Values for content-security-policy: upgrade-insecure-requests 6,075 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 5,868 frame-ancestors 'self' 3,076 upgrade-insecure-requests; 2,123 frame-ancestors 'self'; 1,325 block-all-mixed-content 758 block-all-mixed-content; 530 frame-ancestors 'none' 402 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 308 frame-ancestors 'none'; 254 frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 160 136 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 123 report-uri /report-csp-violation 112 default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 110 object-src 'none' 107 default-src https: data: 'unsafe-inline' 'unsafe-eval' 104 frame-ancestors 'self' godaddy.com *.godaddy.com 78 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 70 frame-ancestors 'self' https://*.ally.ac; 62 default-src * data: 'unsafe-eval' 'unsafe-inline' 58 script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 57 img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in data:;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 57 frame-ancestors * 56 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 52 frame-ancestors 'self' http://webvisor.com 52 self 49 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 49 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 46 frame-ancestors 'self' https://app.grovecms.org/ 44 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 44 frame-ancestors 'self' ; 42 upgrade-insecure-requests; block-all-mixed-content 42 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.abkafurniture.com *.abt.s3.yandex.net *.ad-generation.jp *.ad-plus.com.tr *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adsby.io *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.cdn.proadscdn.com *.cimri.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.incehesap.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.sanalofisonline.com *.say.ac *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.trvdp.com *.ttwstatic.com *.twitter.com *.ucfunnel.com *.uidapi.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.net *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com ad-plus.com.tr ads.vidoomy.com adsby.io api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn.adhouse.pro cdn.ampproject.org cdn.doubleverify.com cdn.id5-sync.com cdn.jsdelivr.net cdn.proadscdn.com cdn.ravenjs.com cdn2.bildirt.com dsp-media.eskimi.com ep2.adtrafficquality.google gdetr.hit.gemius.pl google.com googlesyndication.com instagram.com invstatic101.creativecdn.com js.globalsun.io jscdn.greeter.me jsdelivr.net lidertv.radyotelekom.com.tr myvalice.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com preply.com proadscdn.com protagcdn.com say.ac script.4dex.io static-maps.yandex.ru static.cdn.pixad.com.tr tags.crwdcntrl.net testerparfum.com trgde.adocean.pl yastatic.net; 40 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 39 require-trusted-types-for 'script' 37 upgrade-insecure-requests; frame-ancestors 'self' 37 default-src 'none' 35 frame-ancestors self 34 upgrade-insecure-requests;object-src 'none' 34 report-uri /report-csp-violation; upgrade-insecure-requests 33 frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 33 default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 30 frame-ancestors 'self'; upgrade-insecure-requests 29 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 29 upgrade-insecure-requests;connect-src * 29 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 27 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 26 frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 26 frame-ancestors https://sinclairstoryline.com https://qa-sinclairstoryline.com https://int-sinclairstoryline.com https://storyline-qa.com https://storyline-int.com https://preview.int-sinclairstoryline.com https://preview.storyline-int.com https://preview.storyline-qa.com https://preview.qa-sinclairstoryline.com https://preview.sinclairstoryline.com; upgrade-insecure-requests 26 default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 26 default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 25 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 24 frame-ancestors 'self' https://*.akifast.com akifast.com 23 frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 23 frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 23 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 22 block-all-mixed-content; upgrade-insecure-requests; 22 upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self'; object-src 'none' 22 default-src 'self' http: https: data: blob: 'unsafe-inline' 21 frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp 20 default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 20 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 20 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 19 default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ 19 * 19 default-src 'self' 'unsafe-inline' https://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 18 frame-ancestors 'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.com:* *.espnqa.com:* 17 default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none;frame-src 'self' mailto: tel: https: 17 default-src 'self' 17 frame-ancestors 'self' https://cms.scrippsdigital.com 17 default-src data: 'unsafe-inline' 'unsafe-eval' https:;base-uri 'self';frame-ancestors 'self' ;img-src data: https: blob:;font-src data: https:;media-src https: blob:;connect-src https: wss: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;style-src data: 'unsafe-inline' https:;child-src https: data: blob:;form-action https:;object-src 'none'; 17 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 17 default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 17 ; 16 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 16 frame-ancestors 'self' *.plentymarkets-cloud-de.com *.my.plentysystems.com 16 frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 16 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 15 upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 15 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 15 default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 15 default-src 'self'; script-src 'self' 'unsafe-inline' 15 frame-ancestors 'self' *.google.com *.googleusercontent.com 15 frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news®ion=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 14 sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 14 upgrade-insecure-requests; frame-ancestors 'self'; 14 form-action 'self' 14 default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 14 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; connect-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline'; frame-src * data: mediastream: blob: filesystem: about: 'unsafe-eval' 'unsafe-inline' 14 frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 14 frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 14 frame-ancestors 14 default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 14 frame-ancestors 'self' devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:* https://edit-nitrogen-cs-public-alb.diks.fi; 14 frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 14 default-src https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: data: blob:; img-src 'self' https: data: blob:; font-src 'self' https: data: blob:; worker-src 'self' https: blob:; frame-ancestors 'self' *.sitewrench.com *.speakcreative.com 14 default-src 'self'; style-src 'unsafe-inline'; object-src 'none' 14 frame-ancestors 'self' https://my.wealthsimple.com 14 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 13 base-uri 'self';default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 13 frame-ancestors 'self' ;upgrade-insecure-requests; 13 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 13 default-src 'self' 'unsafe-inline' 13 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 13 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 13 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 12 object-src 'none'; 12 frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 12 upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 12 img-src https: data:; upgrade-insecure-requests 12 base-uri 'self'; 12 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 11 frame-ancestors 'self'; upgrade-insecure-requests; 11 frame-ancestors *; 11 base-uri 'self' 11 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 11 frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camutik.com *.camutik.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com icfadmin.com *.icfadmin.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com kinkyspa.com *.kinkyspa.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 11 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 11 frame-ancestors 'self' https://app.storyblok.com 11 frame-ancestors 'self' https://testbaba.virtualcms.it 11 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 11 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: *; frame-ancestors 'self' https://gameloader.421marsbahis.com 11 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 11 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests; 10 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 10 frame-ancestors 'self'; report-uri /report-csp-violation 10 frame-ancestors 'self' https://app.contentful.com 10 default-src='self' 10 block-all-mixed-content; frame-ancestors 'self' 10 frame-ancestors 'self' https://medium.com 10 frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 10 frame-ancestors 'self' azeu.marketing.adobe.com 10 default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.awin1.com *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com www.googleoptimize.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.metricool.com *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com lantern.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.sovendus.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiqcdn.com *.trbo.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.fullstory.com *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com *.iadvize.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.pinterest.com *.qualtrics.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com stihl-sso.com stihl.tui-servicelayers.io *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.trbo.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud stihlb2bdocuments.blob.core.windows.net s.yimg.com *.youtube-nocookie.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com; img-src 'self' *.ad-stir.com *.1rx.io *.360yield.com *.3lift.com *.addthis.com *.adingo.jp *.admixer.co.kr *.adscale.de *.adform.net *.adnxs.com *.adtdp.com *.advertising.com *.adyen.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.ants.vn *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.billie.io *.bing.com *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.foxbase.de *.fullstory.com *.fwnm.net *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.iadvize.com *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.metricool.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.rambler.ru *.revcontent.com *.rlcdn.com *.rockysandstudio.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.sovendus.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.toast.com *.tpmn.co.kr *.trbo.com *.tremorhub.com *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net sync.targeting.unrulymedia.com *.wepowerconnections.com *.windows.net storagetimbersportsdata.blob.core.windows.net *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; media-src 'self'; style-src 'self' 'unsafe-inline' *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.iadvize.com *.onetrust.com *.sovendus.com *.trbo.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com assets.oney.io cdn.parcellab.com *.sovendus.com *.stihl.de *.trbo.com typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.google.com *.guuru.com *.iadvize.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com static.stihl.com *.dam.stihl.cloud *.stihl-dns.net *.teads.tv *.trbo.com e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com; child-src 'self' blob: *.guuru.com 10 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 9 frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 9 frame-ancestors none 9 default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com static.hotjar.com launch-9151dc1e0eb6-development mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com *.aptrinsic.com *.datatrans.com *.recaptcha.net *.bookingkit.com *.paypalobjects.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 9 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 9 frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com 9 frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self'; 9 frame-ancestors 'self' https://webvisor.com http://webvisor.com; 9 default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 9 default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: mailto: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 8 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 8 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 8 frame-ancestors 'self'; object-src 'none'; 8 frame-ancestors 'self' www.bookends.info *.bookends.info 8 default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; 8 frame-ancestors 'self' https://app.datadoghq.eu https://backoffice.cwcg9g7aq8-mercedesb2-p1-public.model-t.cc.commerce.ondemand.com; 8 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 8 default-src 'self' *.idrive.com *.idrivesync.com https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 8 default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.googletagmanager.com/gtag/js www.googleadservices.com/pagead/ www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ adservice.google.com/pagead/ merchantpool1.linkedin.com/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com flo.uri.sh li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 7 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 7 frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 7 require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 7 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 7 default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 7 default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/;frame-ancestors 'self'; 7 upgrade-insecure-requests; frame-ancestors 'none' 7 default-src 'self'; 7 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 7 ; frame-ancestors 'self' 7 frame-ancestors 'none'; upgrade-insecure-requests 7 frame-ancestors 'self' ; upgrade-insecure-requests; 7 block-all-mixed-content; upgrade-insecure-requests 7 default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 7 object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 7 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 7 img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 7 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 7 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 7 frame-ancestors 'self' *; upgrade-insecure-requests; 7 frame-ancestors none; 7 default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai;script-src-attr 'unsafe-inline';connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai;img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com;frame-src *;object-src 'none';media-src 'self' *.iesnare.com data:;frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self';form-action 'self';upgrade-insecure-requests 7 frame-ancestors 'self' https://*.getresponse.com 7 frame-ancestors 'self' *.insparx.com *.insparx.org; 7 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 6 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org *.nk-img.com *.segpay.com *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.exoclick.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 6 frame-ancestors https://*.marketo.com 6 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 6 frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 6 img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com data: maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 6 frame-ancestors 'self' https://localhost:* https://*.bustle.com https://*.bdg.com 6 frame-ancestors 'self'; base-uri 'self'; 6 upgrade-insecure-requests; block-all-mixed-content; 6 frame-ancestors https://*.myworldfix.com https://*.beesads.com https://*.gamebridge.games http://*.gamebridge.games 6 frame-ancestors 'self' *.ci360.sas.com app.contentstack.com 6 frame-ancestors 'self' *stg.awsapps.nvidia.com *dev.awsapps.nvidia.com *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com https://cms.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://cms.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud https://events.rainfocus.com https://docs.nvidia-docs-uat.lower.k3.m1.brightspot.cloud https://docs.nvidia-docs-qa3.lower.k3.m1.brightspot.cloud; 6 object-src 'self' 6 base-uri 'self'; frame-ancestors 'self' 6 default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 6 frame-ancestors 'self' https://staging-app.boxoffice.com https://app.boxoffice.com 6 default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 6 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 6 script-src 'self' 6 default-src 'self' https://niccicms.raj.nic.in/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' 'unsafe-eval' data:; 6 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 6 child-src * blob: 6 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud/ https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console.apac.sabio.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://console.apac.sabio.cloud/ https://authmiddleware.ap.sabio.cloud https://*.algolia.net https://*.algolianet.com https://*.algolia.io ; 6 frame-ancestors 'self' *.hotmart.com *.buildstaging.com *.kpages.com.br *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 6 frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 6 frame-ancestors 'self' https://secure.safecharge.com; 6 frame-ancestors whitelabel.camspower.com cams.dnxlive.com 6 frame-ancestors 'self' *.youtube.com 6 worker-src 'self' blob: 6 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 6 img-src *; 6 font-src *;img-src * data:; 6 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https: ; worker-src 'self' blob: ; media-src 'self' blob: https: ; 6 block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 6 default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 6 upgrade-insecure-requests; base-uri 'none'; 6 script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com *.cdn.adyen.com; object-src 'none'; child-src 'self' www.youtube.com youtube.com www.google.com google.com *.doubleclick.net player.vimeo.com www.googletagmanager.com checkoutshopper-live.adyen.com *.cdn.adyen.com maps.google.com.sg www.google.com maps.google.com goo.gl google.com www.facebook.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 6 default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.vwo.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.twimg.com *.twitter.com *.zopim.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.vscdns.com *.strpst.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 6 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com https://js.klevu.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.usablenet.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com bam.nr-data.net js-agent.newrelic.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com cdnjs.cloudflare.com polaris.truevaultcdn.com https://samples.woodstream.com/ *.google.com.ua *.google.pl assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com wss://*.hotjar.com/ *.mapbox.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ 'self' https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com *.mapbox.com cdnjs.cloudflare.com https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com *.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com *.googleapis.com *.mmapiws.com *.tiktok.com recs.listrakbi.com paypal.com bam.nr-data.net *.leadmanagerfx.com *.marketingcloudfx.com *.truevaultcdn.com 'self' 'unsafe-inline'; 6 default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 6 style-src * 'unsafe-inline'; font-src * data:; img-src * data:; connect-src *; object-src none; frame-ancestors 'self'; 6 frame-ancestors 'self' https://gtranslate.io; 6 default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 6 frame-ancestors 'self' https://*.nbcnews.com https://*.today.com https://*.msnbc.com https://*.telemundo.com https://*.nbcnewstools.net https://*.eonline.com https://*.cnbc.com 5 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 5 upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pathfactory.com *.impactcdn.com *.tiktok.com *.emarsys.net *.ofgreencolumn.com *.usercentrics.eu *.amazon *.redditstatic.com *.roeyecdn.com *.unpkg.com *.googleadservices.com *.2checkout.com *.cookielaw.org *.criteo.com *.dwin1.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se *.bitdefender.co.jp bitdefender.co.jp bitdefender.applytojob.com *.adobe.com *.facebook.com *.facebook.net *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.ads-twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.hsforms.net *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de dpm.de *.mdex.net mdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net *.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net *.scarabresearch.com *.zenaps.com pixel.xonaz.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com *.outgrow.us *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com ad4m.at *.googletagmanager.com bat.bing.com *.impactradius-event.com *.outbrain.com *.gartner.com *.gstatic.com *.licdn.com *.bizible.com *.clarity.ms *.demandbase.com *.hs-scripts.com *.sf14g.com *.hsadspixel.net *.hs-analytics.net *.hsleadflows.net *.hs-banner.com *.usemessages.com *.company-target.com *.techtarget.com *.privacyportal-de.onetrust.com *.geolocation.onetrust.com *.avads.net cdn.jsdelivr.net *.hlx.live; 5 script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 5 frame-ancestors *.ivanti.com https://dash.cloudflare.com 5 object-src 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 5 frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com 5 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 5 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 5 frame-ancestors 'self' https://*.ezlynx.com/ https://*.appliedsystems.com/ https://*.ivans.com/ https://*.agentinsure.com/ https://*.uatezlynx.com/ https://*.vtpezlynx.com/ https://*.devezlynx.com/ 5 default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 5 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com https://*.cloud.microsoft; 5 default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 5 default-src 'self'; style-src 'self' * 'unsafe-inline';style-src-attr 'self' 'unsafe-inline' *; style-src-elem 'self' 'unsafe-inline' *; font-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; connect-src *; img-src 'self' 'unsafe-inline' data: blob: *; manifest-src *; frame-src *; media-src * blob: 5 frame-ancestors 'self' *.purpledshub.com 5 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 5 frame-ancestors 'self' *.daysmartpayments.com http://localhost:4200/ 5 default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 5 frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 5 frame-ancestors 'self' https://deco.cx https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 5 default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 5 object-src 'none'; base-uri 'none' 5 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 5 default-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com ajax.cloudflare.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com flo.uri.sh; style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com; img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org hosted.weblate.org; font-src 'self' data: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org; media-src 'self' blob: *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com; frame-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com calendar.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com; connect-src 'self' *.miraheze.org *.mirabeta.org *.nexttide.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com 1.1.1.1 translate.googleapis.com; 5 default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.dvidshub.net *.military.com *.cloudfront.net; img-src 'self' data: *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net *.vimeo.com; connect-src 'self' *.mapbox.com *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 5 default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; worker-src blob: 'self'; 5 frame-ancestors "self" http://jack-wolfskin.com https://mywolfpack.jack-wolfskin.com http://staffbase.com capacitor://jack-wolfskin.com capacitor://staffbase.com; 5 script-src 'self' 'unsafe-inline' 5 frame-ancestors 'self' https://*.bdo.global 5 default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://statistikk.fnsp.no/ https://web-sdk-eu.aptrinsic.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://cdn.tiny.cloud https://www.cdisol.blog https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/ https://www.cdisol.blog; font-src 'self' data: https://fonts.gstatic.com/ https://dhm5hy2vn8l0l.cloudfront.net/ https://web-sdk-eu.aptrinsic.com/; img-src 'self' data: https://*.nhn.no https://www.fnsp.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no; connect-src 'self' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://dashboard.find.episerver.net/ https://uib.cloud.panopto.eu/ https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vimeo.com/ https://youtu.be/ https://medfilm.se/ https://film.oslo-universitetssykehus.no/ https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://podcasts.apple.com https://ekstranett.helse-midt.no/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://fellesinnhold.fnsp.nhn.no https://fnsp.fnsp.nhn.no https://www.fnsp.no https://navikt.github.io https://acast.com/ https://www.acast.com/ https://players.brightcove.net/ https://*.fnsp.nhn.no https://app.powerbi.com https://prat.fnsp.no https://login.microsoftonline.com https://skde.org https://prod-tabellverk.skde.org/; frame-ancestors 'self'; 5 default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.optimizely.com http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.optimizely.com 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg=' 'sha256-2pe8k26MWlcKficOeMWZ75CKsCYpC8O7SWL1c80IevA=' 'sha256-xA+Nf+aCToDDa/FWlmohq36+g4wJDUNr/5Z99KzXHAQ=' 'sha256-Ekr4lImICDOvgVtzrLML7wjf3IM4V5Q3+ohyZq4Fi5w='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net; object-src 'none' 5 require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 5 frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com https://*.webtrends-optimize.com https://*.azurewebsites.net https://*.onetrust.com object-src 'none'; base-uri 'none'; 5 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 5 frame-src * 5 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 5 frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 5 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.creativecdn.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de https://www.facebook.com https://r.clarity.ms https://p.gsitrix.com https://tr6.snapchat.com https://www.sandbox.paypal.com https://trck.linkster.co https://*.preciso.net https://pixel.byspotify.com https://pixels.spotify.com https://api.recova.ai blob:; 5 default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sprinklr.