloudflare.com res.levexis.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' video.cdnvue.com ; frame-src 'self' www.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz auth.airnewzealand.eu *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
font-src *;img-src *; 2
script-src 'self' 'unsafe-eval' open.scdn.co open-review.scdn.co quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net www.google.com cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com 'sha256-ULD8swJHlBFLCIbAFovM3Xinb443OobwJ73kvN9NZLY=' https://www.fastly-insights.com s3.amazonaws.com/ki.js/51746/b0R.js turbo.qualaroo.com; frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net https://tags.bkrtx.com flex.atdmt.com https://s.yimg.com; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com *.demdex.net *.bluekai.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://s.yimg.com http://www.oracle.com; media-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 2
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2
default-src data: blob: http://* https://* wss://* 'self' 'unsafe-inline' 'unsafe-eval'; 2
object-src 'none'; frame-src 'self' https:;child-src 'self' https:; 2
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 2
default-src 'self' *.cscglobal.com *.google-analytics.com *.maxmind.com geoip-js.com corporationserviceco.tt.omtrdc.net sample-api-v2.crazyegg.com; script-src 'self' px.ads.linkedin.com sjs.bizographics.com dnn506yrbagrg.cloudfront.net accounts.google.com optimize.google.com csc.global/assets/at.js *.google-analytics.com *.googletagmanager.com *.googleadservices.com script.crazyegg.com *.maxmind.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' optimize.google.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com px.ads.linkedin.com *.cscglobal.com cdn2.hubspot.net data: *.google-analytics.com ssl.gstatic.com *.gstatic.com googleads.g.doubleclick.net  *.googletagmanager.com *.google.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com; frame-src 'self' optimize.google.com *.youtube.com 2
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.pagedal.nl www.pagedal.de www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' http: https: ws: wss: *.vimeo.com *.google-analytics.com *.membogo.com js-agent.newrelic.com  *.zopim.com https://bam.nr-data.net fonts.googleapis.com *.hpjcc.com  *.googleapis.com fonts.gstatic.com *.addthis.com *.addthisedge.com *.nr-data.net 'unsafe-eval' 'self' 'unsafe-inline' data: ; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; connect-src 'self' *; media-src 'self' *; frame-src 'self' *; object-src 'self' *; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google-analytics.com www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://cdn.rawgit.com/w8tcha/CKEditor-CodeMirror-Plugin/ platform.twitter.com platform.twitter.co syndication.twitter.com cdn.syndication.twimg.com https://cdn.rawgit.com/ractoon/jQuery-Text-Counter/ https://js-agent.newrelic.com/nr-1071.min.js bam.nr-data.net tagmanager.google.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ platform.twitter.com tagmanager.google.com; img-src 'self' data: www.google-analytics.com https://cdn.rawgit.com/ckeditor/ckeditor-dev/ https://raw.githubusercontent.com/ckeditor/ckeditor-dev/ www.googletagmanager.com www.bureauveritas.com syndication.twitter.com platform.twitter.com *.twimg.com ssl.gstatic.com www.gstatic.com; media-src 'self'; frame-src 'self' www.youtube.com tools.eurolandir.com cws.huginonline.com www.googletagmanager.com platform.twitter.com syndication.twitter.com player.youku.com; child-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com https://tools.eurolandir.com/tools/pricefeed/RequestStockDataBundleXML.aspx; report-uri https://csp-report-uri.bureauveritas.com 2