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net https://*.sprinklr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/ https://*.sprinklr.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net data:; media-src 'self' https://assets.bridgestonetire.com 5 default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro accounts.google.com www.google.com *.googleadservices.com *.drimify.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com *.googletagmanager.com data: blob: 'self' ; script-src * *.googleanalytics.com *.google-analytics.com *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 5 script-src https: 'unsafe-inline' 'unsafe-eval' 5 default-src * 'unsafe-inline' 'unsafe-eval' data: 5 script-src * 'unsafe-inline' 'unsafe-eval' 5 default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 5 'self' https://ajax.googleapis.com 5 frame-ancestors https://web.telegram.org 5 default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 5 frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/ https://www.placetd.ca/ https://fevo-enterprise.com/; 5 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 5 default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 5 frame-ancestors 'self' *.mydukaan.io; 5 frame-ancestors 'self' xerox.com *.xerox.com carear.app 5 frame-ancestors 'self' https://preview.plaece.nl 5 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 5 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 5 block-all-mixed-content;upgrade-insecure-requests; 5 default-src 'self' data: blob:;script-src *.whatsapp.com *.whatsapp.net *.facebook.com *.facebook.net 'unsafe-inline' 'self' data: blob: *.twitter.com;style-src *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com 'self' data: blob:;connect-src *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net 'self' data: blob:;font-src *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net data: https://fonts.gstatic.com;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net 'self' data: blob: *.ytimg.com *.twitter.com;media-src *.fbcdn.net 'self' data: blob:;frame-src *.facebook.com *.whatsapp.com 'self' data: blob: https://*.youtube.com *.youtube-nocookie.com *.twitter.com;block-all-mixed-content;upgrade-insecure-requests; 4 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 4 frame-ancestors 'self' https://shop.kaspersky.co.uk https://shop.kaspersky.ca; 4 frame-ancestors *.mi.com; 4 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 4 media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 4 frame-ancestors 'self' https://metrika.yandex.ru/ 4 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 4 connect-src * 4 frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org; 4 script-src 'sha256-KXVenHG583A83LgYtdx9xEh45z4umJCe6yQqRczE4bs=' 'self' jobs.jobvite.com www.googletagmanager.com cdn.jwplayer.com ssl.p.jwpcdn.com; worker-src blob: 4 frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com *.cisco.com, frame-ancestors *.splunk.com *.touchcast.com 4 default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 4 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 4 block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 4 frame-ancestors 'self' letmedate.com www.letmedate.com 4 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 4 default-src * 'unsafe-inline' 'unsafe-eval' data:; 4 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 4 report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 4 default-src 'self'; connect-src 'self' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com; frame-src 'self' *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com; img-src 'self' data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.vimeo.com *.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.vimeo.com *.youtube.com *.spotify.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.cloudinary.com; object-src 'self' *.oembed.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.cloudinary.com; script-src 'self' 'unsafe-eval' *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.cloudinary.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com *.wistia.com *.wistia.net s3-us-west-2.amazonaws.com b-code.liadm.com rp.liadm.com idx.liadm.com pro.ip-api.com alocdn.com *.execute-api.us-west-2.amazonaws.com rp4.liadm.com bonterratech.com blob: *.qualified.com wss://ws.qualified.com *.facebook.com *.vimeo.com *.cloudinary.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.bonterratech.com/report-uri/enforce 4 frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la3-c1-fra.salesforceliveagent.com d.la3-c1-fra.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com c.la1-c2-par.salesforceagent.com d.la2-c2-cdg.salesforceliveagent.com bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com fpt.absa.co.za p.teads.tv 4 frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn https://sqs-admin.biz.sheinbackend.com https://sqs-admin-gray01.biz.sheinbackend.com https://sqs-admin-eur.biz.sheinbackend.com https://grey-sqs-admin.biz.sheincorp.cn https://sqs-admin-gray01-eur.biz.sheinbackend.com https://ccc.biz.sheincorp.cn https://ccc-store.biz.sheincorp.cn https://ccc-store.shein.com *.shein.com https://www.shein.com.hk https://www.shein.com.vn https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 4 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 4 frame-ancestors https://app.storyblok.com; 4 worker-src 'self' https:; 4 frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 4 default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 4 img-src 'self' *.google-analytics.com img.youtube.com *.s3waas.gov.in secure.gravatar.com *.twimg.com *.twitter.com data:;connect-src 'self' *.s3waas.gov.in *.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src 'self';frame-src 'self' www.google.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in data: 4 object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 4 upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/ 4 frame-ancestors 'self' https://lojaonline.nos.pt 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' * 4 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; 4 frame-ancestors *.lotvue.com resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 4 frame-ancestors 'self' https://*.infomaker.io https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 4 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 4 script-src 'self' 'unsafe-eval' 'unsafe-inline' app.storyblok.com connect.facebook.net analytics.tiktok.com cdn.brcdn.com *.adform.net www.google-analytics.com sc-static.net s.pinimg.com fsi.thomann.de www.youtube.com challenges.cloudflare.com *.payments-amazon.com www.googleadservices.com userlike-cdn-umm.b-cdn.net bat.bing.com www.googletagmanager.com www.googletagservices.com tr.snapchat.com ct.pinterest.com js.appboycdn.com *.g.doubleclick.net widgets.trustedshops.com tpc.googlesyndication.com *.clarity.ms cdn.avo.app; frame-src 'self' *.g.doubleclick.net *.safeframe.googlesyndication.com challenges.cloudflare.com ct.pinterest.com td.doubleclick.net tpc.googlesyndication.com tr.snapchat.com www.facebook.com www.google.com www.youtube-nocookie.com; frame-ancestors 'self' app.storyblok.com; object-src 'none' 4 upgrade-insecure-requests; frame-ancestors 'none'; 4 default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self' https://cdn.justpremium.com; form-action 'self' 4 default-src * 'unsafe-inline' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.rambler.ru dsp-rambler.ru *.dsp-rambler.ru *.rambler-co.ru *.top100.ru *.s3.yandex.net *.market.yandex.ru *.yandex.ru *.maps.yandex.net yandex.ru yastatic.net *.webvisor.org www.google-analytics.com www.googletagmanager.com *.weborama.fr *.weborama-tech.ru weborama-tech.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru adriver.com adriver.ru *.adriver.com *.adriver.ru *.serving-sys.ru *.serving-sys.com serving-sys.ru serving-sys.com *.smi2.net *.smi2.ru smi2.ru *.24smi.net *.mail.ru *.mindbox.ru *.rnet.plus *.adfox.ru *.jsdelivr.net *.pushwoosh.com *.createjs.com *.facebook.net *.reddigital.ru *.geniusaudience.com *.gnezdo.ru *.hit.gemius.pl *.prom.app.sberdevices.ru *.2xclick.ru *.infox.sg *.otm-r.com stat.media *.terratraf.io *.soloway.ru vk.com *.getsitecontrol.com www.tns-counter.ru *.mradx.net *.ampproject.org *.bumlam.com *.imgsniper.com *.terratraf.com *.digitaltarget.ru blob:; report-to csp.rambler-co.ru 4 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 4 frame-ancestors 'self' https://www.ringier-advertising.ch https://ringier-staging.hacepiby.cyon.site; 4 default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 4 frame-ancestors 'self' https://*.etracker.com 4 script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 4 frame-ancestors 'self' https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 4 object-src 'none'; frame-ancestors 'self' 4 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz 'unsafe-inline' https://*.adyen.com data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cookiebot.com https://*.creativecdn.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com 'unsafe-inline' https://*.adyen.com; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz 'unsafe-inline' https://*.adyen.com data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net; 4 default-src http: 'unsafe-inline' 'unsafe-eval' 4 object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 4 connect-src http://ip-api.com/ 'self' https: data: 4 frame-ancestors 'self' *.icewarp.com 4 script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 4 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 4 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://meta.privacy-gateway.cloudflare.com/relay;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 4 default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-downloads allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 4 default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com *.heapanalytics.com heapanalytics.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;connect-src wss://ws-us3.pusher.com data: *;font-src 'self' *.vercel.com *.gstatic.com vercel.live;worker-src 'self' *.vercel.com blob: 4 default-src 'self' data: blob: *.conac.cn *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 4 frame-ancestors 'self'; object-src 'none' 4 frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 4 report-uri https://csp-report.opl-prd.mgnlsw.com/reports; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: accessdenied.pnc.com ad.doubleclick.net adr.mplore.com api.permutive.com app-oss.byte-app.com cdn.css-tricks.com corp-bhfpwcg05:8080 eliteprospects.de gj.track.uc.cn ib.adnxs.com beacon.deepintent.com p.teads.tv img.ucweb.com schools-blocked.s3-website-us-east-1.amazonaws.com siteblock.exeloncorp.com uc.gre wedata.net www.crazyegg.com www.enterogermina.com www.stackoverflow.com a.clarity.ms a.icehergame.com a.tribalfusion.com a1.ro aax-eu.amazon-adsystem.com account.affilitizer.com acestream.tv ad.doubleclick.net adbz.cz ade.googlesyndication.com ads-engagement.presage.io ads.tfxiq.com adservice.google.com adtonus.com aidata-sync.rutarget.ru allegra.mycheckstatus.com allegra.pmcprograms.com amomama.es an.yandex.ru analytics-static.ugc.bazaarvoice.com analytics.google.com analytics.pmsrv.co analytics.tiktok.com analytics.twitter.com api-data-connector.abtasty.com api-js.mixpanel.com api.abtasty.com api.adblockertool.com api.aituria.com api.amcreativemedia.com api.bazaarvoice.com api.blocksly.org api.ciuvo.com api.crystal-blocker.com api.fbanalytics.org api.ginger-analytics.com api.global-data-lab.com api.highdataanalytics.com api.killadsapi.com api.lapis-analytics.com api.mapbox.com api.mkmediaworks.com api.moncyber-api.com api.permutive.com api.privacy-protector-adblocker.com api.rabatta.app api.redirects-4.com api.retargetly.com api.sfnix.net api.socialsolutionapp.com api.software-downloading.com api.solaranalyticscorp.com api.solarspireconsulting.com api.srv247app.com api.tiles.mapbox.com api.typeform.com api2.abtasty.com apis.google.com app.abtasty.com appdown.pstatic.net apps.bazaarvoice.com ara.paa-reporting-advertising.amazon ariane.abtasty.com asrv-a.akamaihd.net assets-tracking.crazyegg.com assets.targetimg1.com at.alicdn.com auth.iws-hybrid.trendmicro.com avocadoposts.com b.clarity.ms b.px-cdn.net bahupo.peyenuxema.com bat.bing.com bawproxy.systech.net:8090 block.cdc.gov block.opendns.com blocked.syd-1.linewize.net bokezu.tijapixuno.com bpb.opendns.com bs.serving-sys.com buvihi.xixuzutage.com c.amazon-adsystem.com c.bing.com c.clarity.ms c.pmsrv.co c1.ugc.bazaarvoice.com casprezeny.pluska.sk cb-zscaler-pages.s3.amazonaws.com cdn-eidpp.nitrocdn.com cdn-uicons.flaticon.com cdn.adfenix.com cdn.amomama.es cdn.cookielaw.org cdn.detik.net.id cdn.flowcode.com cdn.goin.cloud cdn.honey.io cdn.jsdelivr.net cdn.knd.ro cdn.krxd.net cdn.leanlibrary.app cdn.liner.hu cdn.medical-news.org cdn.mouseflow.com cdn.pricespider.com cdn.randomhow.com cdn.scite.ai cdn.simplycodes.com cdn.tailwindcss.com cdn.trustpilot.net cdncache1-a.akamaihd.net cdnjs.cloudflare.com cdnml.global-cache.online cds.taboola.com ch-trc-events.taboola.com ckf01.wcasd.net click.ro clientstream.launchdarkly.com cloudjs.netlify.com cm.teads.tv cn-1793901926-23-7vnsr30362.ibosscloud.com cn-1998271222-7vnsr30121.ibosscloud.com cn186503-7rx10900.ibosscloud.com code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 common-fonts.abtasty.com connect.facebook.net conoret.com content.hotjar.io contentorigin.bazaarvoice.com conversions-config.reddit.com cookieaquila.com cookieless-campaign.prd-00.retargetly.com counter.yadro.ru cpportal.vkkd.local cr-input.mxpnl.net crtrgt.bumlam.com cs.frontend.weborama.fr ct.pinterest.com cucinaconmegraziellaeraffaele.it d.clarity.ms d1ikum88ielzsg.cloudfront.net d1lkfzu2puirk6.cloudfront.net d17-a.sdn.cz d39-a.sdn.cz d50-a.sdn.cz data1.bemitch.com data1.besinaf.com data1.bevuak.com data1.bimien.com data1.bresera.com data1.calicluo.com data1.caliculo.com data1.fiktar.com data1.gryplex.com data1.ilipol.com data1.ilplet.com data1.itiarg.com data1.jiciworilo.com data1.lacedefe.com data1.logitalie.com data1.mionqiz.com data1.moiziq.com data1.molaroute.com data1.nadasto.com data1.olcalo.com data1.open-dog.com data1.pletar.com data1.poolif.com data1.scopich.com data1.sebote.com data1.siwathe.com data1.stoploco.com data1.zunelrish.com datenschutz.sanofi.de dcinfos-cache.abtasty.com dcsabingoa423.minigame.vip deo.shopeemobile.com detector.scamsniffer.io dev.visualwebsiteoptimizer.com diffuser-cdn.app-us1.com display.ugc.bazaarvoice.com div.show donna.fidelityhouse.eu dulcolax-prod-server-side-tagging-ox3fbruzaa-od.a.run.app e.clarity.ms edge.fullstory.com editor-assets.abtasty.com embed.2b.uy embed.typeform.com embeddedcloud.pricespider.com emet.live encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com es.e-noticies.cat euw-omni.pricespider.com euw-wtbng.pricespider.com eventping-a.akamaihd.net events.mapbox.com exchange.buzzoola.com exhabigou.com ext.theperspective.com f.clarity.ms fcgt742.com feedback-pa.clients6.google.com fevoki.wejekihota.com filter.techloq.com fledge.teads.tv fonts.cdnfonts.com fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com foodin.site form.typeform.com form.typeform.com fportal.mmo.com.br:8090 gateway.zscaler.net gateway.zscalerone.net gateway.zscalerten.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net gdehu.hit.gemius.pl geolocation.onetrust.com get663.com gfx.antyradio.pl givemeservicesas.com gjtrack.ucweb.com goldbond.mycheckstatus.com goldbond.pmcprograms.com googleads.g.doubleclick.net greasyfork.org grmtech.net gum.criteo.com gw.alicdn.com h.clarity.ms hm.baidu.com honjzlbgame.com hu-gmtdmp.mookie1.com hugde.adocean.pl i.clarity.ms i.clean.gg i.ytimg.com i0.wp.com ib.adnxs.com images.iberion.media images.simplycodes.com images.typeform.com infimv.com infragrid.v.network insight.adsrvr.org irxcm.com j.clarity.ms jastrzabpost.pl joko-mobile-app-media.s3.eu-west-1.amazonaws.com js.adsrvr.org k.clarity.ms kafiro.kuwinesume.com kcdn.kueez.net kessko-utm-1.kessko.de:8090 ketkes.com kobieta.wp.pl kraken.rambler.ru l.clarity.ms l.facebook.com l.mbs.zip l.teads.tv lasrecetasdemiabuela.recipesown.com lazyload.org lett.2buycdn.com lh2.seculab.kr:61443 lh3.google.com lh3.googleusercontent.com livesicilia.it liviza.luwuyetivu.com lm.serving-sys.com locate.pricespider.com log-papago.naver.com log.pinterest.com login.microsoftonline.com login.ourtesco.com luzino.kumureyole.com m.clarity.ms m.youtube.com mab.chartbeat.com magazine.education.investing.com malware.opendns.com mandiner.hu maps.googleapis.com maps.googleapis.com maps.gstatic.com maps.gstatic.com mc.yandex.by mc.yandex.com mc.yandex.kz mc.yandex.md mc.yandex.ru meetlookup.com menoli.nuwipidaro.com metrics-dra.dt.dbankcloud.cn metrics-dre.dt.dbankcloud.cn metrics.hotjar.io modernmic.com mon-va.byteoversea.com mon16-normal-useast5.tiktokv.us mozbar.moz.com mpsnare.iesnare.com mstat.acestream.net myip.duoduodev.com n.clarity.ms namdevice.com:7777 nasacort.pmcprograms.com network-a.bazaarvoice.com network.bazaarvoice.com new229.com news3.chainityai.com newsy.wizaz.pl njs.wigoal.com noop.style notice.iconplc.com novanight-prod-server-side-tagging-ox3fbruzaa-od.a.run.app o.clarity.ms o132438.ingest.sentry.io obneistu.anoyntha.com omni.pricespider.com orademedias.ro overbridgenet.com p.clarity.ms p.skimresources.com p.typekit.net pagead2.googlesyndication.com pagestates-tracking.crazyegg.com papayawolfgamesc-a.akamaihd.net pb.sogou.com pdp-service-v2.prd-00.retargetly.com pdp-service.retargetly.com periodical.maariv.co.il photos-eu.bazaarvoice.com photos-us.bazaarvoice.com ping.chartbeat.net pips.taboola.com pixel-config.reddit.com pixel.rubiconproject.com play1149.atmequiz.com players.brightcove.net plugin.ucads.ucweb.com polki.pl pollen.services.myilume.de pollenapps.com portal.bitglass.com pos.baidu.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com privacy-cs.mail.ru privacyportal-de.onetrust.com privacyportal-eu.onetrust.com prosvet.cz protectsurf-a.akamaihd.net proxy-data.essd.ch proxy.jamo.ind.br:8444 przepiski.pl psb.taboola.com puhuiti.oss-cn-hangzhou.aliyuncs.com pwm-image.trendmicro.com px.adhigh.net px.ads.linkedin.com pysznosci.pl q.clarity.ms qa-assistant.abtasty.com r.clarity.ms r.mradx.net r.skimresources.com r3.mail.ru ray.st rbtds.net readaloud.googleapis.com region1.analytics.google.com region1.google-analytics.com remove.video res-1.cdn.office.net res.cdn.office.net retcode-us-west-1.arms.aliyuncs.com revistajaraysedal.es rialto-gms.s3.amazonaws.com rktds.net rmt01.deos-ag.com:8090 rs.fullstory.com rs.mail.ru rtl.hu rules.quantcount.com s.adroll.com s.amazon-adsystem.com s.clarity.ms s.cytaty.pl s.pinimg.com s.skimresources.com s.tribalfusion.com s.yimg.com s2.ppllstatics.com s3.amazonaws.com s3.ppllstatics.com safe-cws-sase.vmware.com safe.menlosecurity.com safe.rbi-umbrella.com saml.saasprotection.com sanofi-privacy.my.onetrust.com sanofi-uat-privacy.my.onetrust.com sanofi.solution.weborama.fr sase.merck.com savoriurbane.com sc-static.net script.crazyegg.com script.hotjar.com search.imtt.qq.com searchaggr-dre.dt.dbankcloud.com secure-ds.serving-sys.com secure.adnxs.com secure.quantserve.com securepubads.g.doubleclick.net security-us.mimecast.com segnorasque.com selsunblue.pmcprograms.com service.gstatic-cache.com services.global.commerce-connector.com sf16-muse-va.ibytedtos.com shop.pricespider.com shoppable-assets.global.commerce-connector.com shoppable-configs.global.commerce-connector.com shoppable.commerce-connector.com skincare-41329.info skytraf.xyz snap.licdn.com sophos.mvz-uhlenbrock.de:8090 sp.analytics.yahoo.com spanish.gute-info.net spoppe-b.azureedge.net sportal.blic.rs sportowefakty.wpcdn.pl sprawdzone.pl ssl.google-analytics.com ssl.gstatic.com st.top100.ru static.ads-twitter.com static.bumlam.com static.chartbeat.com static.hotjar.com static.hsappstatic.net static.mundodeportivo.com static.preply.com static.rakuten.com static.terratraf.io static.unica.ro static.zip.co static2.sharepointonline.com stats.g.doubleclick.net storage.googleapis.com svcs.tql.com sync.bumlam.com sync.crwdcntrl.net sync.dmp.otm-r.com sync.upravel.com t-azmaps.azurelbs.com t.clarity.ms t.co t.skimresources.com t.teads.tv tafopo.navahididi.com td.doubleclick.net teddytor.abtasty.com testyourliver.abi.ai tiremeetsroad.com tko.pl tl.ytlogs.ru tomarnarede.pt top-fwz1.mail.ru tr.snapchat.com tracking.adsafety.net tracking.crazyegg.com translate-pa.googleapis.com translate.google.com translate.googleapis.com translate.yandex.net trc-events.taboola.com try.abtasty.com tv2play.hu u.clarity.ms ucads-cdn.ucweb.com unisom.mycheckstatus.com unisom.pmcprograms.com unpkg.com up.pixel.ad url.usb.m.mimecastprotect.com urldefense.proofpoint.com use.fontawesome.com use.typekit.net usw-omni.pricespider.com usw-wtbng.pricespider.com utq.vvipquan.com v.clarity.ms v.wpimg.pl valaha.hu vc.hotjar.io vk.com vpn.future-fm.hu:8090 w.clarity.ms w88p9x.com wamiz.pl wellsfargoprod.prod.fire.glass widgets.abtasty.com ws.miqcommerce.com wtbevents.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com www.algopyrin.hu www.allegra.com www.artfut.com www.bing.com www.borsonline.hu www.buscapina.com www.buscopan.com www.bzi.ro www.capitalkoala.com www.ceneo.pl www.ciuvo.com www.clarity.ms www.crazyegg.com www.cvs.com www.dulcolax.ca www.dulcolax.com www.elperiodicomediterraneo.com www.eluniverso.com www.enterogermina.com www.essentiale.com www.essentiale.hk www.eurosport.hu www.facebook.com www.gammedulco.fr www.google-analytics.com www.google-analytics.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tn www.google.to www.google.tt www.google.vu www.googleadservices.com www.googleapis.com www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.happyinshape.com www.icyhot.com www.initiv.com www.instagram.com www.juventusnews24.com www.kanald.ro www.laopinion.co www.libertateapentrufemei.ro www.marca.com www.meczyki.pl www.mindmegette.hu www.mucosolvan.com www.no-spa.com www.pagespeed-mod.com www.publimetro.co www.rappi.com.co www.redditstatic.com www.researchsolutions.com www.revistavea.com.co www.sanofi.us www.slant.co www.sport.es www.superfish.com www.telfast.com www.terracycle.com www.themusicman.uk www.vg.hu www.viva.ro www.wishlist.com www.youtube-nocookie.com www.youtube.com script.crazyegg.com www1.pluska.sk wwwassets.pricespider.com x01.aidata.io xeldurap.peazheut.com xyzal.mycheckstatus.com xyzal.pmcprograms.com y.clarity.ms ya.ru yandex.ru yastatic.net tr6.snapchat.com apiv2.popupsmart.com cdn.taboola.com yt3.ggpht.com z.clarity.ms zantac360.pmcprograms.com maristaschamberi.imtlazarus.com:8992 maristaschamberi.imtlazarus.com:9001 mpsnare.iesnare.com ramonycajal.imtlazarus.com:8992 ramonycajal.imtlazarus.com:9001 view-localhost:50580 ws.hotjar.com trotjidayo-1.algolianet.com trotjidayo-3.algolianet.com trotjidayo-2.algolianet.com trotjidayo-dsn.algolia.net wtbstream.pricespider.com vimeo.com 9509754.fls.doubleclick.net fls.doubleclick.net *.fls.doubleclick.net sanofi-japan-dev.eval.janraincapture.com sanofi-japan-staging.eval.janraincapture.com sanofi-japan.us.janraincapture.com sanofi-dev.us-dev.janraincapture.com sanofi-staging.us-dev.janraincapture.com sanofi.us.janraincapture.com sanofi-dev.eu-dev.janraincapture.com sanofi-staging.eu-dev.janraincapture.com sanofi.eu.janraincapture.com edge.curalate.com td.doubleclick.net www.google.com www.gstatic.com;; 4 default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 4 frame-ancestors 'self' https://virtual-tours.msccruises.com; 4 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 4 frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 4 base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 4 upgrade-insecure-requests; frame-ancestors 'self'; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 4 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 4 frame-ancestors 'self' *; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com tags.tiqcdn.com www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com *.licdn.com *.facebook.net *.facebook.com *.hotjar.com; connect-src 'self' *.scene7.com target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com *.linkedin.com *.licdn.com *.facebook.net *.facebook.com *.hotjar.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 4 policy 4 'self' 4 script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 4 frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 4 worker-src 'self'; 4 require-trusted-types-for 'script';report-uri /cspreport 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon *; frame-ancestors 'self' ekat.festool.de *.festool.com 4 default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 4 frame-ancestors https://app.storyblok.com/ 4 default-src * data: 'unsafe-inline' 'unsafe-eval' 4 “upgrade-insecure-requests” 4 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 4 report-to default 4 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 4 frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.undergrounddatabase.com https://push.undergrounddatabase.com https://www.googletagmanager.com https://bdiebbbiciebd.com https://gsimvqfghc.com https://fansjerseyworld.com https://*.yandex.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com https://*.yandex.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.undergrounddatabase.com https://biposerfl.shop https://*.google-analytics.com https://bdiebbbiciebd.com https://fansjerseyworld.com https://*.yandex.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.undergrounddatabase.com ; 4 frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com dobit.com *.dobit.com samsonite-dxp.dobit.com http://localhost:88; base-uri 'self'; 4 default-src 'unsafe-inline' 'self' *; script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' *; img-src 'self' data: * 4 frame-ancestors 'self' *.plentymarkets-cloud-ie.com *.my.plentysystems.com 4 default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://* data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 4 base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io; object-src 'none'; 4 default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org:* https://cdnjs.cloudflare.com:*; worker-src 'self' blob:; script-src-elem 'self' http: https: 'unsafe-inline'; img-src 'self' http: https: blob: data: https://*.gravatar.com http://*.gravatar.com https://www.google-analytics.com http://www.google-analytics.com; 4 frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 4 default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ 3 default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com https://www.paypalobjects.com https://widget.thegivingblock.com https://*.shift4.com ; img-src 'self' data: blob: https://www.google-analytics.com https://*.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org https://app.netlify.com https://widget.thegivingblock.com/ ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com https://www.google-analytics.com ; 3 frame-ancestors 'self' *.intuit.com 3 connect-src 'self' blob: https://gcp.api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://aws.api.snapchat.