default-src 'self' www.youtube.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com twitter.com static.queue-it.net p.typekit.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googleadservices.com connect.facebook.net www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.googletagmanager.com www.youtube.com twitter.com s.pinimg.com www.googleadservices.com use.typekit.net s.yimg.com static.queue-it.net queue-it.net assets.queue-it.net bat.bing.com performance.typekit.net fls.doubleclick.net pixel-a.basis.net ct.pinterest.com googleads.g.doubleclick.net static.ads-twitter.com sp.analytics.yahoo.com analytics.twitter.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net googleads.g.doubleclick.net siteimproveanalytics.com 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googletagmanager.com tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com omahapa-preprod.azurewebsites.net tagmanager.google.com www.googletagmanager.com bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.typekit.net data: tagmanager.google.com www.googletagmanager.com fonts.googleapis.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net googletagmanager.com www.youtube.com p.typekit.net pixel-a.basis.net pixel.sitescout.com stats.g.doubleclick.net bat.bing.com t.co www.google.com ct.pinterest.com googleads.g.doubleclick.net omahapa-preprod.azurewebsites.net 6154533.global.siteimproveanalytics.io siteimproveanalytics.io www.googletagmanager.com tagmanager.google.com www.googletagmanager.com ssl.gstatic.com lh3.googleusercontent.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.youtube.com; media-src  'self' data: blob: www.youtube.com o-pa.org www.o-pa.org ticketomaha.com www.ticketomaha.com; frame-src www.youtube.com twitter.com pixel-a.basis.net pixel.sitescout.com fls.doubleclick.net 6899690.fls.doubleclick.net bid.g.doubleclick.net 8071554.fls.doubleclick.net www.google.com 8093096.fls.doubleclick.net omahapa-preprod.azurewebsites.net ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.capacityinteractive.com capacityinteractive.com platform.twitter.com platform.twitter.co www.facebook.com connect.facebook.net facebook.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com ticketomaha.com o-pa.org omahaperformingarts.org azurewebsites.net s.yimg.com ct.pinterest.com performance.typekit.net omahapa-preprod.azurewebsites.net bi.capacityinteractive.com capacityinteractive.com bi.o-pa.org bi.ticketomaha.com ticketomaha.beta-site.ca to-beta.ticketomaha.com omahapatest.azurewebsites.net omahapatest-omahapatest-preprod.azurewebsites.net o-pa-beta.o-pa.org o-pa.beta-site.ca www.saveourstages.com stats.g.doubleclick.net www.google-analytics.com; 2
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2
script-src 'self' https: 'unsafe-inline' 2
connect-src https://www.google.co.th/ http://www.americanexpress.com/ https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ wss://iwmap.americanexpress.com/ https://performance.typekit.net/ wss://www.americanexpress.com/ https://*.vivocha.com/ https://*.custhelp.com/ https://14106077-sync.va.cobrowse.liveperson.net/ https://ds-aksb-a.akamaihd.net/ https://dev.visualwebsiteoptimizer.com/ https://americanexpresscards.tt.omtrdc.net/ https://*.eloqua.com/ https://aeopprodvip.acxiom.com/ wss://va.msg.liveperson.net/ https://*.aexp-static.com/ https://www.google.com/ https://events.bouncex.net/ https://ib.adnxs.com/ https://ing-district.clicktale.net/ https://conductor.clicktale.net/; object-src 'self' https://www.aexp-static.com/; style-src http://fonts.googleapis.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' https://cdn.vivocha.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.aexp-static.com/ https://cloud.webtype.com/; report-uri https://csp.tsrs.cloud/r/9f2284c8d280fc5fd9fbbbee63e251a077434376; plugin-types  application/x-shockwave-flash; img-src 'self' data: https: http:; worker-src  blob:; base-uri 'self' https://lpcdn.lpsnmedia.net/ https://*.americanexpress.com/; frame-ancestors https://*.aexp.com/  https://*.americanexpress.com/; form-action http://www.americanexpress.com/ https://*.custhelp.com/ https://*.americanexpress.com/ 'self' https://*.eloqua.com/; script-src https://s.ytimg.com/ http://icm.aexp-static.com/ 'self' https://*.delvenetworks.com/ https://*.demdex.net/ https://googleads.g.doubleclick.net/ https://*.lpsnmedia.net/ https://www.gstatic.com/ https://www.googleadservices.com/ https://adservice.google.it/ https://img.en25.com/ https://d5phz18u4wuww.cloudfront.net/ https://report1.maritz.com/ https://bat.bing.com/ https://*.google.com/ https://www.youtube-nocookie.com/ https://*.omtrdc.net/ https://ads.avocet.io/ https://cdnssl.clicktale.net/ https://secure.leadforensics.com/ https://fidoapi.com/ 'unsafe-eval' https://ajax.googleapis.com/ https://*.ss-omtrdc.net/ https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' https://use.typekit.net/ https://a1.adform.net/ https://*.liveperson.net/ https://*.vivocha.com/ https://dstatic.dev.ipc.us.aexp.com/ https://code.jquery.com/ https://www.google-analytics.com/ https://dev.visualwebsiteoptimizer.com/ https://service.maxymiser.net/ https://www.googletagmanager.com/ https://*.aexp-static.com/ https://snap.licdn.com/ https://*.bounceexchange.com/ https://connect.facebook.net/ https://*.americanexpress.com/ https://*.linkedin.com/ https://nexus.ensighten.com/ https://*.bluekai.com/ https://aeopprodvip.acxiom.com/ https://*.akamaihd.net/; font-src https://cache.marriott.com/ https://use.typekit.net/ 'self' https://cdn.vivocha.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.aexp-static.com/ https://cloud.webtype.com/ data: https://gem-dev.aexp.com/; media-src https://ssl.gstatic.com/ https://lpcdn.lpsnmedia.net/ https://production.smedia.lvp.llnw.net/ 'self' http://production.smedia.lvp.llnw.net/; frame-src https://icm.aexp-static.com/ https://*.americanexpress.com/ 'self' https://*.liveperson.net/ https://www.youtube-nocookie.com/ https://lpcdn.lpsnmedia.net/ https://*.facebook.com/ https://*.doubleclick.net/ https://c1.adform.net/ https://www.payback.it/ https://assets.bounceexchange.com/ https://service.maxymiser.net/ https://www.youtube.com/ https://*.akamaihd.net/ https://f2.vivocha.com/ https://aexp.demdex.net/ https://*.yahoo.com/;  2
default-src 'none' ;report-to csp; report-uri https://report-uri.simplyadmire.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://f1-eu.readspeaker.com https://include.timeblockr.com/v1/ ;style-src 'self' data: 'unsafe-inline' https://f1-eu.readspeaker.com https://include.timeblockr.com/v1/ ; img-src 'self' data: https://www.google-analytics.com https://eu2.siteimprove.com/ https://f1-eu.readspeaker.com https://include.timeblockr.com/v1/ ;media-src 'self' https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://rstts-eu.readspeaker.com ; font-src 'self' data: https://include.timeblockr.com/v1/ ; object-src 'self' ;frame-ancestors 'self' https://www.bergen-nh.nl https://www.castricum.nl https://www.uitgeest.nl https://www.heiloo.nl ; frame-src 'self' https://www.bergen-nh.nl https://www.castricum.nl https://www.uitgeest.nl https://www.heiloo.nl https://rstts-eu.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com ; connect-src 'self' https://rstts-eu.readspeaker.com https://media-eu.readspeaker.com https://app-eu.readspeaker.com https://f1-eu.readspeaker.com https://include.timeblockr.com https://shared.api.timeblockr.com https://www.google-analytics.com ;  2
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2
http://www.omsar.gov.lb 'unsafe-inline' 2
frame-ancestors 'self' https://*.lucky311.com https://*.playcx.com https://*.playdublinbet.com https://*.play31.com https://*.premierlivecasino.com https://*.sterlingcdn.com https://*.lucky31fr.com https://*.casinoextra2.com https://sterlingcdn.com https://*.sterlingcdn.com https://*.streatapp.com https://*.casinoextra100.com https://*.dublinsbet.com https://*.lucky-31.com https://*.casinoextra3.com https://*.dublinbet1.com https://*.prontocasino.com https://*.casino-estrellas.com https://*.dublinbet.org https://*.casinoextra.net https://*.fatboss.com https://*.casinoextraclub.com https://*.lucky31club.com https://*.dublinbetenvivo.com https://*.casinoestrellavip.com https://*.fatboss1.com https://*.fatboss1.net https://*.fatbossclub.com https://*.fatbossvip.com https://*.thefatboss.com https://*.thefatboss.net https://*.casinoextra2019.com https://*.casinoestrella2019.com https://*.dublinbet2019.com https://*.prontolive.se https://*.casinoextrawin.com https://*.dublinbetwin.com https://*.lucky31win.com https://*.onlinebingowin.com https://*.casinoestrellawin.com https://*.fatbosswin.com https://*.casinoextra2020.com https://*.dublinbet2020.com https://*.lucky312020.com https://*.onlinebingo2020.com https://*.casinoestrella2020.com https://*.fatboss2020.com https://*.casinoextraofficial.com https://*.dublinbetofficial.com https://*.lucky31official.com  https://*.onlinebingoofficial.com https://*.casinoestrellaofficial.com https://*.fatbossofficial.com https://*.futocasi.com  https://livecasino.betamogames.com https://livecasino.casinoestrella.com https://livecasino.casinoestrella1.com https://livecasino.casinoextra.com https://livecasino.casinoextrafr.com https://livecasino.oddsextra.com https://livecasino.onlinebingo.eu https://livecasino.playdublinbet.com https://livecasino.premierlivecasino.com https://livecasino.prontocasino.com https://mtm-static.casinomodule.com https://*.yggdrasilgaming.com https://nolimitjs.nolimitcdn.com  https://d1k6j4zyghhevb.cloudfront.net  https://quickfire3.gameassists.co.uk https://mobile3.gameassists.co.uk https://livegames.gameassists.co.uk https://lobby-estrella.betsoftgaming.com https://starfishcasino.tain.com https://www.alteagaming.com https://starfish-godwebclient-cur.geniigaming.net https://game3.betgames.tv https://*.betamogames.com https://game.itsreal.live https://starfishmedia-prod-dgm.ps-gamespace.com https://alvcw.playngonetwork.com https://apiprod.fundist.org https://gserver-starfishmedia.redtiger.cash https://aggr.softswiss.net https://*.zendesk.com https://guezcash.com https://fastwin.pro https://specialwin.biz https://kopsoft.net https://pages.tain.com https://*.tain.com https://guezcash.com 2
frame-ancestors 'self' https://*.mawebcenters.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 2
default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://maps.googleapis.com https://www.google-analytics.com https://cdn.datatables.net https://accounts.livechatinc.com https://secure.livechatinc.com https://cdn.livechatinc.com https://loader.webspellchecker.net https://cdn.ckeditor.com/ https://ajax.googleapis.com https://code.jquery.com/ https://maxcdn.bootstrapcdn.com https://www.indiainnewyork.gov.in https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ http://www.amcharts.com/ https://code.highcharts.com/ https://static.fusioncharts.com/ https://www.amcharts.com/     https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/v1531759913576/recaptcha__es.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/api2/v1531759913576/recaptcha__en.js https://translate.google.com/ https://translate.googleapis.com/ https://platform.twitter.com/ https://twitter.com/ https://cdn.syndication.twimg.com/timeline/; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://indiainnewyork.gov.in/ https://www.youtube-nocookie.com https://secure.livechatinc.com https://svc.webspellchecker.net https://loader.webspellchecker.net https://m.youtube.com/ https://platform.twitter.com/ https://www.google.com/ https://www.facebook.com/ https://www.youtube.com/ https://youtu.be/ https://www.fieo.org/ https://free.timeanddate.com/ https://translate.googleapis.com/ https://syndication.twitter.com/; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://fonts.googleapis.com https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://cdn.ckeditor.com/ https://ajax.googleapis.com https://code.jquery.com/ https://fonts.googleapis.com/ https://www.amcharts.com/ https://cdnjs.cloudflare.com/ https://platform.twitter.com https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css https://platform.twitter.com/css/timeline.d1d3833e3b1b21f1a6bc4e8af3baca6b.light.ltr.css https://ton.twimg.com/ https://translate.googleapis.com/ https://platform.twitter.com/css/timeline.01c17c5f061c8031af501b58dbf35385.light.ltr.css; connect-src 'self' https://indiainnewyork.gov.in 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://visitor2.constantcontact.com/ https://listgrowth.ctctcdn.com/; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/ data: ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob: *.readspeaker.com *.speechstream.net ; script-src * 'unsafe-inline' 'unsafe-eval';  object-src 'none'; 2