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://www.snapchat.com https://app.snapchat.com https://sentry.sc-prod.net https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://staging-web-gcp.snap-dev.net https://web.snapchat.com https://accounts.snapchat.com ws: wss: https://static.snapchat.com https://sentry.sc-prod.net https://cdn.contentful.com https://story.snapchat.com https://snap-api.arkoselabs.com https://graphql.contentful.com https://cf-st.sc-cdn.net https://app.snapchat.com https://s.sc-cdn.net https://bolt-gcdn.sc-cdn.net; img-src 'self' blob: data: https://support-tools.storage.googleapis.com https://www.snapchat.com https://story.snapchat.com https://cf-st.sc-cdn.net https://*.google-analytics.com https://*.googletagmanager.com data: https://www.google.com https://www.google.co.uk https://www.google.com.sa https://www.google.ca https://www.google.fr https://www.google.com.no https://www.google.com.au https://static.snapchat.com https://images.bitmoji.com https://impala-media-production.s3.amazonaws.com https://bolt-gcdn.sc-cdn.net https://lens-storage.storage.googleapis.com https://community-lens.storage.googleapis.com https://lens-preview-storage.storage.googleapis.com https://app.snapchat.com https://sc-static-web-assets-prod.s3.amazonaws.com; media-src https://bolt-gcdn.sc-cdn.net https://static.snapchat.com https://s.sc-cdn.net https://cf-st.sc-cdn.net blob:; script-src 'wasm-unsafe-eval' 'self' https://static.snapchat.com https://www.google-analytics.com https://*.googletagmanager.com 'sha256-dQJQsgrl3uMVvy2BJYsaNKb5aPwwZP1Hxm/h8nPMYU8=' 'sha256-W180Lw4gMizxEUHmEThR7QFnAWtmFgcFnXafbGOe27I=' 'sha256-T+mJpzkspYbS2c9j2qrgyezx0+bxueaYNJwVB75pe3Y=' 'sha256-5rMxh1U6sIDlVjmobBQY89QTC9nNeK3hd9dsXpD2AYE=' 'sha256-SlyXqNpddFY9lxbguST5m22HifGELYV1FYec8XhHUkk=' 'sha256-FhUvlSz0BXj4r8M1nXAkVXmbcxiWrUXB6vNbCZ8A0Zk=' 'sha256-2LmOILM2HIS9pJC380owRlOYo+c5WOuuNL7oEMLss2I=' 'sha256-MNn0HyJxuyKnyn0lPM1hCzPzycraTm0TXEqX1khh/7k='; style-src 'self' https://static.snapchat.com 'unsafe-inline'; default-src 'self'; font-src 'self' https://snap-design-system.storage.googleapis.com https://ads-interfaces.sc-cdn.net https://static.snapchat.com; frame-ancestors 'none'; frame-src https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://client-api.arkoselabs.com; report-uri ; report-to ; block-all-mixed-content 3 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru static.dzeninfra.ru blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru okcdn.ru http://*.okcdn.ru https://*.okcdn.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru static.dzeninfra.ru; worker-src blob: 'self'; connect-src * wss: blob: data:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 3 default-src 'self'; object-src 'self' *.cdn.datatables.net cdn.datatables.net; connect-src 'self' *.mikrotik.com *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com; style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com; img-src 'self' data: *.mikrotik.com *.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com; frame-src 'self' *.mikrotik.com *.mt.lv youtu.be youtube.com www.youtube.com www.google.com; font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv; frame-ancestors 'self' *.mt.lv; 3 upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 3 frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 3 frame-ancestors 'self' *.lycos.com 3 frame-ancestors 'self' *.kameleoon.com 3 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 3 frame-ancestors 'self'; frame-src 'self' https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com https://*.launchdarkly.com 3 default-src 'self' *.brightcove.com *.browser-intake-datadoghq.com *.coveo.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.teads.tv *.pinterest.com *.hotjar.com *.iesnare.com *.infogram.com *.liadm.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com apps.rokt.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com https://sc-static.net *.snapchat.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com *.mczbf.com *.sjwoe.com analytics.tiktok.com cdn.pdst.fm *.trustpilot.com trkn.us us-central1-adaptive-growth.cloudfunctions.net sink.pdst.fm *.qualtrics.com analytics.google.com *.nextdoor.com *.google.com *.yoast.com yoast.com *.datadoghq-browser-agent.com *.datadoghq.com *.yieldmo.com pix.pub *.biocatch.com *.we-stats.com activitymap.adobe.com *.branch.io app.link *.app.link s.pinimg.com unpkg.com *.inmobicdn.net analytics-sm.com browser-intake-datadoghq.com google.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; frame-ancestors 'self' 3 frame-ancestors https://poshmark.lightning.force.com *.goshd.com *.goshd.ca *.poshmark.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 3 frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 3 frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 3 frame-ancestors 'self' app.storyblok.com 3 frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 3 frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https://code.jquery.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://code.jquery.com https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://js.driftt.com https://cdn.calibermind.com/ 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob: 'self' data:; object-src 'none'; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3 frame-ancestors 'self' *.telekurier.at; 3 frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 3 frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 3 frame-ancestors 'self' *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com sentry.timeweb.net:4443 data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ *.webim.ru *.webim.ru/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com https://directus-twtech.timeweb.net https://api-qa.timeweb.ru 3 report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app 3 frame-ancestors *.cas.cn 3 frame-ancestors 'self' cdn.adkaora.space 3 frame-ancestors 'self' https://console.dnspod.cn 3 default-src *.pendo.saashr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; img-src * data: blob: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; media-src *; frame-ancestors file: cdvfile: 'self'; frame-src * gap://ready data: app.eu.pendo.io; font-src 'self' fonts.gstatic.com; connect-src 'self' data: *.google.com *.googleapis.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com 3 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in www.googleoptimize.com cdn.cookielaw.org privacyportal.onetrust.com *.clickagy.com *.demandbase.com match.prod.bidr.io id.rlcdn.com *.company-target.com vimeo.com *.licdn.com *.linkedin.oribi.io *.hsforms.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hs-scripts.com *.hsforms.net *.infogram.com *.brightcove.net *.brightcove.com bcove.video *.pr.bcovlive.com *.wicketlabs.com *.brightcovegallery.com *.gallery.video rtmp://*.cloudplayout.brightcove.com rtp://*.cloudplayout.brightcove.com *.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com *.boltdns.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com *.brightcovegallery.com *.gallery.video *.pr.bcovlive.com 3 default-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: content: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net;style-src 'self' data: blob: https://www.bplaced.net https://my.bplaced.net https://stream.bplaced.net https://wiki.bplaced.net 'unsafe-inline'; media-src *; 3 object-src 'none'; base-uri 'self' 3 frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 3 default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 3 upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ https://nephrologistconnect.com https://rheumatologynation.com https://dermatologistnation.com 3 upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 3 object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 3 upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 3 frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ 3 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 3 default-src 'self' https://horizon-api.www.myprotein.com https://*.rlcdn.com/; child-src 'self' wss://*.liveperson.net https://*.cloudfront.net https://*.smct.io/ https://*.rlcdn.com/ https://ct.pinterest.com/ https://*.listrakbi.com/ https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://youtu.be/ https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' wss://*.liveperson.net https://*.amazonaws.com/ https://*.smct.io https://*.snapchat.com/ https://*.rlcdn.com/ https://*.contentsquare.net https://click.prod.mplat-ppcprotect.com https://*.listrakbi.com/ https://www.wepowerconnections.com/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.myprotein.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.liveperson.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://sgtm.myprotein.com; font-src 'self' data: https://*.smct.io/ https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.com https://m.myprotein.com https://checkout.myprotein.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com https://youtu.be/; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.smct.io https://smct.co/ https://*.smct.co/ https://ct.pinterest.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://*.contentsquare.net https://app.contentsquare.com https://*.listrakbi.com/ https://s.pinimg.com/ https://*.listrakbi.com/ https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://youtu.be/ https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.com; frame-ancestors 'self' https://www.instagram.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.smct.io/ https://*.listrakbi.com/ https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 3 default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 3 frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com quantserv.com adnxs.com impactradius-event.com dgm-au.com everestjs.net everesttech.net yahoo.com xg4ken.com *.online-metrix.net *.uplift.com *.quantummetric.com api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com *.nagich.com cloudfront.net bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com; 3 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 3 default-src https: 'unsafe-inline' 3 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 3 object-src 'none'; frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net; upgrade-insecure-requests 3 img-src 'self' *.stackadapt.com *.adnxs.com *.bidswitch.net *.omappapi.com *.clarity.ms *.pushcrew.com *.rlcdn.com *.clickagy.com *.superpinkday.com *.doubleclick.net *.vimeocdn.com www.alertlogic.com www.google.com *.amazonaws.com *.wpengine.com *.google-analytics.com *.youtube.com *.techtarget.com *.vimeo.com cdn.bizible.com *.visualwebsiteoptimizer.com b.6sc.co secure.gravatar.com www.facebook.com *.linkedin.com t.co *.bing.com *.adsymptotic.com and alertlogic.sc.omtrdc.net cdn.cookielaw.org cdn.bizibly.com okt.to *.techtarget.com www.googletagmanager.com ps.w.org *.quora.com fonts.gstatic.com *.neverbounce.com *.twitter.com *.clearbitjs.com *.trustarc.com *.adroll.com *.fortra.com *.company-target.com *.yahoo.com *.pubmatic.com *.3lift.com *.taboola.com *.openx.net *.outbrain.com *.casalemedia.com *.rubiconproject.com *.reson8.com *.g2crowd.com data: 'unsafe-inline' 'unsafe-eval' data:; 3 frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 3 child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.pagbank.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.uol.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.evergage.com *.uol.com.br *.pagseguro.com.br 'self'; media-src *.evergage.com *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.evergage.com *.google.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com *.g.doubleclick.net https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.evgnet.com *.evergage.com bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.evergage.com *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 3 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 3 frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 3 frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.salfinc.com https://learn.self.inc; 3 default-src https://appdsv.omie.com.br https://vc.hotjar.io https://js.intercomcdn.com https://in.hotjar.com https://api.hubapi.com https://www.facebook.com wss://nexus-websocket-a.intercom.io https://forms.hubspot.com https://api.hubspot.com https://ws6.hotjar.com wss://ws6.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dataunion.com.br https://api-iam.intercom.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://*.taboola.com https://api.segment.io https://tag.goadopt.io https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://apis.google.com https://analytics.tiktok.com https://appdsv.omie.com.br https://dev.visualwebsiteoptimizer.com https://snap.licdn.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://cse.google.com https://www.google.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://js.usemessages.com https://stackpath.bootstrapcdn.com https://www.dataunion.com.br https://js.hscollectedforms.net https://www.googletagmanager.com https://*.hotjar.com https://*.tailtarget.com https://*.intercom.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://www.googleadservices.com https://js.hsforms.net https://js.hs-scripts.com https://connect.facebook.net https://forms.hsforms.com https://www.google-analytics.com https://app.omie.com.br https://cdnjs.cloudflare.com https://js.intercomcdn.com https://*.criteo.com https://static.criteo.net https://preview-new.mkt.omie.us; style-src 'self' 'unsafe-inline' 'report-sample' https://optimize.google.com https://preview-new.mkt.omie.us https://cdn.omie.com.br https://use.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com; frame-src https://*.omie.com.br https://chat-convecao24.firebaseapp.com https://www.googletagmanager.com https://td.doubleclick.net https://intercom-sheets.com/ https://cdn.omie.com.br/ https://cdndsv.omie.com.br/ https://www.intercom-reporting.com/ *.google.com https://www.facebook.com/ https://player.vimeo.com/ youtube.com https://www.youtube.com https://optimize.google.com https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://tags.t.tailtarget.com/ https://forms.hsforms.com/ https://*.criteo.com https://static.criteo.net; img-src 'self' data: blob: https://measurement-api.criteo.com https://ads.stickyadstv.com https://*.clarity.ms https://*.bing.com https://www.googletagmanager.com https://s3-sa-east-1.amazonaws.com https://www.linkedin.com https://px.ads.linkedin.com https://www.google-analytics.com https://sync-t1.taboola.com https://*.criteo.com https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://dev.visualwebsiteoptimizer.com https://cm.g.doubleclick.net https://track.hubspot.com https://*.omie.com.br https://conpass.blob.core.windows.net https://fast.conpass.io https://static.intercomassets.com https://omie-b8c3f6a65bc3.intercom-attachments-5.com https://app.intercom.com/ https://*.intercomcdn.com/ https://omiexperience-sa.intercom-attachments-7.com/ https://omie-b8c3f6a65bc3.intercom-attachments-1.com/ https://omie-b8c3f6a65bc3.intercom-attachments-9.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.google.com.br *.googleusercontent.com *.facebook.net *.facebook.com https://*.hsforms.com; font-src 'self' data: https://use.typekit.net https://script.hotjar.com https://js.intercomcdn.com https://fonts.gstatic.com https://*.omie.com.br/omiesaga/ https://use.fontawesome.com; connect-src 'self' https://*.taboola.com https://api.hsforms.com https://disclaimer-api.goadopt.io https://api.segment.io https://cdn.jsdelivr.net https://api.segment.com https://track.segment.com https://cdn.segment.com https://measurement-api.criteo.com https://*.clarity.ms https://*.bing.com https://google.com https://securetoken.googleapis.com https://identitytoolkit.googleapis.com https://firestore.googleapis.com https://analytics.tiktok.com https://px.ads.linkedin.com https://analytics.google.com https://dev.visualwebsiteoptimizer.com https://sslwidget.criteo.com https://blog.omie.com.br https://forms.hscollectedforms.net https://viacep.com.br https://appdsv.omie.com.br https://api.crm.ops.omie.us https://apidev.crm.ops.omie.us https://api.plm.ops.omie.us https://www.omie.com.br https://app.omie.com.br https://forms.hsforms.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://hubspot-forms-static-embed.s3.amazonaws.com https://www.dataunion.com.br https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.facebook.com/ https://*.hubspot.com https://*.hubapi.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com; form-action https://intercom.help https://api-iam.intercom.io https://www.facebook.com https://*.omie.com.br https://omie.clickmeeting.com/ https://*.omie.com.br https://app.omie.com.br https://www.omie.com.br https://forms.hsforms.com; media-src blob: https://js.intercomcdn.com https://preview.omie.com.br https://www.omie.com.br https://omie.com.br; frame-ancestors 'none'; object-src 'none'; worker-src blob: https://*.omie.com.br; base-uri 'self'; 3 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 3 base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 3 default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 3 img-src data: https: 3 script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self' https://adgen-dev.spotify.com/account/*/ad/*/details https://adgen-dev.spotify.com/preview/* https://ads-voltron-ui-*.slingshot-instance.spotify.net/account/*/ad/*/details https://ads-voltron-ui-*.slingshot-instance.spotify.net/preview/* https://local.spotify.net/account/*/ad/*/details https://local.spotify.net/preview/*; 3 default-src * 'unsafe-inline' 'unsafe-eval' 3 connect-src 'self' wss://streamer.finance.yahoo.com/ https://*.3lift.com https://*.adsrvr.org https://*.appsflyer.com https://*.casalemedia.com https://*.cdn.yimg.com https://*.clean.gg https://*.criteo.com https://*.indexww.com/ https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.oath.com https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.taboola.com https://*.yahoo.com https://*.yahoo.net https://*.yieldmo.com https://ad.doubleclick.net https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/locations https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://bam.nr-data.net/ https://csi.gstatic.com https://dpm.demdex.net/ https://googleads.g.doubleclick.net/td/auctionwinner https://guce.yahoofinance.com https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://pagead2.googlesyndication.com/gampad/ads https://pagead2.googlesyndication.com/getconfig/sodar https://pagead2.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/pcs/activeview https://s.yimg.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://securepubads.g.doubleclick.net/gampad/ads https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/pcs/view https://securepubads.g.doubleclick.net/static/topics/topics_frame.html https://smetrics.att.com/ https://static.criteo.net/js/ld/publishertag.prebid.144.js; default-src 'self'; font-src 'self' data: https://cdn.taboola.com https://finance.yahoo.com https://fonts.gstatic.com https://s.yimg.com; frame-src 'self' https://*.3lift.com https://*.adsrvr.org https://*.advertising.com https://*.casalemedia.com https://*.criteo.com https://*.indexww.com/ https://*.lijit.com/ https://*.media.net https://*.oath.com https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.safeframe.googlesyndication.com https://*.sharethrough.com https://*.taboola.com https://*.yahoo.com https://*.yahoo.net https://*.yieldmo.com https://att.demdex.net/ https://cdn.yahoofinance.com/ https://chartbeat.com https://console.googletagservices.com https://delivery.vidible.tv https://flo.uri.sh/ https://guce.yahoofinance.com https://openweb.jac.yahoosandbox.com/ https://p.bankrate.com https://platform.twitter.com https://primetime.bluejeans.com https://s.yimg.com https://securepubads.g.doubleclick.net https://service.force.com/ https://smartasset.com https://static2.chartbeat.com https://tpc.googlesyndication.com https://w.soundcloud.com/player/ https://widget-yahoo.ofx.com https://www.bankrate.com https://www.credible.com https://www.dailymotion.com/embed/video/ https://www.instagram.com https://www.myfinance.com https://www.surveymonkey.com https://www.youtube.com https://embed.podcasts.apple.com https://yahoo.crunchbaseembed.com https://yahoo.real-estate.hk https://*.google.com https://a.abcnews.go.com https://a1.api.bbc.co.uk https://abc.go.com https://abc11.com https://abc13.com https://abc7.com https://abc7chicago.com https://abc7news.com https://abc7ny.com https://abcnews.go.com https://ad.doubleclick.net https://antena3.com https://aol.com https://api.usatoday.com https://art19.com https://autoblog.com https://bbc.co.uk https://bearswire.usatoday.com https://bengalswire.usatoday.com https://billswire.usatoday.com https://bloomberg.com https://brightcove.hs.llnwd.net https://brownswire.usatoday.com https://buckeyeswire.usatoday.com https://bucswire.usatoday.com https://cbc.ca https://cbs.com https://cbssports.com https://cdn.livestream.com https://celticswire.usatoday.com https://cf-particle-html-test.eip.telegraph.co.uk https://cf-particle-html.eip.telegraph.co.uk https://cf.eip.telegraph.co.uk https://chiefswire.usatoday.com https://coltswire.usatoday.com https://compass.pressekompass.net https://cowboyswire.usatoday.com https://dk79lclgtez2i.cloudfront.net https://e.infogr.am https://elections.ap.org https://embed-ssl.ted.com https://embed.4gtv.tv https://embed.etonline.com https://embed.radiopublic.com https://embed.scribblelive.com https://embed.simplecast.com https://embed.spotify.com https://embed.teamcoco.com https://embed.ted.com https://embed.theguardian.com https://embed.tumblr.com https://embed.vevo.com https://emp.bbc.co.uk https://engadget.com https://es.scribd.com https://espn.go.com https://f1.media.brightcove.com https://fightingirishwire.usatoday.com https://fivethirtyeight.abcnews.go.com https://fr.scribd.com https://golfweek.usatoday.com https://graphics8.nytimes.com https://img.etonline.com https://indd.adobe.com https://interactive.vanityfair.com https://interactives.ap.org https://it.scribd.com https://king5.com https://launch.newsinc.com https://link.brightcove.com https://link.monetizer101.com https://livestream.com https://m.youtube.com https://media.king5.com https://media.mtvnservices.com https://media.wfaa.com https://n.rivals.com https://nbcbayarea.com https://nbcchicago.com https://nbcphiladelphia.com https://nbcwashington.com https://netswire.usatoday.com https://new.livestream.com https://nittanylionswire.usatoday.com https://o.aolcdn.com https://open.whitehouse.gov https://ophan.theguardian.com https://packerswire.usatoday.com https://partners.fantasypros.com https://pca.eonline.com https://player.cnbc.com https://player.ina.fr https://player.ooyala.com https://player.pbs.org https://player.simplecast.com https://player.snacktv.de https://player.theplatform.com https://player.vimeo.com https://player.washingtonpost.com https://podcasts.turner.com https://pressroom.turner.com https://readerschoice.allure.com https://reverb.twitter.com https://s.aolcdn.com https://s.embed.live.huffingtonpost.com https://saintswire.usatoday.com https://scache.vevo.com https://secure-embed.rtve.es https://secure.hulu.com https://secure.mlb.com https://securea.mlb.com https://sep.yimg.com https://soundcloud.com https://sp.yimg.com https://ssc.independent.co.uk https://ssl.coveritlive.com https://static.open-voice.vidible.tv https://static.telegraph.co.uk https://staticxx.facebook.com https://storify.com https://touchdownwire.usatoday.com https://twitter.com https://uw-media.usatoday.com https://video-api-secure.wsj.com https://video-api.wsj.com https://video.foxnews.com https://video.nhl.com https://video.thescore.com https://vimeo.com https://vine.co https://volswire.usatoday.com https://vplayer.nbcsports.com https://washingtonfootballwire.usatoday.com https://wcnc.com https://web.facebook.com https://wfaa.com https://widget.deezer.com https://widgets.ign.com https://www.clicktivatedvideoplayer.com https://www.clicktivatedvideoplayer2.com https://www.deezer.com https://www.eonline.com https://www.facebook.com https://www.flickr.com https://www.funnyordie.com https://www.gamespot.com https://www.gq.com https://www.hellomagazine.com https://www.history.com https://www.hulu.com https://www.kcrg.com https://www.kcrw.com https://www.lasexta.com https://www.liveleak.com https://www.mediamatters.org https://www.mlb.com https://www.msnbc.msn.com https://www.nbc.com https://www.nbcnews.com https://www.nhl.com https://www.npr.org https://www.nydailynews.com https://www.nytimes.com https://www.reuters.com https://www.scribd.com https://www.sny.tv https://www.tumblr.com https://www.usatoday.com https://www.ustream.tv https://www.viddler.com https://www.viki.com https://www.washingtonpost.com https://www.whosay.com https://documentcloud.org https://embed.acast.com https://embed.music.apple.com https://embedder.wirewax.com https://flourish.studio https://open.spotify.com https://player.soundon.fm https://rcm-fe.amazon-adsystem.com https://view.ceros.com https://vplayer.nbcolympics.com; img-src 'self' data: blob: about: http://www.google.com/ads/measurement/l https://*.3lift.com https://*.adsrvr.org https://*.casalemedia.com https://*.cloudfront.net/pixel.gif https://*.criteo.com https://*.googlesyndication.com https://*.indexww.com/ https://*.liadm.com https://*.lijit.com/ https://*.media.net https://*.openx.net https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.taboola.com https://*.wc.yahoodns.net https://*.yahoo.com https://*.yahoo.net https://*.yieldmo.com https://*.yimg.com https://googleads.g.doubleclick.net/pagead/interaction/ https://o.aolcdn.com/images/dims https://pbs.twimg.com https://ping.chartbeat.net https://platform.twitter.com https://pong.chartbeat.net https://public.flourish.studio/resources/ https://res.cloudinary.com https://s2.coinmarketcap.com/static/img/coins/ https://sb.scorecardresearch.com https://securepubads.g.doubleclick.net/pagead/adview https://smetrics.att.com/b/ss/attnetprod/ https://static2.chartbeat.com https://syndication.twitter.com https://vop-yahoo.akamaized.net/pixel.gif https://vop-yahoo.secure.footprint.net/pixel.gif https://www.facebook.com https://yahoovod.hs.llnwd.net/pixel.gif; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://finance.yahoo.com https://s.yimg.com; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-popups-to-escape-sandbox allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.appsflyer.com/ https://*.oath.com https://*.salesforceliveagent.com/ https://*.taboola.com https://*.yahoo.com https://*.yahoo.net https://adservice.google.com/adsid/integrator.js https://cdn.ampproject.org/rtv/ https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://console.googletagservices.com/pubconsole/loader.js https://ec.yimg.com/didomi/ https://gum.criteo.com/ https://jac.yahoosandbox.com/2.0.0/jac.js https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://pagead2.googlesyndication.com/gampad/ https://pagead2.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/tag/js/gpt.js https://platform.twitter.com https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://s.yimg.com https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/tag/js/gpt.js https://service.force.com/embeddedservice/5.0/ https://static.criteo.net/js/ld/publishertag.prebid.144.js https://static.lightning.force.com/ https://static2.chartbeat.com https://tpc.googlesyndication.com/pagead/js/ https://tpc.googlesyndication.com/sodar/sodar2.js https://wnsrvbjmeprtfrnfx.ay.delivery https://www.googletagservices.com/activeview/js/ https://www.googletagservices.com/activeview/js/current/rx_lidar.js; style-src 'self' 'unsafe-inline' https://cdn.taboola.com https://finance.yahoo.com https://oathmembershipsupport.my.salesforce-sites.com/ https://platform.twitter.com https://s.yimg.com https://service.force.com/; worker-src 'self' blob: https://finance.yahoo.com 3 upgrade-insecure-requests; frame-ancestors *.stern.de *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.capital.de *.geo.de *.urbia.de *.vorname.com; frame-src *; 3 frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 3 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 3 default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://lantern.roeyecdn.com https://the.sciencebehindecommerce.