script-src 'nonce-572c96a639154359dd911352899dcd4a' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com *.adyen.com *.adyenpayments.com *.bnc.lt bnc.lt *.branch.io cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.pinimg.com *.pinterest.com accounts.google.com *.branch.io *.facebook.com *.dropboxapi.com *.adyen.com *.adyenpayments.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-plymouth.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net blob: *.appcues.com *.appcues.net wss://*.appcues.net *.bugsnag.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; form-action 'self'; worker-src 'self' blob: https://www-pinterest-com.cdn.ampproject.org 'unsafe-inline'; base-uri 'none'; report-uri /_/_/csp_report/?rid=2219055115267141; frame-ancestors 'self' 1
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ https://*.quantserve.com https://*.quantcount.com https://quantcast.mgr.consensu.org 'unsafe-eval' 'nonce-8hRNW4FSLEz9gAtYfzZatRQ9E3U' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
style-src 'unsafe-inline' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io https://adserver.adtech.advertising.com https://cdn.jsdelivr.net https://js.stripe.com; default-src https://*.flickr.com https://*.staticflickr.com https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://image.maps.api.here.com https://*.paypal.com https://*.pinterest.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google.com https://*.google.de https://*.google.fr https://*.google.it https://*.google.co.uk https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net https://ad.turn.com https://aka-cdn.adtechus.com https://aol-match.dotomi.com https://cm.g.doubleclick.net https://ib.adnxs.com https://match.adsrvr.org https://pixel.advertising.com https://pixel.quantserve.com https://sync.mathtag.com https://x.bidswitch.net https://api.mapbox.com https://ssum.casalemedia.com https://sync.adtelligent.com https://prebid-match.dotomi.com https://rtb.openx.net https://eb2.3lift.com https://pixel.rubiconproject.com https://rtb.gamoshi.io https://ads.yieldmo.com https://sync.1rx.io https://ap.lijit.com https://prebid.adnxs.com https://dis.criteo.com https://bsw.digitru.st https://us-west-sync.bidswitch.net https://ups.analytics.yahoo.com https://prebid.a-mo.net/a/c https://htlb.casalemedia.com/ https://image2.pubmatic.com; media-src https://*.flickr.com https://*.staticflickr.com https://*.http.atlas.cdn.yimg.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-dac3490d0a2d4afc9cd344bccbe7a488' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io https://adserver.adtech.advertising.com https://cdn.jsdelivr.net https://js.stripe.com; connect-src https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com http://api.flickr.com https://*.pinterest.com https://*.braintreegateway.com https://*.braintree-api.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://api.greenhouse.io https://*.flickrprints.net https://*.flickrprints.com https://csi.gstatic.com https://prebid.adnxs.com https://tlx.3lift.com https://*.adtech.advertising.com https://grid.bidswitch.net https://fastlane.rubiconproject.com https://hbopenbid.pubmatic.com https://as-sec.casalemedia.com https://ib.adnxs.com/ut/v3/prebid https://gum.criteo.com https://prg.smartadserver.com https://ice.360yield.com https://mug.criteo.com https://api.stripe.com https://c2shb.ssp.yahoo.com https://prebid.a-mo.net/a/c https://htlb.casalemedia.com/; frame-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://*.doubleclick.net/ https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io https://ads.pubmatic.com https://ssum-sec.casalemedia.com https://www.googletagservices.com/pubconsole/ https://eb2.3lift.com https://eus.rubiconproject.com/ https://*.safeframe.googlesyndication.com/safeframe/ https://*.tynt.com/ https://*.adnxs.com/ https://*.indexww.com/ https://csync.smartadserver.com/ https://js.stripe.com https://hooks.stripe.com; child-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://*.doubleclick.net/ https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io https://ads.pubmatic.com https://ssum-sec.casalemedia.com https://www.googletagservices.com/pubconsole/ https://eb2.3lift.com https://eus.rubiconproject.com/ https://*.safeframe.googlesyndication.com/safeframe/ https://*.tynt.com/ https://*.adnxs.com/ https://*.indexww.com/ https://csync.smartadserver.com/ https://js.stripe.com https://hooks.stripe.com; font-src https://*.staticflickr.com https://*.flickr.com data:; worker-src blob:; form-action https://*.flickr.com https://*.flickrpro.com; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-z46lrmfNOJas7Wg12S6Z' 'nonce-xXIF0UP07Eh6Rpac9Qec' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com https://*.qualtrics.com; script-src 'nonce-sbouECoVjyTifu5zZDw/oqFX7i3j6r1AtBNoJVjUN5PSFb6t' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.dialogtech.