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://lh3.google.com https://lh3.googleusercontent.com https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com https://lantern.roeye.com https://lantern.roeyecdn.com https://www.wepowerconnections.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://www.redditstatic.com https://pixel-config.reddit.com https://conversions-config.reddit.com https://the.sciencebehindecommerce.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 3 default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://app.storylane.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://app.storylane.io; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com https://app.storylane.io;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net https://app.storylane.io; child-src blob:; worker-src 'self' blob:; frame-ancestors 'self' https://*.wistia.com https://*.wistia.net https://src.litix.io https://app.storylane.io; 3 frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 3 default-src 'self' blob: https://10web.io *.10web.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' ajax.cloudflare.com *.googleoptimize.com *.tiktok.com *.clarity.ms https://ams.wpml.org https://cdn.jsdelivr.net/npm/air-datepicker@3.3.5/air-datepicker.min.js https://js.stripe.com/v3 https://ams.wpml.org/mini_app/style.css https://*.smooch.io https://*.zendesk.com https://widget.trustpilot.com/ https://embed.typeform.com/next/embed.js https://api.smooch.io/ https://cdn.jsdelivr.net/* https://api.smooch.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com *.hubspot.com *.hubspot.net *.hs-scripts.com *.hs-analytics.net jsfiddle.net *.jsfiddle.net *.bing.com *.datatables.net *.gstatic.com instagram.com *.instagram.com instagr.am https://10web.io *.10web.io *.twitter.com twitter.com *.google.com google.com *.firstpromoter.com firstpromoter.com *.facebook.net *.facebook.com facebook.com *.fbcdn.net reddit.com *.reddit.com redditstatic.com *.redditstatic.com quora.com *.quora.com *.cloudflare.com cloudflare.com https://d10lpsik1i8c69.cloudfront.net https://googleads.g.doubleclick.net *.googleapis.com https://s.ytimg.com https://snap.licdn.com https://static.ads-twitter.com *.google-analytics.com google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://googletagmanager.com https://www.youtube.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com producthunt.com *.producthunt.com *.fontawesome.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js data:; style-src 'self' 'unsafe-inline' 'report-sample' https://embed.typeform.com/next/css/widget.css https://10web.io *.10web.io https://cdn.jsdelivr.net/npm/air-datepicker@3.3.5/air-datepicker.min.css https://*.smooch.io https://*.zendesk.com https://hello.myfonts.net/count/36f1f3 https://tools.luckyorange.com *.datatables.net https://d10lpsik1i8c69.cloudfront.net *.googleapis.com *.googleusercontent.com googleusercontent.com google.com *.google.com *.googletagmanager.com googletagmanager.com *.sentry-cdn.com *.fontawesome.com data: blob: https://10web.io *.10web.io; img-src * 'self' data: blob:; font-src 'self' data: https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com *.gstatic.com *.googleusercontent.com googleusercontent.com storage.googleapis.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ hello.myfonts.net *.fontawesome.com; connect-src * 'self'; media-src 'self' https://10web.io *.10web.io *.s3.us-west-2.amazonaws.com *.amazonaws.com https://s3-us-west-2.amazonaws.com/10web-tts/audios/* *.s3.amazonaws.com *.imgur.com imgur.com https://d10lpsik1i8c69.cloudfront.net wss://*.smooch.io https://*.smooch.io https://*.zendesk.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.google.com google.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com *.firstpromoter.com firstpromoter.com; frame-src 'self' jsfiddle.net https://form.typeform.com https://demo.arcade.software https://widget.trustpilot.com https://forms.hsforms.com/ https://app.hubspot.com *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com jsfiddle.net https://app.hubspot.com *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com; base-uri 'self' https://10web.io *.10web.io; manifest-src 'self' https://10web.io *.10web.io; report-uri https://o397950.ingest.sentry.io/api/5263028/security/?sentry_key=8444a18b08184aef960a8eded99e7e7a; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.hotjar.com https://in.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com; media-src 'self' data: blob:; frame-src 'self' https://interactive-img.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.hscollectedforms.net https://*.googletagmanager.com; 3 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 3 default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 3 object-src 'none';; upgrade-insecure-requests 3 frame-ancestors 'self' https://guides.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src https:; connect-src https:; object-src https:; child-src https:; 3 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 3 upgrade-insecure-requests; base-uri 'self' 3 frame-ancestors 'self' https://*.mindtickle.com https://*.mindtickle.app https://digdeeper.sysdig.com https://enablement.sysdig.com 3 default-src 'self' p11.techlab-cdn.com; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net p11.techlab-cdn.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com p11.techlab-cdn.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 3 frame-ancestors 'self' https://accounts.icarsuite.com https://dealerships.icarsuite.com 3 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3 default-src 'self' data: blob: *.ifs.com *.justgiving.com *.searchstax.com *.twitter.com *.ads-twitter.com *.facebook.net https://*.onetrust.com https://*.sonobi.com https://*.spotxchange.com https://*.addthis.com https://*.socdm.com https://*.fout.jp https://*.stickyadstv.com https://*.adtdp.com *.litix.io *.demandbase.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.google-analytics.com www.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.gstatic.com *.cloudflare.com *.leadforensics.com linkedin.oribi.io *.oribi.io *.t.co *.google.lk *.smartrecruiters.com *.mathtag.com *.doubleclick.net pixel.tapad.com *.marketo.com *.marketo.net *.linkedin.com *.krxd.net p.adsymptotic.com *.comparesoft.com tracking.g2crowd.com tr.apsislead.com static.oktopost.com tags.bkrtx.com snap.licdn.com *.rlcdn.com *.hotjar.com *.hotjar.io *.yahoo.com https://*.openx.net https://*.casalemedia.com https://*.bidswitch.net *.vendemore.com careers-p2energysolutions.icims.com https://*.adingo.jp *.clarity.ms www.facebook.com *.okt.to okt.to *.bluekai.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com siteimproveanalytics.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com aa.agkn.com y.one.impact-ad.jp wss://*.hotjar.com https://*.adnxs.com https://*.pubmatic.com https://*.adsrvr.org https://*.adform.net https://*.shinobi.jp https://*.smaato.net https://*.semasio.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adsrvr.org marketing.ultimo.com *.mplat-ppcprotect.com *.o11.tech *.sentry-cdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.inzynk.io *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.company-target.com *.marketo.com *.adoberesources.net *.adobe.com *.typekit.net *.adobe.io wss://*.adobe.io *.googleusercontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' fast.wistia.com info.ifs.com; frame-src 'self' *.smartrecruiters.com *.o11.tech *.adsrvr.org marketing.ultimo.com *.company-target.com *.marketo.com careers-p2energysolutions.icims.com www.facebook.com info.ifs.com *.wistia.net *.hotjar.com *.bluekai.com *.doubleclick.net *.wistia.com *.adobe.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://cdn.matomo.cloud/ https://verbund.matomo.cloud https://cdnjs.cloudflare.com https://www.googleadservices.com https://analytics.verbund.com/matomo.js https://consent.verbund.com https://snap.licdn.com https://unpkg.com https://webcast.a1.net https://vjs.zencdn.net https://googleadservices.com https://www.gstatic.com https://js.anyline.com https://dev.visualwebsiteoptimizer.com https://verbundblog.disqus.com https://connect.facebook.net https://*.google.com https://*.googleapis.com https://s.ytimg.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://platform.linkedin.com https://code.jquery.com https://platform.twitter.com https://c.disquscdn.com https://disqus.com https://*.disqus.com https://apps.verbund.at https://emea3.recruitmentplatform.com https://code.createjs.com https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com/cachedClickId https://googleads.g.doubleclick.net; font-src 'self' https://consent.verbund.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; frame-src 'self' https://*.googlesyndication.com https://consent.verbund.com https://verbund.prosiebensat1puls4.tv/ https://base.streamdiver.com/ https://my.walls.io/ https://uvp-ots.sf.apa.at https://www.google.com https://optimize.google.com https://*.disqus.com https://disqus.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://staticxx.facebook.com https://*.doubleclick.net https://*.twitter.com https://accounts.google.com https://irs.tools.investis.com https://apps.verbund.at; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.verbund.com https://streamer.a1.net; media-src * blob: data:; img-src 'self' https://*.googlesyndication.com https://consent.verbund.com https://content.prescreen.io https://jobdata.prescreen.io https://px.ads.linkedin.com https://webcast.a1.net https://www.pw-footprints.de https://connect.facebook.net https://*.doubleclick.net https://3662592.fls.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.google.at https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://*.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.twitter.com https://www.foto-webcam.eu https://*.it-wms.com data: https://i.ytimg.com https://www.facebook.com https://c.disquscdn.com https://referrer.disqus.com https://maps.google.com https://cx.atdmt.com https://www.verbund.com https://tr.outbrain.com; connect-src 'self' https://*.googlesyndication.com https://verbund.matomo.cloud https://analytics.verbund.com/matomo.php https://cdn.linkedin.oribi.io/partner/4825250/domain/verbund.com/token https://consent.verbund.com https://at-cdn14.streamdiver.com https://metrics.articulate.com/v1/import https://streamer.a1.net https://webcast.a1.net https://*.analytics.google.com https://analytics.google.com https://maps.googleapis.com https://reporting.anyline.com https://js.anyline.com https://anyline-reporting.herokuapp.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://links.services.disqus.com https://dev.visualwebsiteoptimizer.com https://emea3.recruitmentplatform.com https://www.google.com/pagead/landing https://px.ads.linkedin.com/wa/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://consent.verbund.com https://webcast.a1.net https://optimize.google.com https://c.disquscdn.com https://fonts.googleapis.com https://tagmanager.google.com; worker-src blob: https://www.verbund.com https://*.verbund.com; frame-ancestors 'self' https://energiemanagement.verbund.at; 3 frame-ancestors https://supersafe.ourcodeworld.com/; 3 frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.williamhill-pp1.es *.williamhill.es *.williamhill-pp1.it *.williamhill.it *.plugnplay.host 3 object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self'; 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' https://captcha.gecirtnotification.com 3 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob: https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 3 frame-ancestors 'self' http://*.commonwealthu.edu https://*.commonwealthu.edu http://commonwealthu.prod.acquia-sites.com https://commonwealthu.prod.acquia-sites.com http://commonwealthustage.prod.acquia-sites.com https://commonwealthustage.prod.acquia-sites.com http://commonwealthudev.prod.acquia-sites.com https://commonwealthudev.prod.acquia-sites.com http://commonwealthura.prod.acquia-sites.com https://commonwealthura.prod.acquia-sites.com http://commonwealth.ddev.site https://commonwealth.ddev.site https://*.vimeo.com https://*.youtube.com https://bbox.blackbaudhosting.com; report-uri https://www.commonwealthu.edu/report-uri/enforce 3 default-src *; child-src 'self' blob:; connect-src * blob: ws: wss:; frame-src 'self' api.foxentry.cz www.databreakers.com cdn.msgok.net www.mall.tv mall.fameplay.tv fameplay.tv www.google.com www.youtube.com creativecdn.com sketchfab.com socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com www.zbozi.cz cj.dotomi.com payu.com secure.payu.com merch-prod.snd.payu.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com *.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ code.jquery.com translate.google.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com *.doubleclick.net *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz ssl.heureka.cz ssl.heureka.sk localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ *.mczbf.com *.cj.com *.payu.com; style-src * 'unsafe-inline'; img-src * data:; object-src 'none' 3 font-src fonts.gstatic.com use.typekit.net https://apretailer.com.br *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.us1.gigya.com *.openpay.mx *.openpay.co *.mercadolibre.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx www.google-analytics.com unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com www.gstatic.com *.google.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.openpay.mx unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://www.gravatar.com *.googleusercontent.com https://apretailer.com.br https://cdn.aplazo.mx www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.us1.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ unpkg.com www.gstatic.com *.google.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net *.facebook.com *.facebook.net http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com 'unsafe-inline' data: https://apretailer.com.br unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com *.openpay.pe unpkg.com googleads.g.doubleclick.net commerce.adobedtm.com magento-recs-sdk.adobe.net www.gstatic.com *.google.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.enviou.com.br *.facebook.com *.facebook.net http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br https://apretailer.com.br api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src bam.nr-data.net googleads.g.doubleclick.net csm.us5.us.criteo.net commerce.adobedc.net https://apretailer.com.br *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 frame-ancestors 'self' https: 3 frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 3 frame-ancestors 'none' ; 3 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self' 'unsafe-inline' *.myconnectsuite.com *.schoolinsites.com *.pcmac.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; base-uri 'self'; form-action 'self' 'unsafe-inline' *; img-src 'self' *; connect-src 'self' *; frame-src *; media-src 'self' blob: *; worker-src 'self' blob: * 3 frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 3 default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https: blob:; frame-ancestors 'self'; upgrade-insecure-requests 3 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 3 default-src https: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; object-src 'none'; frame-ancestors 'none' 3 img-src 'self' cbpssubscriber.mygov.in img.youtube.com *.s3waas.gov.in secure.gravatar.com data: www.nic.in informatics.nic.in xn--m1bet4hqd2b.xn--h2brj9c xn--m1bet4hqd2b.xn--h2brj9c;connect-src 'self' *.s3waas.gov.in www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in data: 3 font-src 'self' prd-cdn.abrdn.com data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com *.qumucloud.com *.abrdn.com; frame-ancestors 'self' *.abrdn.com *.qumucloud.com https://www.asia-focus.co.uk https://www.asian-income.co.uk https://www.abrdnchina.co.uk https://www.abrdndiversified.co.uk https://www.abrdnequityincome.com https://www.eurologisticsincome.co.uk https://www.abrdnjapan.co.uk https://www.latamincome.co.uk https://www.newdawn-trust.co.uk https://www.abrdnnewindia.co.uk https://www.abrdnpeot.co.uk https://www.abrdnpit.co.uk https://www.abrdnsmallercompaniesincome.co.uk https://www.abrdnuksmallercompaniesgrowthtrust.co.uk https://www.asiadragontrust.co.uk https://www.ceibalimited.co.uk https://www.dunedinincomegrowth.co.uk https://www.murray-income.co.uk https://www.murray-intl.co.uk https://www.shiresincome.co.uk https://www.northamericanincome.co.uk https://www.ukcpreit.com https://www.invtrusts.co.uk https://dqm.crownpeak.com; upgrade-insecure-requests; 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 3 frame-ancestors 'self' *.zdnet.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 3 object-src 'none'; report-uri /report-csp-violation 3 base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self' *.mycleverpush.com; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch *.abtasty.com; upgrade-insecure-requests; worker-src blob: 'self' static.cleverpush.com 3 upgrade-insecure-requests; report-uri 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; 3 default-src 'self' *.livejournal.com *.livejournal.net *.dsp-rambler.ru *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru *.adlooxtracking.com adlooxtracking.com *.adlooxtracking.ru adlooxtracking.ru ad.mail.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org cdn.jsdelivr.net cdnjs.smi2.ru content.adriver.ru *.criteo.com *.criteo.net data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net gist.github.com googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com *.weborama.fm weborama.fm *.weborama.fr weborama.fr *.weborama.ru weborama.ru *.weborama-tech.ru weborama-tech.ru *.webturn.ru *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.adriver.ru ad.mail.ru *.ad-tech.ru api.giphy.com bs.serving-sys.ru cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.dsp-rambler.ru *.eaglecdn.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net privacy-cs.mail.ru *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru sve.online.sberbank.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: *.livejournal.net youtube.com *.youtube.com; child-src 'self' blob:; 3 default-src 'self' 'unsafe-inline' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://evnt.byspotify.com https://*.lt02.net https://*.tangiblee.com https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.lt02.net https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://e.issuu.com/ https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://pixels.spotify.com https://pixel.byspotify.com https://*.lt02.net https://*.tangiblee.com https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com https://*.tangiblee.com; script-src-elem 'self' 'unsafe-inline' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net https://*.linksynergy.com https://*.klarna.com https://*.tangiblee.com; style-src-elem 'self' 'unsafe-inline' https://*.movado.in https://link.mail.movado.com https://link.mail.movadocompanystore.com https://link.mail.oliviaburton.com https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com https://*.tangiblee.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://link.mail.mvmt.com https://*.lt02.net https://*.tangiblee.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 3 frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 3 default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 3 script-src 'strict-dynamic' 'nonce-sha256-ZUZDixfdBq9FogzEWsNE8d6jSnsBqn6HcPkqLTB4BV4' dealogic.com www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; object-src 'none'; base-uri 'self'; 3 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 3 default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net *.amondo.com tagmanager.google.com platform.twitter.com use.fontawesome.com rsms.me;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu media.amondo.com static.amondo.com secure.adnxs.com match.adsrvr.org cm.g.doubleclick.net dpm.demdex.net image2.pubmatic.com d.turn.com sync.go.sonobi.com token.rubiconproject.com match.prod.bidr.io ad.360yield.com sync.smartadserver.com sync.1rx.io u.openx.net pixel.tapad.com sync.colossusssp.com ssum-sec.casalemedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com *.amondo.com *.ad.gt geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com tag.durationmedia.net be.durationmedia.net stage-be.durationmedia.net stage-tag.durationmedia.net tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com safeframe.googlesyndication.com cdn.confiant-integrations.net rumcdn.geoedge.be tr.snapchat.com id.hadron.ad.gt ad.gt cdn.hadronid.net;connect-src 'self' *.be.durationmedia.net *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com *.amondo.com *.ad.gt be.durationmedia.net geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com durationmedia-d.openx.net rtb.openx.net u.openx.net js-sec.indexww.com dsum.casalemedia.com htlb.casalemedia.com ssp.theadx.com bid.contextweb.com bh.contextweb.com t.pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image8.pubmatic.com ads.servenobid.com public.servenobid.com sync.1rx.io ap.lijit.com sync.adkernel.com id.hadron.ad.gt ad.gt cdn.hadronid.net adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com rsms.me static.amondo.com s3-res.amondo.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.jebbit.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com static.amondo.com rsms.me td.doubleclick.net;media-src www.lntvglobal.com *.livenationinternational.com *.amondo.com;worker-src 'self' blob: 3 default-src https: 'unsafe-inline' 'unsafe-eval' 3 upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none' 3 frame-ancestors 'self'; frame-src *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.yourhosting.nl *.freshdesk.com *.freshchat.com demo.arcade.software *.typeform.com *.hsforms.com *.doubleclick.net yoursitehulp.nl app.vwo.com *.versio.nl *.hubspot.com yourhosting-25507368.hs-sites-eu1.com *.adroll.com 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 3 frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ 3 frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com http://*.paperflite.com https://*.paperflite.com http://*.cleverstory.io https://*.cleverstory.io; 3 default-src 'self' blob: *.energieag.at news.netzooe.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io marketing.piwik.pro energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com wss://*.cognigy.ai *.cognigy.ai *.githubusercontent.com maps.google.de *.fliphtml5.com cdn.jsdelivr.net *.spotify.com 'unsafe-inline' 'unsafe-eval' data: 3 img-src * https: data:; object-src 'none'; frame-ancestors 'self' https://app.contentful.com 3 frame-ancestors https://*.myshopify.com https://admin.shopify.com 3 object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 3 default-src 'self' https://*.cms.vwfs.tools ; img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.pl https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de https://cms-assets.vwfs.io https://smetrics.vwfs.pl https://mediaservice.audi.com https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ; script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com https://target.vwfs.pl https://smetrics.vwfs.pl https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ; style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.pl https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ; connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.pl https://smetrics.vwfs.pl https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pl http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com https://smetrics.vwfs.tools; frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ; object-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://nbw.vwfs.pl; media-src https://www.youtube-nocookie.com 'self' ; 3 default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 3 frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 3 default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 3 frame-ancestors https://app.storyblok.com 3 default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 3 frame-ancestors 'self' * 3 default-src 'self'; base-uri 'self'; connect-src 'self' *.clarity.ms https://consent.cookiebot.com https://q.clarity.ms/collect https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://api.herefish.com https://c.6sc.co https://consentcdn.cookiebot.com https://distillery.wistia.com *.applicationinsights.azure.com https://embed-cloudfront.wistia.com https://fast.wistia.com https://ipv6.6sc.co https://js.zi-scripts.com https://l.sharethis.com https://pipedream.wistia.com https://px.ads.linkedin.com https://r.clarity.ms https://stats.g.doubleclick.net https://tracking.g2crowd.com https://ws.zoominfo.com https://www.google-analytics.com https://www.google.com *.crwdcntrl.net https://fg8vvsvnieiv3ej16jby.litix.io; font-src 'self' *.epiqglobal.com *.bluemod.us https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://fast.wistia.com; frame-src 'self' *.epiqglobal.com https://app.herefish.com https://form.typeform.com https://www.youtube.com https://fast.wistia.net https://player.vimeo.com https://www.g2.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://t.sharethis.com https://www.google.com https://go.epiqglobal.com/ https://www.buzzsprout.com; frame-ancestors 'self' *.epiqglobal.com *.bluemod.us *.bluemod.me; img-src 'self' data: *.bing.com *.clarity.ms *.bluemod.us *.bludmod.me *.epiqglobal.com *.linkedin.com https://f.hubspotusercontent20.net https://insights.hgpresearch.com https://privacy-policy.truste.com https://pic3.zhimg.com https://pages.hyperiongp.com https://besixth.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://storage.pardot.com https://via.placeholder.com *.sharethis.com https://b.6sc.co https://fast.wistia.com https://imgsct.cookiebot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' blob:; object-src 'none'; report-uri https://6658ad1fa52bdea0f50df6d5.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: https://api.herefish.com https://www.epiqglobal.com https://www.clarity.ms https://googleads.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://embed.typeform.com https://fast.wistia.net https://player.vimeo.com https://www.googletagmanager.com https://platform-api.sharethis.com/panorama.js https://api.herefish.com/scripts/hf.js https://buttons-config.sharethis.com/js/60c0851926c3eb001107c372.js https://consent.cookiebot.com https://consentcdn.cookiebot.com https://fast.wistia.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/766208465/ https://j.6sc.co/6si.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://js.zi-scripts.com/zi-tag.js https://pi.pardot.com/analytics https://platform-api.sharethis.com/js/sharethis.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://t.sharethis.com/1/k/t.dhj https://tracking.g2crowd.com/attribution_tracking/conversions/1006581.js https://ws-assets.zoominfo.com/formcomplete.js https://www.clarity.ms/tag/dv7zchxaog https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js https://js.sentry-cdn.com https://js.hsforms.net/forms/v2.js https://pi.pardot.com/pd.js https://go.epiqglobal.com https://www.buzzsprout.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://browser.sentry-cdn.com; style-src 'report-sample' 'self' 'unsafe-inline' https://app.herefish.com https://embed.typeform.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; worker-src 'none'; 3 frame-ancestors 'self';upgrade-insecure-requests; 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 3 style-src 'self' blob: 'unsafe-inline' *.maze.co *.google.com *.gstatic.com *.abtasty.com *.crazyegg.com *.googleapis.com *.satisfait-ou-rembourse-braun.fr *.offre-promotionnelle.fr *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: de-grafana-agent-prod.pg.com de-grafana-agent-dev.pg.com unpkg.com *.maze.co *.abtasty.com *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.impactcdn.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.abtasty.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.maze.co *.gstatic.com *.googleapis.com *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.maze.co *.google.com *.abtasty.com *.amazonaws.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: *.maze.co *.twitch.tv *.sjv.io *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.abtasty.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.offre-promotionnelle.fr *.satisfait-ou-rembourse-braun.fr *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io ; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.adobedtm.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.addtoany.com *.mktoweb.com *.marketo.net *.licdn.com *.doubleclick.net *.vimeocdn.com *.optmnstr.com *.vimeo.com *.bing.com *.jotform.com *.jotfor.ms *.newrelic.com *.google.com cdnjs.cloudflare.com browser.sentry-cdn.com *.nr-data.net static.hotjar.com *.hotjar.com ajax.googleapis.com *.omappapi.com static.ads-twitter.com *.zoominfo.com *.salesloft.com *.drift.com *.driftt.com *.cookielaw.org *.onetrust.com *.clickagy.com *.zoominfo.com *.6sc.co *.g2crowd.com *.googlesyndication.com *.bizible.com *.googleadservices.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mktoweb.com *.jotfor.ms *.omappapi.com fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.driftt.com; frame-src player.vimeo.com *.doubleclick.net static.addtoany.com *.mktoweb.com vars.hotjar.com rocketsoftware.demdex.net *.facebook.com *.google.com *.jotform.io *.jotform.us *.jotform.com *.youtube.com *.captivate.fm *.drift.com *.driftt.com; frame-ancestors rbc.rocketsoftware.com rbcint.rocketsoftware.com den-vm-u2bcweb.u2lab.rs.com us-east-1.content-hub.acquia.com truedx.trubiquity.de; child-src 'self'; font-src 'self' script.hotjar.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' info.rocketsoftware.com *.mktoresp.com *.omappapi.com *.omtrdc.net *.demdex.net *.google-analytics.com *.bing.com api.company-target.com *.nr-data.net *.hotjar.com *.hotjar.io *.google.com www.facebook.com *.mktoutil.com wss://*.hotjar.com *.jotform.us *.salesloft.com *.cookielaw.org *.onetrust.com *.clickagy.com *.zoominfo.com cdn.linkedin.oribi.io *.6sc.co *.6sense.com *.adnxs.com *.doubleclick.net *.googlesyndication.com *.googletagmanager.com *.linkedin.com adservice.google.com *.googleadservices.com *.google.co.uk; report-uri /report-csp-violation; upgrade-insecure-requests; form-action 'self' *.facebook.com *.jotform.us *.jotform.com; base-uri 'self' 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 3 default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 3 reflected-xss block 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' 3 frame-src 'self' 3 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net contactis.ua *.contentsquare.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googleapis.com *.google.com *.google.de *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.serving-sys.com *.taboola.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn.inis360.com cdn.oribi.io cdn-assets-prod.s3.amazonaws.com cloudrizon.formstack.com graph.facebook.com heizungonline.vaillant.de io.fusedeck.net mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be optimizely.s3.amazonaws.com popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.recaptcha.net www.instalxpert.be; connect-src 'self' ws: *.analytics.google.com *.clarity.ms *.contentsquare.net *.criteo.com *.delivery.consentmanager.net *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.serving-sys.com *.taboola.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es capig.stape.cc heizungonline.vaillant.de ib.adnxs.com mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it s.yimg.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.zenloop.com cdn01l.vaillant-group.com cloudrizon.formstack.com heizungonline.vaillant.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be preventivi.vaillant.it toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl www.googletagmanager.com www.instalxpert.be; img-src 'self' blob: data: *.adalyser.com *.adform.net *.adroll.com *.bidswitch.net *.bing.com *.clarity.ms *.consentmanager.net *.contentsquare.net *.doubleclick.net *.facebook.net *.facebook.com *.g.doubleclick.net *.google.de *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.taboola.com a.mgid.com a.twiago.com ad.360yield.com ad.yieldlab.net app.optimizely.com cdn01l.vaillant-group.com cdn.optimizely.com contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv e1.emxdgt.com eb2.3lift.com exchange.mediavine.com dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com gum.criteo.com hb.yahoo.net heizungonline.vaillant.de ib.adnxs.com id5-sync.com jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de offerte.bulex.be offre.bulex.be offer.vaillant.be pixel.rubiconproject.com preventivi.vaillant.it rtb-csync.smartadserver.com r.casalemedia.com res.cloudinary.com server.seadform.net sp.analytics.yahoo.com static.cleverpush.com sync-criteo.ads.yieldmo.com us-u.openx.net ups.analytics.yahoo.com verkoopkansen.vaillant.nl visitor.omnitagjs.com; font-src 'self' data: *.loyjoy.com cdn01l.vaillant-group.com fonts.cdnfonts.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it script.hotjar.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud toolbox.vaillant.de verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' eshopspares.protherm.sk pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at http://sso.wigam.com sso.wigam.com https://sso.wigam.com:8016 http://www.columbusconnect.it *.columbusconnect.it *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant.es *.vaillant-group.com; frame-src 'self' *.adroll.com *.adform.net *.captivate.fm *.cdn.optimizely.com *.cdn-pci.optimizely.com *.consentmanager.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.google.com *.oplead.com *.pinterest.com *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.vaillant-systeme.de *.vaillantkotle.cz *.vaillant.es *.vaillant.ua 27052801.hs-sites-eu1.com aides.saunierduval.fr ams.creativecdn.com apps.vaillantgroup.org bayi.demirdokum.net cat.vaillant.it cat.hermann-saunierduval.it cerpadla.protherm.cz cloud.at.vgmarketingcloud.com contotermicovaillant.vaillantgroup.it contotermicohsd.vaillantgroup.it customer.vaillant.com.tr epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es forms.office.com gutschein.vaillant.de identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com kotle.protherm.cz mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.vaillant.it powerfinder.hermann-saunierduval.it servicevaillant.wufoo.com servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch wwwvaillantbe.mycleverpush.com www.foerderdata.at www.foerdermittelauskunft.de www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com; upgrade-insecure-requests; 3 default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; frame-ancestors 'self' https://app.optimizely.com; 3 frame-ancestors 'self' *.plataformaneo.com.br 3 upgrade-insecure-requests; object-src 'none' 3 sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 3 upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' affimvip.baidu.com static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' manifest.prod.boltdns.net *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 3 frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch https://www.swisslife.ch 3 font-src 'none' 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 3 frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint 3 frame-ancestors 'self' chromacam.me personifyinc.com 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 3 upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 3 frame-ancestors 'self' https://citylightcloud.com https://geocentric.com 3 default-src 'self'; img-src 'self'; script-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; 3 default-src 'self' blob:; img-src 'self' 'unsafe-eval' data: blob: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com img.youtube.com *.eu-central-1.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop http://localhost:60101 *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com connect.facebook.net blob: *.cookiepro.com s3.eu-central-1.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net; font-src 'self' *.eu-central-1.amazonaws.com photoservice.cloud oam-software.com om.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com http://localhost:60139 http://localhost:60600 http://localhost:60111 http://localhost:60101 http://localhost:60200 http://localhost:49860 *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms c.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *; object-src 'none'; 3 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 3 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3 frame-ancestors 'self' https://*.batchgeo.com 3 default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net https://js.hs-scripts.com https://js.hs-analytics.net https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://script.crazyegg.com/ https://errors-tracking.crazyegg.com https://tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com https://compare.defaqto.com/ https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io *.bmw-motorrad-insurance.com https://cdnjs.cloudflare.com https://webchat.helpshift.com https://*.webchat.helpshift.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net https://*.youtube.com https://static.zdassets.com https://api.eu-1.smooch.io 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk *.bmw-motorrad-insurance.com https://cdnjs.cloudflare.com https://api.crazyegg.com/ *.healthy-pets.co.uk https://lptag.liveperson.net https://cdn.lpsnmedia.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com https://api.crazyegg.com/ *.healthy-pets.co.uk data: https://cdn.lpsnmedia.net https://atlantagroup.zendesk.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com https://compare.defaqto.com/ https://webchat.helpshift.com https://*.webchat.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.veed.io/ *.bmw-motorrad-insurance.com *.healthy-pets.co.uk https://cdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lo.shiftstatus.liveperson.net https://*.youtube.com 'self' web-chat.nativechat.com; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.justmotorinsurance.com *.just-motorcycleinsurance.com *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ *.bmw-motorrad-insurance.com https://api.crazyegg.com/ *.healthy-pets.co.uk wss://lo.msg.liveperson.net https://cdn.lpsnmedia.net https://accdn.liveperson.net https://lpcdn.lpsnmedia.net https://ekr.zdassets.com https://mml1.zendesk.com https://bat.bing.com wss://api.eu-1.smooch.io 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com blob: https://cdn.lpsnmedia.net blob: https://lpcdn.lpsnmedia.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 3 manifest-src 'self' 3 script-src 'self' 'unsafe-inline' blob: *.filadd.com *.fullstory.com *.googletagmanager.com *.googleadservices.com *.amplitude.com *.facebook.com *.facebook.net sibautomation.com onesignal.com cdn.onesignal.com *.sendinblue.com *.getgist.com *.mercadopago.com *.google-analytics.com *.jsdelivr.net *.cloudfront.net *.hotjar.com *.pagar.me *.googleapis.com *.google.com *.googleoptimize.com *.doubleclick.net *.sentry.io *.tiktok.com *.clare.ai *.luckyorange.com paperform.co *.rudderlabs.com *.heapanalytics.com *.highlight.run *.highlight.io unpkg.com *.webflow.com *.elfsight.com *.elfsightcdn.com *.krip.cl *.fontawesome.com *.sharethis.com *.mxpnl.com *.website-files.com wheelofpopups.com *.wheelofpopups.com *.mbirdcdn.net 3 frame-ancestors 'self' *.get-paid.com *.flokigames.com *.localhost freebitcoin.io http://localhost:3000 3 default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 3 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 3 frame-ancestors 'self' *.nokia.com *.ceros.com 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 3 form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 3 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 3 default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 3 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net 3 default-src * 'unsafe-eval' 'unsafe-inline' data: mediastream: blob: filesystem:; 3 style-src 'self' 'unsafe-inline' 3 frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com youtube.com *.hsforms.com issuu.com; object-src 'none';base-uri 'self' 3 default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https:; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 3 frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/ http://www.calgarycrematorium.com https://www.calgarycrematorium.com http://calgarycrematorium.com https://calgarycrematorium.com; object-src 'none'; 3 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 3 font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 3 script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com unpkg.com *.greencolumnart.com *.hotjar.com *.cloudfront.net *.scarabresearch.com code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com *.cdnfonts.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com webpay3g.transbank.cl webpay3gint.transbank.cl *.scarabresearch.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.integration.komax.eclt.lnt.cl *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.oraclecloud.com *.guess.cl *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.integration.komax.eclt.lnt.cl https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.scarabresearch.com code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.google-analytics.com *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com wss://ws.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.greencolumnart.com *.hotjar.io *.hotjar.com *.scarabresearch.com 'self' 'unsafe-inline'; 3 frame-ancestors 'self' https://omnidoctor.ru/ 3 base-uri 'self'; object-src 'none'; frame-ancestors 'self'; default-src * data: blob: filesystem: about: ws: wss: http: https: 'unsafe-inline' 'unsafe-eval'; 3 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 3 default-src 'self' aj-mm.de *.aj-mm.de *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net *.google-analytics.com *.analytics.google.com www.facebook.com https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com; style-src 'self' 'unsafe-inline' aj-mm.de *.aj-mm.de aj-matomo-int1.mm-df1.net *.mm-rh3.net *.googleapis.com *.google.com https://analytik-jena.ladesk.com *.ytimg.com *.analytik-jena.com *.analytik-jena.de; img-src 'self' data: *.ytimg.com *.google-analytics.com *.gstatic.com yt3.ggpht.com *.googletagmanager.com www.facebook.com *.mm-df1.net *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local aj-mm.de *.aj-mm.de https://a.visitorqueue.com https://px.ads.linkedin.com https://www.linkedin.com https://analytik-jena.ladesk.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com *.bizgeniusapp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' aj-mm.de *.aj-mm.de *.youtube.com *.ytimg.com *.google.com *.google-analytics.com *.googletagmanager.com connect.facebook.net *.mm-df1.net *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local aj-upgrade.local https://pi.pardot.com https://tracker.analytik-jena.com https://analytik-jena.ladesk.com https://www.kicktipp.de https://www.kicktipp.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net https://t.visitorqueue.com https://snap.licdn.com https://www.googleadservices.com https://www.bizgeniusapp.com/api/citation.min.js; font-src 'self' aj-matomo-int1.mm-df1.net *.gstatic.com *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de https://analytik-jena.ladesk.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com; frame-src 'self' *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net www.youtube-nocookie.com player.vimeo.com www.facebook.com www.youtube.com player.vimeo.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net https://www.kicktipp.de https://www.kicktipp.com; connect-src 'self' data: blob: *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net https://www.facebook.com *.google-analytics.com *.analytics.google.com https://cdn.linkedin.oribi.io https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com https://www.userlike.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com wss://umd.userlike.com umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com https://tracker.analytik-jena.com https://analytik-jena.ladesk.com https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com *.bizgeniusapp.com; worker-src blob: 3 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 3 default-src http: data: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self'; img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net; media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net; style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net; style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw='; script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp; font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net; form-action 'self' *.mul-pay.jp; connect-src 'self' www.google-analytics.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com; frame-ancestors 'self'; 3 frame-ancestors 'self' https://jupiter.kk.lan/ 3 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to 3 default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 3 img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 2 frame-ancestors 'self' https://*.al-array.com/ 2 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-4eokqTYHcHwBH+lOjKAskg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 2 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 2 default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://mixpanel.com https://*.mixpanel.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.trychameleon.com https://*.hotjar.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net https://*.doubleclick.net https://www.dwin1.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.mutinycdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://www.redditstatic.com/ads/ https://*.singular.net https://*.ads-twitter.com https://*.typeform.com https://use.typekit.net https://mxpnlcms.wpengine.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: data: https://*.trychameleon.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://storage.googleapis.com https://*.facebook.com https://*.6sc.co https://*.adnxs.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.g2crowd.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://*.mutinyhq.com https://*.mutinyhq.io https://*.mutinycdn.com https://cdn.linkedin.oribi.io https://*.reddit.com https://www.redditstatic.com/ads/ https://*.singular.net https://mxpnlcms.wpengine.com https://*.zoominfo.com; img-src 'self' blob: data: https://*.chmln-cdn.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mutinycdn.com https://*.openx.net https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpengine.com https://mxpnlcms.wpenginepowered.com https://*.analytics.yahoo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://fonts.googleapis.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://cdn.mxpnl.com/static/ https://js.stripe.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://recaptcha.net https://*.recaptcha.net https://*.typeform.com; worker-src 'self' blob:; 2 frame-ancestors 'self' https://buttercms.com 2 report-uri /v1/csplog; block-all-mixed-content 2 frame-ancestors 'self' *.deloitte.com; 2 frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2 upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster: blob:; 2 frame-ancestors https://app.mutinyhq.com 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 2 frame-ancestors http://*.wps.com https://*.wps.com 2 frame-ancestors 'self' https://*.mglu.io https://*.magalu.com https://*.luizalabs.com https://*.magazineluiza.com.br; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self' https://afiliados.locaweb.com.br 2 frame-ancestors 'self' https://yotpo--uat.sandbox.my.site.com https://partners.yotpo.com https://www.yotpo.com https://*.paperflite.com https://content.yotpo.com https://yotpo.app.workramp.com https://*.gtmbuddy.io 2 base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: blob: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-NWMyZWQ5YTItMjk0NS00NTU2LWI3MGEtNzY1ODUxMThiNmFh' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://*.googletagmanager.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.gstatic.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/ https://tenor.googleapis.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 2 default-src 'self' data:;script-src 'self' 'unsafe-inline' data: *.fbcdn.net connect.facebook.net *.facebook.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ 'unsafe-eval' gw.conversionsapigateway.com https://*.youtube.com;style-src 'self' 'unsafe-inline' data: *.fbcdn.net 'unsafe-eval' *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;connect-src blob: *.fbcdn.net www.meta.com *.www.meta.com www.facebook.com/tr/ secure.facebook.com/payments/generate_token *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com;font-src data: *.fbcdn.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;img-src 'self' blob: data: *.fbcdn.net *.fbsbx.com *.oculuscdn.com www.facebook.com/tr/ *.cdninstagram.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com https://*.ytimg.com *.youtube.com;media-src blob: data: lookaside.fbsbx.com *.fbcdn.net *.cdninstagram.com *.oculuscdn.com;child-src blob: data: *.fbcdn.net;frame-src data: *.fbcdn.net www.facebook.com/tr/ www.meta.com/common/ *.www.meta.com/common/ *.fbsbx.com/ www.meta.com/tealium/ *.www.meta.com/tealium/ www.meta.com/payments/ *.www.meta.com/payments/ *.fbthirdpartypixel.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com gw.conversionsapigateway.com https://*.youtube.com;worker-src blob: data: *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2 frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2 frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 2 form-action https: 2 frame-ancestors 'self' www.united-internet-media.de adimg.uimserv.net advideo.uimserv.net 2 frame-ancestors https://*.mintegral.com 2 upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 2 upgrade-insecure-requests; frame-ancestors 'self' https://*.traveloka.com 2 frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 2 default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: https://www.jsctool.com https://jsctool.com https://*.optimizely.com https://secure.pay1.de https://www.img-bahn.de https://cms.static-bahn.de https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://*.bahn.com https://app.crossengage.io https://ucm-eu.verint-cdn.com https://*.go-mpulse.net; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://p11.techlab-cdn.com https://www.jsctool.com https://jsctool.com https://assets.static-bahn.de https://dmp.adform.net https://siteintercept.qualtrics.com https://logx.optimizely.com https://*.optimizely.com https://hcaptcha.com https://*.hcaptcha.com https://collect.tealiumiq.com https://trk-api.crossengage.io https://accounts.bahn.de https://ucm-eu.verint-cdn.com https://hoover-eu.verint-api.com https://*.akstat.io https://*.go-mpulse.net wss://hoover-eu.verint-api.com; frame-src 'self' *.google.com https://cms.static-bahn.de https://secure.pay1.de https://hcaptcha.com https://*.hcaptcha.com https://*.bahn.de https://www.abo-bahn.de https://db.novafind.eu https://kundenkarte-db.mvv-muenchen.de https://transport.novafind.eu https://a791773171.cdn.optimizely.com/ https://nextalert-db.nexterite.eu https://s-bahn-muenchen-live.de https://garantien-formular.cs100.force.com https://accounts.bahn.de https://db-bordgastronomie.de https://ersatzkarte-dbregiobusnord.de https://dbaw.specials-bahn.de https://anreiseservice.specials-bahn.de https://analytics.geops.de https://*.sbahnm.geops.de https://fipo.deutschebahn.com https://kdialog-garantie.cs174.force.com https://regioforce.my.salesforce-sites.com https://www.jugendticket-nds.de https://ketchum.flyingspoon.de https://a1.adform.net https://dbstreckenagent.de https://www.dbstreckenagent.de; frame-ancestors 'self'; style-src 'self' https://fonts.googleapis.com https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https://*.static-bahn.de https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://www.awin1.com https://partner-bahn.de https://cm.g.doubleclick.net https://fcmatch.google.com https://fcmatch.youtube.com https://dmp.adform.net https://cdn.optimizely.com https://*.qualtrics.com https://assets.static-bahn.de https://*.bahn.de https://assets-ri.extranet.deutschebahn.com https://cms.static-bahn.de https://*.akstat.io data:; media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 2 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; manifest-src 'self'; object-src 'none'; report-uri https://tsddev.report-uri.com/r/d/csp/enforced; report-to default; 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com www.yola.com unpkg.com *.yolacdn.net cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net data: blob:;frame-ancestors 'self'; form-action 'self'; 2 frame-ancestors 'self' *.adobe.com *.assets.adobedtm.com 2 frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.corpinter.net https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com https://cdn.jsdelivr.net https://*.mb-lounge.com https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com https://www.kinoheld.de https://mb-prototypes.swhost.in https://*.go-mpulse.net https://*.akstat.io https://my.matterport.com data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 2 frame-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com; 2 frame-ancestors https://*.blackboard.com https://*.anthology.com; 2 frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com https://epaper.ajc.com https://editions.ajc.com https://appnews.ajc.com http://localhost:* https://*.pugpig.com 2 default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://imasdk.googleapis.com https://s0.2mdn.net https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://fonts.googleapis.com; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src *; media-src * data: blob: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 2 connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' https://*.adobemsbasic.com https://*.adobe.com https://*.lingotek.com https://*.nuance.com https://nuance.seismic.com; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com *; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' https://*.contentful.com 2 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snippet.minute.ly/publishers/90700/mi-1.17.1.220.js https://apv-launcher.minute.ly/api/launcher/MIN-90700.js https://plausible.io https://www.googletagservices.com https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://www.gstatic.com/ https://static.smartframe.io https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com https://*.sf-ads.io https://*.sf-insights.io https://*.sf-logs.io;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com ;worker-src blob: 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 2 frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2 default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 2 frame-ancestors 'self' https://classroom.google.com https://*.schoology.com https://*.typing.com;; 2 frame-ancestors https://*.upwave.com 2 default-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net ; script-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net browser-update.org connect.facebook.net *.google.com *.gstatic.