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'report-sample' 'nonce-1JnBBCY1yYZ+aOlXeMxYig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'nonce-1JnBBCY1yYZ+aOlXeMxYig' 'self' 'unsafe-eval' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport 1
frame-ancestors 'self' https://*.nasa.gov 1
report-uri https://www.yelp.com/csp_block?id=b8f8746d8ecc9a55&page=enforced_by_default_directives&policy_hash=7b6f2d6630868fdb2698dac44731677c&site=www&timestamp=1600662183; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com 1
script-src 'report-sample' 'nonce-Gc52o9ZhapcUMsf6VDi/Qw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors *.berkeley.edu berkeley.edu ; 1
frame-ancestors 'self' *.grammarly.com 1
default-src 'self'; img-src 'self' https://www.thetradedesk.com; script-src 'self' https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.meetecho.com *.ietf.org 1
default-src 'self'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api 'unsafe-inline' 'nonce-NzAsMTA2LDcyLDk5LDQwLDMzLDIyMSwxMjQ='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://cdn.discordapp.com https://profile-photos.hackerone-user-content.com https://hackerone.com/assets/avatars/ https://safety.discord.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src 'self' discordapp.com https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.youtube.com/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/; 1
script-src 'report-sample' 'nonce-5EiSg1ps2nB/Pr0nhPNOPA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src 'self' http://*.moatads.com:*; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' * data:; media-src 'self' *; font-src 'self' *; connect-src 'self' *; 1
default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://stats.g.doubleclick.net https://storage.googleapis.com https://sc-kharon.appspot.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com https://*.firebaseio.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com https://tremolossl-a.akamaihd.net https://*.firebaseio.com; connect-src 'self' https://snapchat-web.storage.googleapis.com https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://www.google-analytics.com wss://*.firebaseio.com https://www.googleapis.com https://securetoken.googleapis.com https://storage.googleapis.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 1
default-src 'none';base-uri 'self';form-action platform.twitter.com syndication.twitter.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com www.google-analytics.com code.jquery.com platform.twitter.com api.github.com www.ziprecruiter.com api.ziprecruiter.com 'nonce-MmIwOWNkNDItZTFmMC00MDlmLTgyN2MtMmQzNDJmMDkxOTQ2';style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com platform.twitter.com;img-src 'self' data: www.google-analytics.com bootswatch.com stats.g.doubleclick.net ad.doubleclick.net *.convertro.com *.c3tag.com *.2mdn.net launchbit.com www.launchbit.com www.ziprecruiter.com;font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com;frame-src 'self' img.shields.io platform.twitter.com syndication.twitter.com;child-src 'self' img.shields.io platform.twitter.com syndication.twitter.com;connect-src syndication.twitter.com;object-src img.shields.io;manifest-src 'self' 1
frame-ancestors 'self' https://cms.qz.com; upgrade-insecure-requests 1
frame-ancestors https://www.icicibank.com https://rmwb.icicibank.com https://ipfms.icicibank.com https://imbuat.icicibank.com https://cibnext.icicibank.com https://help.icicibank.com https://infiniteindia.icicibank.com 1
script-src 'report-sample'