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com unpkg.com/web-vitals/ *.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com *.twitter.com *.youtube.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.google.com *.googleapis.com *.typekit.net code.iconify.design 'unsafe-inline' data: ; img-src * data: blob: ; font-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.typekit.net fonts.gstatic.com fonts.googleapis.com ff.static.1001fonts.net db.onlinewebfonts.com data: ; connect-src 'self' boardgamearena.com *.boardgamearena.com:* wss://*.boardgamearena.com:* *.boardgamearena.net wss://*.boardgamearena.net:* *.facebook.com *.google.com *.gstatic.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.paypal.com blob:; frame-src 'self' boardgamearena.com *.boardgamearena.com:* *.slideshare.net *.youtube.com *.youtube-nocookie.com *.dailymotion.com *.trictrac.tv *.trictrac.net melodice.org js.stripe.com *.paypal.com *.twitter.com *.facebook.com *.google.com td.doubleclick.net *.blueorangegames.eu; frame-ancestors 'self' boardgamearena.com ; base-uri 'none' ; report-uri /web/scriptlogger/cspReport.html 2 frame-ancestors 'self' https://app.contentful.com *.saucelabs.com:8000 *.saucelabs.com *.saucelabs.net; 2 frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 2 upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2 base-uri 'self'; frame-ancestors 'self'; 2 frame-ancestors *.american.edu 2 font-src 'self' 2 frame-ancestors 'self' https://*.erp.tu-dresden.de:* https://piwik.mz.tu-dresden.de https://matomo.tu-dresden.de 2 default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.wistia.com http://*.wistia.com *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io https://adobeid-na1.services.adobe.com https://*.adobelogin.com https://auth.services.adobe.com https://delegated.identity.adobe.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com experience.adobe.com js.stripe.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://live-vietnam-ul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.pasapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data: *.adobeaemcloud.com; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: consent.trustarc.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://experience.adobe.com https://fast.wistia.com https://js.stripe.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net https://*.zi-scripts.com/ https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://img.en25.com/ https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 2 frame-ancestors 'self' *.sunrise.ch; frame-src https: mailto:; report-uri https://www.sunrise.ch/csp-collector 2 frame-ancestors 'self' https://landing.weddingwire.com 2 default-src 'self' *.getunleash.io *.list-manage.com *.hsforms.com *.hsforms.net *.hotjar.com *.gstatic.com *.plausible.io *.youtube.com hubspot-forms-static-embed.s3.amazonaws.com; script-src 'report-sample' 'self' 'unsafe-eval' *.calendly.com *.getunleash.io *.hotjar.com *.hsforms.net *.youtube.com *.google.com *.gstatic.com optimize.google.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net snap.licdn.com static.ads-twitter.com *.analytics.google.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com js.hs-banner.com 'unsafe-inline' plausible.io *.lfeeder.com *.clearbitscripts.com *.clearbitjs.com static.reo.dev ipapi.co; style-src 'report-sample' 'self' *.getunleash.io optimize.google.com fonts.googleapis.com 'unsafe-inline' *.calendly.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.getunleash.io *.github.com calendly.com *.google.com *.hotjar.com *.hotjar.io *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com plausible.io api.hubapi.com forms.hubspot.com js.hs-banner.com stats.g.doubleclick.net wss://*.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com *.hscollectedforms.net *.oribi.io *.clearbit.com googleads.g.doubleclick.net *.googlesyndication.com api.reo.dev ipapi.co *.linkedin.com *.algolianet.com *.algolia.net; font-src 'self' fonts.googleapis.com fonts.gstatic.com script.hotjar.com; frame-src app.hubspot.com *.hotjar.com *.youtube.com *.hsforms.com *.hsforms.net *.google.com optimize.google.com *.doubleclick.net calendly.com; img-src 'self' data: *.getunleash.io *.calendly.com *.githubusercontent.com *.linkedin.com *.google.com *.google.pl *.google.no *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.hsforms.com optimize.google.com analytics.twitter.com t.co track.hubspot.com *.hotjar.com *.hsforms.net *.lfeeder.com *.youtube.com *.ytimg.com; manifest-src 'self'; worker-src 'none' 2 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.cloudfront.net *.ngpvan.com *.everyaction.com *.research.net *.tickcounter.com *.smassets.net *.rdmobile.com *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net https://code.jquery.com *.photoshelter.com *.jquery.com blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com *.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.photoshelter.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com *.everyaction.com *.tickcounter.com *.rdmobile.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.everyaction.com *.tickcounter.com *.rdmobile.com *.vimeo.com picsum.photos *.picsum.photos s3.amazonaws.com voicesofaps.gv-one.com *.photoshelter.com; media-src 'self' data: blob: www.youtube.com fast.wistia.net *.vimeo.com voicesofaps.gv-one.com *.photoshelter.com; frame-src 'self' *.facebook.com novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net *.photoshelter.com *.googletagmanager.com; connect-src 'self' *.informz.net *.google-analytics.com polo.feathr.co *.crazyegg.com *.doubleclick.net *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.fontawesome.com *.photoshelter.com *.googletagmanager.com; 2 frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com https://partnerportalalphadev.service-now.com https://hidevidc.service-now.com 2 style-src 'self' 'unsafe-inline' api-maps.yandex.ru fonts.googleapis.com www.youtube.com broker-vb-temp.halykbank.kz; 2 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' http://img.youtube.com 2 default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com maps.google.com *.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-inline' ; media-src 'self' *.avm.de static.zdassets.com *.googleapis.com *.gstatic.com ytimg.com s.ytimg.com blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self' 2 frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https: blob:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data:; media-src https:; media-src https:; style-src 'unsafe-inline' 'self' https:; upgrade-insecure-requests; frame-ancestors 'self' https://*.revolve.com; 2 frame-ancestors 'self' https://*.kinsta.com https://*.kinsta.ninja 2 default-src 'self' 'unsafe-inline' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' mod.calltouch.ru *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com app.cmd-online.ru balancer.voximplant.com ;style-src 'self' 'unsafe-inline' *.jivo.ru app.cmd-online.ru cdn.materialdesignicons.com cdn.jsdelivr.net ;connect-src 'self' 'unsafe-inline' wss: *.yandex.ru mod.calltouch.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net vk.com *.vk.com jivo.ru *.jivo.ru jivo.com *.jivo.com jivosite.com *.jivosite.com clarity.ms *.clarity.ms dashamail.com *.dashamail.com app.cmd-online.ru balancer.voximplant.com ;img-src * data: ;frame-ancestors 'self' *.yandex.ru yandex.ru;frame-src *.yandex.ru yandex.ru yandex.net *.yandex.net yandex.com *.yandex.com yandex.md *.yandex.md yastatic.net *.yastatic.net app.cmd-online.ru;media-src * ;object-src 'none' ; base-uri 'self' ;form-action 'self' ;font-src * ; 2 style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src *; 2 frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com; form-action 'self' *.nypdev.com nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 2 base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.mbiscuit.mbank.pl https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://pagead2.googlesyndication.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'self' data: https://cdn.mbiscuit.mbank.pl https://fonts.gstatic.com https://www.mbank.pl; connect-src 'self' https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.pl https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'self' https://www.mbank.pl; 2 default-src *.hoka.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net d3nocrch4qti4v.cloudfront.net *.arcot.com api.v2.sprocket.bz sprocket-ping.s3.amazonaws.com assets.v2.sprocket.bz assets.sprocket.bz s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net nono-hoka.stage.onelink-translations.com cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarnaevt.com *.klarna.com *.klarnauserservices.com dfp.bouncex.net *.bounceexchange.com pixels.spotify.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com *.datadome.co accretivemedia.go2cloud.org rum.browser-intake-datadoghq.com pixels.spotify.com *.captcha-delivery.com pixel.pub.lilyai.net cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com apay-up-banner.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com js.squareup.com *.squarecdn.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com *.prod.unidays.io *.myunidays.com cdn.unidays.world *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com integrations.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai edge.fullstory.com rs.fullstory.com *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca google.com www.google.com translate.google.com api.fillr.com analytics.tiktok.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org app.midtrans.com *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.klaviyo.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com map9067.zendesk.com pod-15.zendesk.com hokaid.zendesk.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com hokaph.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.smooch.io gladly-production.sinter-collect.com chat-sdk.cdn.gladly.com *.us-1.cdn.gladly.chat *.us-1.gladly.chat chat-assets.cdn.gladly.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net d2lxqodqbpy7c2.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.captcha-delivery.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com ara.paa-reporting-advertising.amazon tr6.snapchat.com tr.snapchat.com pixel-config.reddit.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com hoka.review.eprize.com hoka.promo.eprize.com cdn.attn.tv events.attentivemobile.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com static.rakuten.com fonts.gstatic.com fonts1.unidays.world use.fontawesome.com cdn.ivaws.com static.klaviyo.com *.strut.fit nono-hoka.stage.onelink-translations.com *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net *.medallia.eu www.paypalobjects.com *.kampyle.com; style-src *.hoka.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com integrations.etrusted.com *.klarnacdn.net *.klarnaservices.com ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com static.klaviyo.com nono-hoka.stage.onelink-translations.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com assets.sprocket.bz *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com *.wlp-acs.com *.modirum.com *.arcot.com *.wibmo.com *.americanexpress.com *.cardinalcommerce.com *.nbg.gr *.global-e.com *.swedbank.se *.ing.de static.rakuten.com *.monext.fr *.3dsecure.no *.secure.lcl.fr *.creditmutuel.fr *.sparebank1.no *.edb.com *.3dsecure-csas.cz *.nedsecure.co.za *.secure22gw.ro *.revolut.com *.cardcomplete.com *.sparkasse.at *.acs2-3dsecure.cm-cic.com *.paylife.at *.citadele.lv *.sbanken.no *.citibank.co.in *.sibs.pt *.comdirect.de *.n26.com *.commerzbank.de *.nexigroup.com *.adyen.com *.rabobank.nl *.crqsbiacs.sbi *.rpc-raiffeisen.com *.cic.fr *.secure.dkb.de *.eewosecure.com *.secure5gw.ro *.esecure.sia.eu *.sparda.de *.fio.cz *.bunq.com *.firstdata.de *.bankmillennium.pl *.americanexpress.com.sa *.nexi.it *.gpesecure.com *.otpbank.hu *.icicibank.com *.pluscard.de *.apata.io *.redsys.es *.luminorgroup.com *.rietumu.lv *.luottokunta.fi *.rsa3dsauth.co.uk *.vinea.es *.sebkort.com *.bezpecneplatby.rb.cz *.abanca.com *.secure2gw.ro *.mercurypaymentservices.it *.securesuite.co.uk *.3dsecure-vrp.de *.slsp.sk *.moneta.cz *.borica.bg *.asseco-see.hr *.sparkassen-kreditkarten.de *.monzo.com *.mycardplace.com *.3dsecure.ing.ro *.marqeta.com *.zetacipher.io *.maybank.com.my *.mbank.cz; media-src *.hoka.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com cdn8.forter.com chat-sdk.cdn.gladly.com cdn.gladly.com media.cdn.gladly.com; worker-src *.hoka.com blob: *.osano.com; child-src *.hoka.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com chat-sdk.cdn.gladly.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.securesuite.co.uk sg-3ds-vdm.wlp-acs.com *.rsa3dsauth.co.uk verify.monzo.com 3ds.redsys.es *.klarna.com *.klarnaservices.com *.wlp-acs.com acs2-3dsecure.cic.fr *.cardinalcommerce.com 3ds.nexigroup.com 3dspayment.paylife.at tdschmut.monext.fr *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com cdn.dynamicyield.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.arcot.com assets.v2.sprocket.bz *.datadome.co *.captcha-delivery.com *.studentbeans.com pci-connect.squareup.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com tr6.snapchat.com connect.facebook.net sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com hoka.promo.eprize.com hoka.review.eprize.com d.emails.teva.com creatives.attn.tv cdn.attn.tv *.artlabs.ai *.medallia.eu app.midtrans.com app.collectivevoice.com *.kampyle.com; report-uri https://www.hoka.com/_/csp-reports 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com ui.powerreviews.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com blob: p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 2 frame-ancestors https://webvisor.com http://webvisor.com https://*.webvisor.com http://*.webvisor.com https://live.ratelook.org https://www.letu.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://mc.yandex.ru 2 frame-ancestors 'self' commander.weatherops.com 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * blob: 'unsafe-inline'; font-src * data:; frame-src *; style-src * 'unsafe-inline'; frame-ancestors https://*.fluke.com; object-src 'none'; 2 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' http: data: *.cdnpandadoc.com; connect-src 'self' http:; font-src 'self' 'unsafe-inline' http: data:; media-src 'self' https: blob:; frame-ancestors 'self' app.hubspot.com 2 frame-ancestors 'self' *.shangri-la.com facebook.com *.facebook.com 2 upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.facebook.net *.googleapis.com *.googletagmanager.com *.bing.com *.virtualearth.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.flockler.com *.flockler.systems *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.facebook.net *.linkedin.com *.flockler.com *.flockler.app *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 2 default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 2 frame-ancestors 'self' https://*.unige.it 2 frame-ancestors 'self' http://turan.urw.com/ https://turan-web.preprod.cloud.coreoz.com/ https://turan-web2.preprod.cloud.coreoz.com/ https://apollo.int.coreoz.com/world https://prod.id.westfield.com/ https://id.westfield.com/ https://turan-v2.urw.com/ https://turan-web3.preprod.cloud.coreoz.com/ https://unibail-turan-web.int.coreoz.com/ 2 frame-ancestors 'self' *.3sharecorp.com https://corpextdev.b2clogin.com https://corpsso.b2clogin.com https://staging.comfortsite.com https://nva-av-tkweb1pr https://igrawsndc012r:10446 https://elibrary.tranetechnologies.com/ 2 default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com snap.licdn.com; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com *.akamaihd.net px.ads.linkedin.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net; font-src 'self' data: *.hsbc.com.hk *.gstatic.com fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2 frame-ancestors 'self' https://*.salliemae.com https://*.sallie.com 2 base-uri 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.conetix.com.au https://info.conetix.com https://www.google-analytics.com https://ekr.zdassets.com https://i.clarity.ms https://conetix.zendesk.com https://ekr.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://m.addthis.com https://api-public.addthis.com https://*.clarity.ms https://conetix.sendsafely.com https://static-conetix.sendsafely.com https://conetix.sendsafely-au.com https://connect.facebook.net https://graph.facebook.com/ https://analytics.google.com wss://pod-25.zendesk.com 2 default-src 'none'; media-src *; font-src 'self' *.typekit.net *.cloudfront.net fonts.gstatic.com data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' substackapi.com boards.greenhouse.io cdn.jsdelivr.net cdn.optimizely.com *.parsely.com connect.facebook.net info.a16z.com munchkin.marketo.net plausible.io px.ads.linkedin.com snap.licdn.com static.ads-twitter.com www.youtube.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com a16z.com blob:; style-src 'unsafe-inline' *.typekit.net fonts.googleapis.com info.a16z.com a16z.com; connect-src *; frame-src 'self' *.loom.com *.cdn.optimizely.com *.simplecast.com gamma.app boards.greenhouse.io www.youtube.com info.a16z.com; base-uri 'none'; form-action 'self' info.a16z.com; frame-ancestors 'self' 2 frame-ancestors 'self' https://mobile.southwest.com https://www.southwest.com https://www.swabiz.com; 2 frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 2 frame-ancestors 'self' https://*.procaresoftware.com; 2 frame-ancestors https://*.kennesaw.edu; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 default-src * 'unsafe-inline' 'unsafe-eval' data:;img-src * 'unsafe-inline' 'unsafe-eval' 'self' data:;worker-src blob:; 2 frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 2 default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data: wss: blob: 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 2 default-src self cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com www.googletagmanager.com js.hsforms.net *.hsforms.com js.hs-scripts.com js.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io static.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.contentful.com ws: blob:; script-src self cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com www.googletagmanager.com js.hsforms.net *.hsforms.com js.hs-scripts.com js.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io static.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.contentful.com 'unsafe-eval' 'unsafe-inline' ws: blob:; style-src self *.myob.com *.myobdev.com *.wistia.com *.survicate.com 'unsafe-inline' ws: blob:; img-src self *.myob.com *.myobdev.com *.wistia.com images.ctfassets.net data: https: ws: blob:; font-src self *.myob.com *.myobdev.com *.wistia.com *.survicate.com data:; frame-src *; frame-ancestors *; upgrade-insecure-requests; 2 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com www.googleadservices.com *.googletagmanager.com tagmanager.google.com www.google.com googleads.g.doubleclick.net bat.bing.com static.profity.ch siteintercept.qualtrics.com *.siteintercept.qualtrics.com *.teads.tv; style-src 'self' 'unsafe-inline' blob: *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com tagmanager.google.com cdn.fonts.net; child-src 'self' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com *.youtube.com pay.sandbox.datatrans.com pay.datatrans.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com migroscx.qualtrics.com *.teads.tv; connect-src 'self' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com www-leshop-ch-cld-res.cloudinary.com res.cloudinary.com *.contentful.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com s.qualtrics.com https://browser-intake-datadoghq.eu *.teads.tv https://cdn-eu.configcat.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://region1.google-analytics.com/g/collect https://stats.g.doubleclick.net/g/collect https://www.google-analytics.com/g/collect https://www.googletagmanager.com https://pagead2.googlesyndication.com https://adservice.google.com www.googleadservices.com; default-src 'self'; font-src 'self' *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com fonts.gstatic.com cdn.fonts.net; img-src 'self' data: blob: *.migros.ch cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com *.googleapis.com www.googleadservices.com *.googletagmanager.com *.gstatic.com profity.ch *.profity.ch *.xcampaign.ch migros-test.rokka.io migros-coupons-test.rokka.io *.google.com googleads.g.doubleclick.net ad.doubleclick.net www-leshop-ch-cld-res.cloudinary.com res.cloudinary.com bat.bing.com images.ctfassets.net siteintercept.qualtrics.com *.teads.tv adservice.google.ch www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://www.google.com.tr/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.at/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.pt/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.li/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.hr/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.com.lb/ads/ga-audiences https://www.google.rs/ads/ga-audiences; 2 frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-analytics.net *.hs-banner.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.wistia.com *.wistia.net *.sentry-cdn.com vercel.live *.bing.com *.dreamdata.cloud *.redditstatic.com *.hotjar.com *.quora.com *.marketlinc.com *.techtarget.com *.adsrvr.org *.radiateb2b.com *.g2crowd.com *.amazonaws.com *.qualified.com wss://*.qualified.com wss://*.hotjar.com *.6sc.co *.6sense.com *.gstatic.com *.radiateb2b.net *.hsappstatic.net *.hubspot.com *.jsdelivr.net api.marketing.staging.next.sc https://cdnjs.cloudflare.com https://js.hsadspixel.net https://snap.licdn.com https://connect.facebook.net http://js.hs-scripts.com https://js.hs-scripts.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; style-src 'self' 'unsafe-inline' cdn2.hubspot.net vercel.live *.jsdelivr.net fast.wistia.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: blob: https: *.jsdelivr.net fast.wistia.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com; font-src 'self' https://fonts.gstatic.com *.wistia.com https://cdnjs.cloudflare.com data:; connect-src 'self' api.ipify.org https://cdnjs.cloudflare.com *.hscollectedforms.net *.hubapi.com *.hs-banner.com *.hsforms.com *.hubspot.com *.wistia.com ws-us3.pusher.com *.techtarget.com *.reddit.com *.redditstatic.com *.qualified.js *.qualified.com *.hs-scripts.com *.dreamdata.cloud *.hotjar.com *.hotjar.io *.g2crowd.com *.radiateb2b.net *.pusher.com wss://*.pusher.com *.marketlinc.com *.sentry.io wss://*.qualified.com wss://*.hotjar.com *.6sc.co *.6sense.com *.litix.io *.jsdelivr.net www.facebook.com api.marketing.staging.next.sc api.corp.screencloud.com api.apollo.io api.eu.lever.co api.us.lever.co *.wistia.net https://px.ads.linkedin.com/ https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com; frame-src 'self' https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com vercel.live *.adsrvr.org *.qualified.com *.radiateb2b.net *.google.com fast.wistia.net www.google.com www.g2.com https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://td.doubleclick.net; object-src data: https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self' *.hsforms.com *.radiateb2b.net; frame-ancestors; upgrade-insecure-requests; child-src 'self' *.hsforms.com 2 default-src 'self' s3-eu-west-1.amazonaws.com in.hotjar.com s7g10.scene7.com static-jmpovh.hyperlab.pl maps.googleapis.com analytics.tiktok.com popups.landingi.com stats.landingi.com region1.google-analytics.com vc.hotjar.io lightboxes.landingi.com tagmanager.landingi.io app.push-ad.com www.google-analytics.com geolocation.onetrust.com stats.g.doubleclick.net api3.push-ad.com ct.pinterest.com app2.push-api.pl track.push-ad.com cdn.cookielaw.org static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net tr.snapchat.com dmp.push-api.pl ams.creativecdn.com jmp-privacy.my.onetrust.com cdn.jsdelivr.net tr6.snapchat.com *.crazyegg.com; script-src 'self' data: http: https: 'unsafe-inline' 'unsafe-eval' s7g10.scene7.com cdn-jmpovh.hyperlab.pl static-jmpovh.hyperlab.pl maps.googleapis.com code.jquery.com www.youtube.com lf16-tiktok-web.ttwstatic.com www.tiktok.com s3-eu-west-1.amazonaws.com stats.landingi.com old.assets-landingi.com assetslp.link popups.landingi.com scripts.assets-landingi.com ucarecdn.com script.hotjar.com app.push-ad.com analytics.tiktok.com acdn.adnxs.com code.createjs.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl connect.facebook.net www.googletagmanager.com biedronka.push-ad.com myao.adocean.pl cdn.cookielaw.org www.google.com www.gstatic.com www.google-analytics.com s.pinimg.com static.hotjar.com googleads.g.doubleclick.net sc-static.net tr.snapchat.com landingistats.com tags.creativecdn.com ams.creativecdn.com ssl.p.jwpcdn.com cdn.jsdelivr.net sf16-website-login.neutral.ttwstatic.com *.crazyegg.com; style-src 'self' 'unsafe-inline' s7g10.scene7.com static-jmpovh.hyperlab.pl p.typekit.net use.typekit.net lf16-tiktok-web.ttwstatic.com s3-eu-west-1.amazonaws.com styles.assets-landingi.com api3.push-ad.com app2.push-api.pl app.push-ad.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl fonts.googleapis.com www.googletagmanager.com *.crazyegg.com; font-src 'self' data: static-jmpovh.hyperlab.pl use.typekit.net s3-eu-west-1.amazonaws.com styles.assets-landingi.com fonts.assets-landingi.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl fonts.gstatic.com; img-src 'self' data: http: https: cdn.biedronka.pl s7g10.scene7.com cdn-jmpovh.hyperlab.pl static-jmpovh.hyperlab.pl maps.googleapis.com maps.gstatic.com pl-gmtdmp.mookie1.com icons.assets-landingi.com www.facebook.com ib.adnxs.com cdn.lugc.link images.assets-landingi.com s3-eu-west-1.amazonaws.com app.push-api.pl www.google-analytics.com www.google.pl www.google.com ct.pinterest.com static.biedronka.local static-wwwbiedronkapl-dev-php56.hyperlab.pl static.biedronka.pl secure.adnxs.com cdn2-wwwbiedronkapl-dev-php56.hyperlab.pl cdn.biedronka.pl cdn2.biedronka.pl cdn.cookielaw.org www.googletagmanager.com *.crazyegg.com; frame-src 'self' data: http: https: www.tiktok.com www.youtube.com landingipopups.com creativecdn.com ct.pinterest.com biedronka.push-ad.com www.google.com tr.snapchat.com td.doubleclick.net ams.creativecdn.com www.instagram.com *.crazyegg.com www.googletagmanager.com; connect-src 'self' data: http: https: wss: *.crazyegg.com ws.hotjar.com; worker-src 'self' data: http: https: blob: *.crazyegg.com; 2 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://js.zi-scripts.com/zi-tag.js *.mutinycdn.com https://www.clarity.ms https://j.6sc.co/j/81ad4853-7699-4145-be50-4c0e963c8034.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com * *.mutinycdn.com; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com * *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com; report-uri /report-csp-violation 2 default-src 'self' undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* blob: undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com/ https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://cdn.jotfor.ms https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 2 default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://*.facebook.com; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/ https://*.typekit.net/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/ https://fpf.org/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com https://*.eventbrite.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/ https://*.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/ https://*.eventbrite.com/; block-all-mixed-content; 2 frame-ancestors 'self' https://commerceinsights.ibmcloud.com 2 frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com ; 2 default-src 'self'; connect-src 'self' blob: https://api.prod.legislation.gov.au/ https://www.legislation.gov.au/; font-src 'self'; frame-src 'self' blob: https://www.legislation.gov.au/; img-src 'self' data: https://www.googletagmanager.com https://www.legislation.gov.au/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.legislation.gov.au/; style-src 'self' 'unsafe-inline' https://www.legislation.gov.au/; 2 default-src 'self' https://edgestatic.azureedge.net https://*.microsoft.com; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.aspnetcdn.com https://az725175.vo.msecnd.net https://*.microsoft.com https://mem.gfx.ms https://edgestatic.azureedge.net https://js.monitor.azure.com https://mwf-service.akamaized.net https://*.clarity.ms https://*.bing.com http://*.bing.com https://*.adnxs.com https://connect.facebook.net https://snap.licdn.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net https://edgestatic.azureedge.net; font-src 'self' data: https://*.microsoft.com http://c.s-microsoft.com https://c.s-microsoft.com https://edgestatic.azureedge.net; connect-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.bing.com https://*.clarity.ms https://js.monitor.azure.com https://edgestatic.azureedge.net https://consentreceiverfd-prod.azurefd.net https://cdn.linkedin.oribi.io https://*.linkedin.com https://boost.mediation.trafficmanager.net https://*.adnxs.com; frame-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.msn.com https://*.msn.cn https://*.bing.com https://www.youtube-nocookie.com https://microsoft-store-10748068.azurewebsites.net; frame-ancestors 'self' https://*.microsoft.com https://*.bing.com chrome-untrusted://dual-search; img-src * data:; media-src 'self' https://edgestatic.azureedge.net 2 frame-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com https://sailpoint2016.wpengine.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://business-plus-demo.vercel.app/ https://business-demo-bay.vercel.app/ https://all-demos-sigma.vercel.app/ https://player.vimeo.com/ https://challenges.cloudflare.com/ https://api.intellimize.co/ *.intellimizeio.com/ https://pixel.mathtag.com/ https://www.youtube.com https://play.vidyard.com *.google.com *.facebook.com https://js.driftt.com/ https://www.googleadservices.com/ https://www.youtube-nocookie.com/ https://s7.addthis.com/ https://drift-lp-49916850.drift.click/ https://bid.g.doubleclick.net/ https://w.soundcloud.com/ https://vars.hotjar.com/ https://vars.hotjar.io/ https://static.hotjar.com https://static.hotjar.io https://app.smartsheet.com/ https://bugcrowd.com/ https://8495553.fls.doubleclick.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://td.doubleclick.net/; style-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com https://platform.twitter.com/ https://sailpoint2016.wpengine.com *.twimg.com/ https://code.jquery.com https://c.bing.com https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css https://play.vidyard.com https://fonts.googleapis.com 'unsafe-inline'; script-src *.sailpoint.com blob: https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.gartner.com *.cloudflare.com/ https://sailpoint2016.wpengine.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.zi-scripts.com/ https://cdn.intellimize.co/ https://tags.clickagy.com/data.js *.zoominfo.com https://cdn.ampproject.org/ https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/ https://ib.adnxs.com/ https://tr.outbrain.com/ https://cdn.smartnews-ads.com/ https://pixel.mathtag.com/ https://pixel.advertising.com/ https://amplify.outbrain.com/ https://cnt.ads.8card.net/ https://cdn.syndication.twimg.com/ https://googleads.g.doubleclick.net https://platform.twitter.com https://api.swiftype.com https://code.jquery.com https://code.createjs.com https://www.amcharts.com https://cdn.amcharts.com/ https://connect.facebook.net/ https://j.6sc.co/ https://trk.techtarget.com/ https://googleadservices.com https://www.googleadservices.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://script.hotjar.com https://script.hotjar.io https://play.vidyard.com https://static.hotjar.com/ https://static.hotjar.io https://lltrck.com/scripts/ https://js.driftt.com/ https://snap.licdn.com/ https://ws.zoominfo.com/ https://bat.bing.com/ https://cdn.cookielaw.org/ http://munchkin.marketo.net/ https://munchkin.marketo.net/ https://d.adroll.com/ https://static.cloudflareinsights.com/beacon.min.js/ *.clarity.ms/ https://instant.page/3.0.0 https://cdn.jsdelivr.net/ https://www.googletagmanager.com/gtm.js https://client.prod.mplat-ppcprotect.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ *.twimg.com/ https://sailpoint2016.wpengine.com *.gartner.com https://cnv.event.prod.bidr.io/ https://www.google-analytics.com https://sailpoint-digital-marketing.imgix.net/ https://cdn.cookielaw.org/ https://conversionadvocates.com/ https://www.linkedin.com/ https://t.6sc.co/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://x.bidswitch.net/ https://cm.g.doubleclick.net/ https://image2.pubmatic.com/ https://beacon.krxd.net/ https://idsync.rlcdn.com/ https://www.googletagmanager.com/ https://pixel.mathtag.com/ https://dsum-sec.casalemedia.com/ https://i.smartnews-ads.com/ https://tr.outbrain.com/ https://sync.taboola.com https://sync.outbrain.com/ https://ads.yahoo.com *.twitter.com https://apt.techtarget.com/ https://dpm.demdex.net/ *.google.com/ https://googleads.g.doubleclick.net https://us-u.openx.net/ https://stags.bluekai.com/ https://www.facebook.com https://io.narrative.io/ https://p.adsymptotic.com/ https://pixel.rubiconproject.com/ https://secure.gravatar.com https://c.bing.com/ *.clarity.ms/ https://lltrck.com/ https://b.6sc.co/ https://bat.bing.com/ https://d.adroll.com https://px.ads.linkedin.com/ https://cdn.vidyard.com/ https://play.vidyard.com https://cdn.sanity.io/ https://ad.ipredictive.com/; font-src *.sailpoint.com https://sp-next-sanity.vercel.app/ https://sp-next-sanity-git-main-sail-point-dev-team.vercel.app/ https://sailpoint2016.wpengine.com https://fonts.gstatic.com https://cdn.cookielaw.org;frame-ancestors 'self' https://sailpoint2016.wpengine.com; 2 frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 2 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'none'; connect-src 'self' ipleak.net:* *.ipleak.net:* ipleak.net *.ipleak.net; font-src 'self'; frame-src 'self' *.google.com; img-src 'self' data:; script-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'self' 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob: https://service.force.com https://*.my.salesforce.com https://*.salesforceliveagent.com/ https://widget.tripgo.com;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com https://service.force.com https://widget.tripgo.com;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com https://resources.tripgo.com;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://accounts.google.com https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://timetables-embed.nxbus.co.uk https://www.nationalexpress.com https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com https://service.force.com https://*.my.salesforce.com;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com data:;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com https://api.tripgo.com https://api.geocode.earth;frame-ancestors 'self' https://www.facebook.com 2 default-src 'none'; script-src 'self' 'unsafe-inline' code.etracker.com www.etracker.de default.signalize.com api.signalize.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com; img-src 'self' data: api.signalize.com cdn.signalize.com i.ytimg.com www.googletagmanager.com www.google.com www.google.de googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' api.signalize.com; font-src 'self' data: api.signalize.com; connect-src 'self' www.etracker.de api.signalize.com www.googletagmanager.com adservice.google.com www.googleadservices.com; frame-src 'self' www.youtube-nocookie.com td.doubleclick.net; form-action 'self'; base-uri 'self'; media-src 'self'; frame-ancestors https://newapp.etracker.com; 2 frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 2 default-src data: https: blob: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 2 default-src 'self'; script-src 'report-sample' 'self' https://www.googleadservices.com https://www.googletagmanager.com https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://analytics.google.com https://remittance-service.pvt-cx.gw.staging.teamdisplayed.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://td.doubleclick.net/ https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://www.google.com/pagead https://googleads.g.doubleclick.net https://www.google.com.pk https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 2 frame-ancestors 'none'; report-uri /system/csp_reports 2 frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 2 frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2 rame-ancestors 'self' https://*.yahooinc.com 2 default-src 'none'; form-action 'self' 'report-sample' https://phpmyadmin.adm.tools https://phpmyadmin.mysql.network https://ua.team; child-src 'self'; frame-src 'self' 'report-sample' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://apis.google.com https://accounts.google.com https://www.google.com https://js.stripe.com https://play.google.com https://pay.google.com; script-src-attr 'report-sample' 'unsafe-inline'; script-src 'self' 'report-sample' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://js.stripe.com https://play.google.com https://pay.google.com 'unsafe-inline'; img-src 'self' 'report-sample' blob: data: https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://*.google.com https://*.google.ru https://*.google.es https://*.google.fr https://*.google.nl https://*.google.kz https://*.google.by https://*.google.de https://*.google.pl https://*.google.ae https://*.google.md https://*.google.ca https://*.google.hu https://*.google.com.ua https://*.google.com.tr https://*.google.co.uk https://*.google.at https://*.google.az https://*.google.jo https://*.google.be https://*.google.it https://*.google.com.cy https://*.google.com.ph https://*.google.kz https://*.google.co.uz https://*.google.dk https://*.google.se https://*.googleapis.com https://analytics.google.com https://www.google-analytics.com https://cdn.adm.tools/ https://storage.adm.tools/ https://billing.adm.tools/ https://cdn.webmail.online/ https://cdn.u.ua/ https://opendata.cdn.express/ https://staff.cdn.express/ https://www.gravatar.com https://cdn.u.ua; connect-src 'self' 'report-sample' http://localhost:3000 ws://localhost:3000 https://socket.ua.team wss://socket.ua.team https://emi.webmail.online wss://emi.webmail.online wss://ctl.adm.tools https://tools.adm.tools wss://tools.adm.tools wss://staff.adm.tools wss://emi.adm.tools wss://cmd.adm.tools https://cmd.adm.tools wss://ssh.adm.tools https://ssh.adm.tools wss://chat.adm.tools https://chat.adm.tools https://cam.ukraine.com.ua https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools https://www.facebook.com https://accounts.google.com https://*.stripe.com https://play.google.com https://pay.google.com https://google.com https://cdn.jsdelivr.net https://*.default-host.net https://sentry.adm.tools https://cdn.adm.tools/ https://cdn.u.ua; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; media-src 'self' 'report-sample' 'unsafe-inline' blob: https://cam.ukraine.com.ua https://staff.cdn.express/ https://storage.adm.tools/ https://cdn.u.ua; manifest-src 'self'; worker-src 'self' blob:; report-uri https://sentry.adm.tools/api/8/security/?sentry_key=05c167ddbc674f3da4da07b891f0bdec; 2 frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https:; style-src * 'self' 'unsafe-inline' https: 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru cdn.otclick-adv.ru *.exist.ru *.exist.parts telegram.org storage.yandexcloud.net www.sravni.ru cdn.jsdelivr.net; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru cdn.otclick-adv.ru www.sravni.ru storage.yandexcloud.net; 2 default-src 'self' 'unsafe-inline' *; img-src data: * ; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.azureedge.net https://*.dynamics.com; 2 default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 2 default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 2 upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn *.nhhotels.com.cn *.telerain.com:* 2 frame-ancestors 'self' https://web.telegram.org 2 upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.api.bazaarvoice.com *.bazaarvoice.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.liadm.com *.mag.bazaarvoice.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.truefitcorp.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com *.global-e.com *.bglobale.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay *.kaptcha.com x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com prf.hn form.jotform.com/241913106756052 cdn.jotfor.ms/s/umd/latest/for-form-embed-handler.js *.awin1.com *.zenaps.com https://www.dwin1.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com access.myunidays.com images.unidays.world *.myunidays.com *.unidays.world *.prod.unidays.io https://flo.uri.sh/visualisation/* https://public.flourish.studio/resources/* *.attentivemobile.com *.attn.tv https://clarks.attn.tv/* *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com *.klarnacdn.net *.unidays.world; frame-ancestors 'self'; upgrade-insecure-requests ; 2 frame-ancestors 'self' *.thalesgroup.com 2 frame-ancestors 'self' *.applytojob.com 2 frame-ancestors 'self' https://app.storyblok.com https://*.storyblok.com https://*.storyblok.com https://*.saleshood.com *.saleshood.com https://*.navattic.com 2 default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 2 connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' *.dev.wdr.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://www.google-analytics.com https://www.googleanalytics.com https://*.outbrain.com https://snap.licdn.com https://assets.apollo.io https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://apollo.io https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://js.hscta.net https://js-eu1.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com https://*.omappapi.com https://widget.manychat.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.addsearch.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleoptimize.com https://*.omappapi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' https: data: blob:; connect-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://px.ads.linkedin.com https://px.ads.linkedin.com https://aplo-evnt.com https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://api.hubapi.com https://*.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://*.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.omappapi.com https://app.vwo.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://www.google.com https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://*.outbrain.com https://td.doubleclick.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com https://apollo.io https://s-eu1.hscta.net https://no-cache.hubspot.com https://*.hs-sites-eu1.com https://*.hs-sites.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://v3.lenna.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https: blob: data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; connect-src 'self' https://cms.cybiteam.id https://api.cbn.roketin.xyz https://cms.cbn.roketin.xyz https://api-crm.cybiteam.id https://cbn.speedtestcustom.com https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://v3.lenna.ai https://app.lenna.ai https://cms.lenna.ai https://lenna.ai; frame-src 'self' https://cbn.speedtestcustom.com; upgrade-insecure-requests; 2 child-src blob:;connect-src 'self' https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com https://employerbrand.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.algolia.io *.facebook.com *.sentry.io activity.wisepops.com accounts.google.com popup.wisepops.com tracking.wisepops.com notifications.wisepops.com app.getwisp.co wisepops.net backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ip2c.org autocomplete.search.hereapi.com lookup.search.hereapi.com revgeocode.search.hereapi.com geocode.search.hereapi.com *.batch.com *.axept.io *.contentsquare.net http://cypress.preprod.wttj.tech/zafoh2ie/ae3 api.maze.co prompts.maze.co region1.analytics.google.com stats.g.doubleclick.net cdn.growthbook.io growthbook-proxy.production.wttj.team data.debugbear.com;default-src 'none';font-src cdn.welcometothejungle.com cdn.welcometothejungle.com cdn.welcome-ui.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io snippet.maze.co;form-action 'self' www.facebook.com;frame-ancestors none;frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.youtube-nocookie.com www.dailymotion.com www.facebook.com connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com vars.hotjar.com *.axept.io form.typeform.com www.google.com;img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com static.hotjar.com *.axept.io *.contentsquare.net cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net snippet.maze.co;media-src cdn.welcometothejungle.com;script-src 'unsafe-inline' cdn.welcometothejungle.com platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com www.youtube-nocookie.com *.ytimg.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net optimize.google.com app.getbeamer.com realtime.getbeamer.com backend.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com accounts.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com *.axept.io cdn.goldenbees.fr tag.goldenbees.fr t.contentsquare.net app.contentsquare.com embed.typeform.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/ snippet.maze.co acdn.adnxs.com cdn.debugbear.com data.debugbear.com;style-src 'unsafe-inline' cdn.welcometothejungle.com tagmanager.google.com fonts.googleapis.com optimize.google.com accounts.google.com app.getbeamer.com *.axept.io embed.typeform.com snippet.maze.co static.hotjar.com script.hotjar.com assets-cdn.maze.co;upgrade-insecure-requests;worker-src 'self' blob: 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 2 frame-ancestors 'self' https://webvisor.com 2 frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: data: https: blob:; 2 default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google.com *.google-analytics.com ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 2 frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 2 frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com 2 frame-ancestors http://www.ironplanet.com https://www.ironplanet.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.g2crowd.com https://*.site.com https://*.salesforce-sites.com https://cdn.cookielaw.org https://*.onetrust.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://*.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com; style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com; 2 default-src * 'unsafe-inline' data:; img-src * 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com *.freshchat.com *.btttag.com *.euc-freshbots.ai *.trustpilot.com *.cookielaw.org *.worldline-solutions.com https://embed.typeform.com/next/embed.js https://tgtag.io *.bing.com *.clarity.ms *.tiktok.com https://www.awin1.com *.reflow.tv; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.freshchat.com *.euc-freshbots.ai *.typeform.com *.typekit.net; font-src 'self' data: *.googleapis.com *.adyen.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com *.bootstrapcdn.com *.typekit.net; object-src 'self' *.adyen.com; frame-src 'self' data: *.facebook.com https://platform.twitter.com *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com *.freshchat.com *.euc-freshbots.ai *.trustpilot.com *.cardinalcommerce.com *.braintreegateway.com *.braintree-api.com *.rsa3dsauth.co.uk *.arcot.com *.mycardsecure.com *.monzo.com *.capitalone.com *.touch.tech *.wibmo.com *.mncbank.co.id *.typeform.com *.revolut.com *.sparkassen-kreditkarten.de *.swedbank.se *.wlp-acs.com *.rabobank.nl *.tsys.co.uk *.marqeta.com *.viseca.ch *.apata.io *.redsys.es *.edb.com *.asseco-see.hr *.mashreq.com *.cm-cic.com *.monext.fr *.garanti.com.tr; form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 2 frame-ancestors 'self' *.authorize.net 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.convertexperiments.com https://cdn.attn.tv https://www.dropbox.com https://edge.fullstory.com https://rs.fullstory.com/rec/integrations https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.paypal.com/sdk/js https://www.paypalobjects.com https://*.newrelic.com https://*.nr-data.net https://www.paypal.com/tagmanager/pptm.js; style-src 'self' 'unsafe-inline' https://*.typekit.net; img-src * data:; font-src 'self' https://*.typekit.net https://*.hotjar.com; connect-src 'self' https://*.drivethrurpg.com https://api.drivethrurpg.com https://*.attn.tv https://events.attentivemobile.com https://www.dropbox.com/s/ https://*.dl.dropboxusercontent.com/ https://logs.convertexperiments.com/log https://*.metrics.convertexperiments.com https://api.dropboxapi.com https://edge.fullstory.com https://rs.fullstory.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.paypal.com/sdk/js https://*.paypal.com/xoplatform/logger/api/logger https://*.cloudfront.net https://*.nr-data.net https://*.newrelic.com; media-src *; object-src 'none'; child-src 'self' https://*.drivethrurpg.com https://*.attn.tv https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://vars.hotjar.com https://*.cloudfront.net https://www.dropbox.com https://*.dl.dropboxusercontent.com/ https://*.youtube.com https://assets.braintreegateway.com https://*.paypal.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.drivethrurpg.com; report-uri https://api.drivethrurpg.com/rpc/vBeta/feedback/csp_report; report-to csp-reports-endpoint 2 img-src 'self' data: https:; 2 frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src *; 2 frame-src 'self' ms-windows-store: get.microsoft.com https: data:; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 2 object-src 'none'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/system/reporting/default; report-to default 2 style-src 'unsafe-inline' https://*.sitecore.com;base-uri 'self';connect-src https://*.6sc.co https://*.6sense.com https://*.adnxs.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://api.ipify.org https://px.ads.linkedin.com https://*.bing.com wss://ws.qualified.com https://*.quantcount.com https://*.salesloft.com https://*.sitecore.com https://*.sitecorecloud.io;default-src data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;font-src https://*.sitecore.com;frame-src https://*.google.com https://td.doubleclick.net https://capture.navattic.com https://app.qualified.com https://*.sitecore.com https://*.sitecorecontenthub.cloud;img-src https://*.6sc.co https://www.googletagmanager.com https://*.google.com https://*.google.ca https://*.google.co.uk https://googleads.g.doubleclick.net https://*.google-analytics.com https://px.ads.linkedin.com https://*.bing.com https://*.quantserve.com https://*.sitecore.com https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud https://*.force.com https://wwwsitecorecom.azureedge.net;media-src https://app.qualified.com https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sitecore.com http://localhost http://*.6sc.co https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.recaptcha.net https://*.gstatic.cn https://*.gstatic.com https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://d35vb5cccm4xzp.cloudfront.net https://*.bing.com https://*.quantserve.com https://*.quantcount.com;style-src-attr 'unsafe-inline' https://*.sitecore.com; 2 default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://eoy-appeal-2024-2.raisely.com/ https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://*.qualtrics.com/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://prod-donation-form.vercel.app/ https://beyondblue-npsp.my.salesforce-sites.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/ https://prod-donation-form.vercel.app/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/; frame-ancestors 'self' https://beyondblue-npsp.my.salesforce-sites.com/; 2 frame-ancestors 'self' https://*.elal.com https://elal.clearmash.com https://experience.adobe.com https://*.amadeus.com; 2 worker-src blob: https://*.georgeson.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com https://bat.bing.com https://gateway.zscloud.net;connect-src https://www.googletagmanager.com https://www.google-analytics.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io https://siteintercept.qualtrics.com https://rules.quantcount.com https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com https://px.ads.linkedin.com https://content-images.computershare.com;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.adsrvr.org https://*.crazyegg.com https://secure.adnxs.com https://bat.bing.com https://bs.serving-sys.com https://gateway.zscloud.net;frame-src https://bc-unclaimedassets-uat.computershare.co.uk https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://8305233.fls.doubleclick.net https://www.canva.com https://*.crazyegg.com https://go.computershare-loan-services.com https://www.youtube-nocookie.com https://gateway.zscloud.net; 2 object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://serve.nrich.ai https://tag.nrich.ai https://tag.unifyintent.com https://cdn.dreamdata.cloud https://js.partnerstack.com https://cdn.jsdelivr.net/npm/chart.js; 2 frame-ancestors 'self' https://*.autoalert.com https://service.force.com https://whatfix.com https://cdn.whatfix.com https://addons.whatfix.com https://events.whatfix.com https://videos.whatfix.com 2 default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 2 frame-ancestors https://app.contentstack.com/; 2 default-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.assets.schwarz https://*.batch.com https://*.bing.com https://*.cliplister.com https://*.cookiebot.com https://*.creativecdn.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://mycliplister.com https://*.mycliplister.com https://*.peakprotect.com https://*.pingdom.net https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kelkoogroup.net https://s.kk-resources.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.be https://www.google.com https://www.google.cz https://www.google.nl https://www.google.pl https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://*.scon.schwarz 'unsafe-inline' https://*.adyen.com data: https://csp.cre.lidl-shop.com; frame-src 'self' https://*.facebook.com https://*.facebook.net https://*.cookiebot.com https://*.creativecdn.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.pingdom.net https://balancechecks.tx-gate.com https://bidswitch.net https://creativecdn.com https://form.lidl.com https://forms-prod.enc-test.de/ https://ldl.viewer.cit-fusion.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube-nocookie.com https://*.youtube.com https://www.googletagmanager.com https://www.lidl-gewinnspiel.de https://www.youtube.com 'unsafe-inline' https://*.adyen.com https://www.needlefresh.co.uk; img-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.360yield.com https://*.addthis.com https://*.adnxs.com https://*.assets.schwarz https://*.bing.com https://*.cat-ret.assets.lidl https://*.cdn.flavedo.io https://*.cliplister.com https://*.cookiebot.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-onlinenewsletter.de https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.mycliplister.com https://*.retail.lidl.net https://*.retail.vdc.lidl https://*.searchhub.io https://*.smartadserver.com https://*.virtualearth.net https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://content.odj.cloud https://*.clarity.ms https://cm.adform.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://size.lidl.com https://s.kelkoogroup.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.adobe.com https://www.awin1.com https://cdn.flavedo.io https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.bd https://www.google.com.tr https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.is https://www.google.it https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://www.w3.org https://x.bidswitch.net https://youtube.com https://*.creativecdn.com https://*.youtube.com https://www.googletagmanager.com https://lidlplusprod.blob.core.windows.net https://upeimagesprd.blob.core.windows.net https://lidlplusstorage.blob.core.windows.net https://c1.adform.net https://ce.lijit.com https://criteo-partners.tremorhub.com https://*.teads.tv https://dpm.demdex.net https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://hb.yahoo.net https://id5-sync.com https://jadserve.postrelease.com https://matching.ivitrack.com https://pixel.rubiconproject.com https://*.casalemedia.com https://sync-criteo.ads.yieldmo.com https://sync.1rx.io https://rt.udmserve.net https://ssc-cms.33across.com https://ads.yieldmo.com https://s.seedtag.com https://sync.go.sonobi.com https://fast.nexx360.io https://*.upe.schwarz 'unsafe-inline' https://*.adyen.com data:; object-src 'self' https://*.facebook.com https://*.facebook.net https://*.batch.com https://*.cookiebot.com https://*.leaflets.schwarz https://*.lidl-shop.com https://*.lidl.de https://*.livebuy.io https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval'; script-src 'self' blob: https://*.facebook.com https://*.facebook.net https://*.api.schwarz https://*.batch.com https://*.bing.com https://*.cookiebot.com https://*.creativecdn.com https://*.exactag.com https://*.instana.io https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.com https://*.lidl.de https://*.livebuy.io https://*.medallia.eu https://*.peakprotect.com https://*.pingdom.net https://*.searchhub.io https://*.virtualearth.net https://adservice.google.com https://asset.schwarz https://bidswitch.net https://cdn.cookielaw.org https://*.clarity.ms https://creativecdn.com https://form.lidl.com https://*.onetrust.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://s.kk-resources.com https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://*.doubleclick.net https://test.formcycle.vdc.lidl https://www.awin1.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' about: https://localhost https://*.adyen.com; style-src 'self' https://*.bing.com https://*.cookiebot.com https://*.kampyle.com https://*.leaflets.schwarz https://*.lidl-flyer.com https://*.lidl-shop.com https://*.lidl.de https://*.medallia.eu https://asset.schwarz https://bidswitch.net https://form.lidl.com https://lidl.de https://lidl.media01.eu https://*.google-analytics.com https://region1.analytics.google.com https://sdk.virtualearth.net https://searchhub.io https://sentry.int.secrz.com https://spatial.virtualearth.net https://test.formcycle.vdc.lidl https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.lidl-shop.be https://www.lidl-shop.cz https://www.lidl-shop.nl https://www.lidl-shop.sk https://www.lidl-sklep.pl https://youtube.com https://*.youtube.com https://www.googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' https://*.lidl.com https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://accounts.lidl.com https://survey.g.doubleclick.net; 2 frame-ancestors 'self' *.translate.goog translate.google.com; 2 frame-ancestors 'self' https://*.boditrax.com/ *.puregym.com/; 2 frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 2 default-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://*.jugendherberge.de https://piwik.jugendherberge.de 2 default-src 'self' https://brightdata.com wss://nexus-websocket-a.intercom.io api.openai.com wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: *.googleapis.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googlesyndication.com www.pagespeed-mod.com assets.calendly.com calendly.com *.doubleclick.net http://ad.doubleclick.net *.youtube.com i.ytimg.com *.vwo.com *.visualwebsiteoptimizer.com widget.trustpilot.com *.zdassets.com brightdata.zendesk.com assets.brightdata.com *.userway.org cdn.mxpnl.com *.mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.thesmilingelbows.com *.bing.com *.clarity.ms widget.intercom.io *.linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com *.hsforms.net *.hsforms.com *.oribi.io *.gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com snap.licdn.com *.yandex.ru *.yandex.net *.yandex.com *.yandex.md *.yandex.by *.netstar-inc.com *.gstatic.com yastatic.net cdn.datatables.net *.redditstatic.com *.6sc.co *.quora.com widget-mediator.zopim.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th *.google.co.kr *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj *.comeet.com *.reddit.com *.ipqualityscore.com *.debugbear.com js.usemessages.com; frame-ancestors 'self'; worker-src blob: 'self'; report-uri https://brightdata.com/web_api/report_csp 2 upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 2 default-src *; style-src 'unsafe-inline' *; font-src 'self' data: blob: *; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; connect-src * data: blob:; media-src 'self' blob: * data: *; frame-src * webcompt: 2 default-src 'self' http://*.jwpcdn.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: http://*.jwpcdn.com http://*.googleapis.com http://*.googletagservices.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; media-src 'self' blob: data: *; img-src 'self' blob: data: *; font-src 'self' http://*.gstatic.com http://*.civicscience.com; frame-src 'self' *; object-src 'self' *; base-uri 'self'; form-action 'self'; frame-ancestors 'self' http://localhost:* https://*.dev-univision.com https://*.univision.com https://*.tudn.com https://*.mulher.com.br https://*.delicioso.com.br https://*.zappeando.com.br https://*.tasaudavel.com.br https://*.lasestrellas.tv https://*.canal5.com https://*.elnu9ve.com https://*.distritocomedia.com https://*.televisa.com https://*.unicable.tv https://*.telehit.com https://*.losbingers.com https://*.bandamax.tv https://*.lacasadelosfamososmexico.tv http://*.uvn.io http://*.psdops.com https://static.univision.com https://viz.flowics.com https://*.flowics.com https://asset-cdn.flowics.com https://*.lightboxcdn.com https://www.lightboxcdn.com; block-all-mixed-content; 2 frame-ancestors 'self'; worker-src 'self' blob:; upgrade-insecure-requests; script-src assets.sitescdn.net play.goconsensus.com *.confirmit.eu *.softwareag.com *.techtarget.com bat.bing.com *.baidu.com *.driftt.com *.6sc.co *.d41.co *.licdn.com *.softwareag.com *.ceros.com *.marketo.net *.marketo.com siteimproveanalytics.com *.adobe.com *.rlcdn.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.ytimg.com *.youtube.com *.adobedtm.com *.scene7.com *.trustarc.com *.ads-twitter.com *.bizible.com *.facebook.net *.omtrdc.net *.2o7.net *.demdex.net *.everesttech.net 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://secure.gravatar.com/ *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g10696554090.co g10696554090.co *.clarity.ms https://www.googleadservices.com/ https://script.hotjar.com/ https://player.vimeo.com/ https://www.clarity.ms/ https://static.ads-twitter.com/ https://ws.zoominfo.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://secure.intelligentdatawisdom.com/ https://www.googleoptimize.com/ https://www.clarity.ms/ https://script.hotjar.com/ https://static.ads-twitter.com/ https://ws.zoominfo.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://player.vimeo.com/ https://secure.intelligentdatawisdom.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://www.google.com/ https://js.hsadspixel.net/ https://js.hubspot.com/ https://js.usemessages.com/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://scout-cdn.salesloft.com/ https://api.lightboxcdn.com/ https://js.hs-analytics.net/ https://static.hsappstatic.net/ https://js.hscollectedforms.net/ https://cdn.bizible.com/ https://j.6sc.co/ https://snap.licdn.com/ https://polyfill.io/ https://*.hs-scripts.com/ https://js.hsforms.net/ https://consent.trustarc.com/ https://secure.leadforensics.com/ https://connect.facebook.net/ https://dev.visualwebsiteoptimizer.com/ https://geotargetly-api-2.com/ https://www.lightboxcdn.com/ https://www.googletagmanager.com/ https://extend.vimeocdn.com/ https://cdn.jsdelivr.net/ *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.lightboxcdn.com/ https://fonts.googleapis.com/ https://s3.lightboxcdn.com/ *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.personifyhealth.com *.personifyhealth.com/* *.cloudfront.net *.linkedin.com *.google.co.uk *.google.com https://ps.w.org/ https://s.w.org/ https://i.vimeocdn.com/ https://cdn.bizibly.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://track.hubspot.com/ https://secure.gravatar.com/ https://cdn.bizible.com/ https://c.bing.com/ https://c.clarity.ms/c.gif https://s3.lightboxcdn.com/ https://google.at/ https://www.googletagmanager.com/ https://attr.ml-api.io/ https://secure.adnxs.com/ https://www.google.at/ https://b.6sc.co/ https://www.google-analytics.com/ https://analytics.twitter.com/ https://t.co/ https://www.google.ba/ https://www.google.com/ https://b.6sc.co/ https://dev.visualwebsiteoptimizer.com/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://s.ml-attr.com/ https://consent.trustarc.com/ https://dify.wpengine.com/ https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://perf-na1.hsforms.com/ https://www.lightboxcdn.com/ s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' *.clarity.ms *.6sense.com *.linkedin.com https://u.clarity.ms/collect *.google-analytics.com/ https://stats.g.doubleclick.net/ https://bat.bing.com/ https://www.google.at/ https://in.hotjar.com/ https://y.clarity.ms/collect https://api.hubapi.com/ https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://js.hs-banner.com/ https://ws.zoominfo.com/ https://ws.zoominfo.com/pixel/collect *.hubspot.com/ https://idx.liadm.com/ https://scout.salesloft.com/ https://c.6sc.co/ https://secure.adnxs.com/ https://vc.hotjar.io/ https://cdn.linkedin.oribi.io/ https://epsilon-cloudfront.6sense.com/v3/company/details https://epsilon.6sense.com/v3/company/details https://www.google-analytics.com/j/ https://google.com/pagead/form-data/ https://ipv6.6sc.co/ https://epsilon.6sense.com/ https://q.clarity.ms/ https://www.google-analytics.com/ https://vimeo.com/ https://google.at/ https://google.com/ https://region1.analytics.google.com/ https://my.wpengine.com/ https://api.hubspot.com/ https://forms.hscollectedforms.net/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com/ https://yoast.com/ https://*.visualwebsiteoptimizer.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com/ https://s3.lightboxcdn.com/ data: fonts.gstatic.com fonts.googleapis.com; media-src * *.vimeo.com *.akamized.net; frame-src 'self' https://forms.hsforms.com/ https://www.google.com/ https://player.vimeo.com/ https://consent-pref.trustarc.com/ https://app.hubspot.com/ *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; worker-src * blob:; report-uri https://personifyhealth.com/?gdsih-csp-report; 2 frame-ancestors 'self' *.bnpparibas *.mosaic.fr *.biapi.pro *.dev.echonet *.bnpparibas.net *.protection24.com *.facil-iti.com *.herokuapp.com *.matmut.com *.cardif-iard.fr; 2 default-src * blob:;connect-src 'self' 'unsafe-inline' https://px.ads.linkedin.com https://app.clearbit.com https://adservice.google.com https://dev.visualwebsiteoptimizer.com https://cdn.bizible.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;frame-src 'self' https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://vars.hotjar.com https://game.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://x.clearbitjs.com https://www.youtube.com https://youtube.com https://tag.clearbitscripts.com https://dev.visualwebsiteoptimizer.com https://cdn.bizible.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://*.getkoala.com/ https://www.redditstatic.com/ https://www.apollo.io/ https://assets.apollo.io https://signalwire.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com http://script.hotjar.com https://script.hotjar.com https://client.crisp.chat data:;img-src * data: 2 default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev pub-9e9b8076c1e04ada8d131e726daedf4b.r2.dev *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap js.sitesearch360.com apps.mypurecloud.de lantern.roeyecdn.com; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com *.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de insights.sitesearch360.com api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de www.google.com/pagead/ ewe-journeys.production.wlp.cloud ewe-gw.production.wlp.cloud ewe-journeys.staging.wlp.cloud ewe-gw.staging.wlp.cloud sentry.taktsoft.com mpgm8yfu.apicdn.sanity.io; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com imgsct.cookiebot.com blob: data: ewe-journeys.production.wlp.cloud ewe-journeys.staging.wlp.cloud; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com ewe-journeys.production.wlp.cloud ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com data: ewe-journeys.production.wlp.cloud ewe-journeys.staging.wlp.cloud pub-6ab8a7ede2cb46eb872c4868a049f49c.r2.dev; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud ewe-journeys.staging.wlp.cloud apps.mypurecloud.de td.doubleclick.net *.ewe.de; media-src 'self' data.ewe.de; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;style-src-elem data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 2 object-src 'none'; form-action 'self'; frame-ancestors 'none' 2 upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://cspabuse.itpays.no 2 script-src 'self' 'strict-dynamic' 'nonce-LSY_r4nD0m' https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline' https://*.tagmanager.com:443 https://*.googleapis.com:443;font-src 'self'; connect-src 'self' https://*.lhsystems.com:443 https://*.stape.io:443 https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443; frame-src https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self';img-src 'self' data: https://www.google.com.*:443 https://*.lhsystems.com:443 https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443;object-src 'none';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests; 2 frame-ancestors 'self' https://microapps.google.com/ 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2 frame-ancestors 'self' https://www.99.co; 2 default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 2 default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' use.fontawesome.com; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; font-src fonts.gstatic.com use.fontawesome.com; frame-ancestors 'none'; 2 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 2 default-src 'self' data: 'unsafe-inline' https://challenges.cloudflare.com https://*.brightcove.net https://*.google-analytics.com https://*.google.com https://*.brightcove.com *.akamaihd.net *.boltdns.net https://brightcove.hs.llnwd.net https://stats.g.doubleclick.net https://*.classmarker.com https://*.crossref.org https://cm.scholarlyiq.com https://public.tableau.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://unpkg.com https://*.fontawesome.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://www.gstatic.com https://*.crossref.org https://cdnjs.cloudflare.com https://vjs.zendcdn.net https://vjs.zencdn.net https://players.brightcove.net https://www.youtube.com https://s.ytimg.com https://*.classmarker.com https://cdn.ckeditor.com https://code.jquery.com https://cdn.jsdelivr.net https://public.tableau.com blob:; style-src 'self' 'unsafe-inline' http://opgtest https://tagmanager.google.com https://fonts.googleapis.com https://*.crossref.org https://cdn.ckeditor.com players.brightcove.net https://cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' https://d3qoh5n5udjkx5.cloudfront.net https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.crossref.org https://stats.g.doubleclick.net https://*.brightcove.com http://*.brightcove.com *.boltdns.net https://imagebank.osa.org https://imagebank.optica.org https://account.optica.org https://cdn.ckeditor.com https://public.tableau.com https://www.osapublishing.org https://players.brightcove.net *.akamaihd.net; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com about:; connect-src 'self' https://*.fontawesome.com https://opgadmin https://*.optica.org https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://players.brightcove.net edge.api.brightcove.com *.boltdns.net *.akamaihd.net; media-src 'self' 'unsafe-inline' https://opg.optica.org https://www.osapublishing.org *.boltdns.net https://*.brightcove.com *.brightcovecdn.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com blob: data:; object-src 'self' 'unsafe-inline' *.akamaihd.net *.boltdns.net; prefetch-src 'self' *.boltdns.net 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com chat.dropped.net.pl js.pusher.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 2 frame-ancestors 'self' https://*.stackoverflow.com http://*.stackoverflow.co; 2 frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 2 default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 2 frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2 default-src 'self' https://*.cms.vwfs.tools; img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de https://cms-assets.vwfs.io https://cms-assets.vwfs.com https://smetrics.vwfs.com https://mediaservice.audi.com https://GISTPAEndpoint-Prod.azureedge.net https://default.vms.vwfs.io https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com; script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://cc.cdn.civiccomputing.com https://*.vwfs.de https://target.vwfs.com https://*.vwfs.com https://smetrics.vwfs.com https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com; style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com https://*.google.com; connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com https://smetrics.vwfs.com https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.prod.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io; frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net; media-src https://www.youtube-nocookie.com https://cms-assets.vwfs.com 'self'; 2 upgrade-insecure-requests; frame-ancestors https: 'self' *.uprinting.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 2 default-src 'self' blob: *.tricentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.adsrvr.org *.bing.com *.bizible.com *.cookielaw.org *.demandbase.com *.doubleclick.net *.facebook.net *.googleoptimize.com *.googletagmanager.com *.licdn.com *.marketo.net *.mountain.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com *.tricentis.com *.trustradius.com *.vimeo.com *.wistia.com *.youtube.com *.zoominfo.com https://js.adsrvr.org https://bat.bing.com https://cdn.bizible.com https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://api.company-target.com https://cdn.cookielaw.org https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://*.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/countup@1.8.2/dist/countUp.min.js https://snap.licdn.com https://munchkin.marketo.net https://cdn.mouseflow.com https://eu.mouseflow.com https://netlify-cdp-loader.netlify.app https://*.tricentis.com https://affiliates.tricentis.com https://fast.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://www.youtube.com/iframe_api https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net/trustquotes https://b.6sc.co https://j.6sc.co https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.onetrust.com https://js.sentry-cdn.com; style-src 'self' 'unsafe-inline' 'report-sample' *.marketo.net *.tricentis.com https://www.tricentis.com https://api.company-target.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://pages.tricentis.com https://lps.tricentis.com https://www.trustradius.com https://*.typekit.net https://d30ia583fbtg8i.cloudfront.net https://*.onetrust.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.doubleclick.net http://ad.doubleclick.net *.mktoresp.com *.mktoutil.com *.google.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://region1.analytics.google.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io *.company-target.com https://ws.zoominfo.com bat.bing.com *.google-analytics.com *.demandbase.com *.wistia.com *.onetrust.com *.facebook.com pages.tricentis.com lps.tricentis.com be.tricentis.com *.googlesyndication.com *.googletagmanager.com *.mouseflow.com https://eu.mouseflow.com https://o2.mouseflow.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net dx.mountain.com px.mountain.com gs.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.litix.io https://px.ads.linkedin.com https://ipv6.6sc.co https://c.6sc.co https://logx.optimizely.com https://*.optimizely.com https://*.6sense.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data: https://cdn.mouseflow.com https://fast.wistia.com https://fonts.gstatic.com https://use.typekit.net https://dudodiprj2sv7.cloudfront.net/font/glyphicons/ https://*.onetrust.com; frame-ancestors 'self' https://www.tricentis.com https://be-develop.tricentis.com https://be-test.tricentis.com https://be.tricentis.com; frame-src *.adsrvr.org *.facebook.com *.tricentis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://datainsights-cdn.dm.aws.gartner.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.buzzsprout.com https://www.google.com https://player.vimeo.com https://fast.wistia.net *.wistia.com https://www.youtube.com https://app.netlify.com https://s.company-target.com https://capture.navattic.com https://tricentis.navattic.com https://a26508490611.cdn.optimizely.com https://a26508490611.cdn-pci.optimizely.com; img-src 'self' blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.doubleclick.net http://ad.doubleclick.net https://pubads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://adservice.google.com https://*.googletagmanager.com https://fonts.gstatic.com *.tricentis.com https://www.tricentis.com https://cdn.bizible.com https://cdn.bizibly.com *.capterra.com *.wistia.com *.linkedin.com https://px.ads.linkedin.com *.cookielaw.org *.googlesyndication.com https://www.google.com www.googletagmanager.com https://bat.bing.com https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com https://capterra.s3.amazonaws.com https://eu.mouseflow.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://media.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://px.ads.linkedin.com https://b.6sc.co https://cdn.optimizely.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt; media-src 'self' https://js.intercomcdn.com blob: https://*.wistia.com https://embedwistia-a.akamaihd.net; report-uri https://65eb3282bc57ae1120bf66ab.endpoint.csper.io?v=25; worker-src 'self' blob:; 2 default-src 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com cdnjs.cloudflare.com assets.adobedtm.com www.googletagmanager.com www.google-analytics.com snap.licdn.com connect.facebook.net googleads.g.doubleclick.net pixel.everesttech.net www.everestjs.net bat.bing.com a.quora.com *.plusgrade.com *.awswaf.com *.dynatrace.com; frame-src 'self' www.google.com book.airvistara.com www.youtube.com www.timaticweb2.com vistara.demdex.net; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' px.ads.linkedin.com cm.everesttech.net tatasiaairlinesltd.sc.omtrdc.net bat.bing.com q.quora.com www.linkedin.com www.google.com www.google.co.in dpm.demdex.net www.googletagmanager.com data:; connect-src 'self' tatasiaairlinesltd.tt.omtrdc.net tatasiaairlinesltd.sc.omtrdc.net dpm.demdex.net lasteventf-tm.everesttech.net cdn.linkedin.oribi.io *.campaign.adobe.com fcm.googleapis.com services.airvistara.com *.amadeus.com analytics.google.com stats.g.doubleclick.net t.email.clubvistara.com www.google-analytics.com *.awswaf.com *.dynatrace.com; worker-src 'self' blob:; 2 frame-ancestors 'self' https://zeroheight.com https://akira.ninjavan.dev https://*.myshopify.com https://app.zeplin.io https://ninjavansg.zendesk.com https://*.ninjavan.cn https://*.ninjavan.co; 2 default-src 'self' 'unsafe-inline' *.bzga.de *.ddev.site data:; script-src 'self' 'unsafe-inline' *.bzga.de *.ddev.site; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com/; img-src 'self' data: *.ytimg.com *.bzga.de 2 object-src 'none'; base-uri 'self'; frame-ancestors 'self' 2 frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de 2 frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.getsmartcontent.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://s.getsmartcontent.com https://s.swiftypecdn.com https://snap.licdn.com https://snippet.ramblechat.com https://tracker.mrpfd.com https://vidassets.terminus.services https://opench.bamboohr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.gartner.com https://fonts.googleapis.com https://fonts.gstatic.com blob: https://cdn-ilbmnfd.nitrocdn.com/ https://nitroscripts.com/ 2 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 2 frame-ancestors 'self' https://uad.sonera.fi/ https://*.f-secure.com; 2 frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 2 default-src 'self'; script-src 'self' 'nonce-452675ec-08ab-46f5-86b1-2bed39d844c5' dnstest2.ficora.fi dnstest.traficom.fi stat.traficom.fi analytiikka.ahtp.fi; img-src 'self' data: *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; style-src 'self' 'nonce-452675ec-08ab-46f5-86b1-2bed39d844c5' dnstest2.ficora.fi dnstest.traficom.fi; font-src 'self'; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.traficom.fi *.ficora.fi trafi2.stat.fi registry.qadomain.fi registry.domain.fi autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com analytiikka.ahtp.fi prod.bittimittari.fi; connect-src 'self' https://stat.traficom.fi analytiikka.ahtp.fi; form-action 'self' 2 frame-ancestors 'self' https://static-ebcom.mci.ir/ 2 default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; 2 default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; frame-ancestors 'self' https://xodo-web.sanity.studio; 2 frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 2 default-src 'self' data: blob: *.facebookcareers.com *.metacareers.com *.fbcdn.net *.facebook.com connect.facebook.net 'unsafe-inline';script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' data: blob: 'self' https://www.googletagmanager.com/gtag/js https://*.youtube.com;style-src data: blob: 'unsafe-inline' *.facebookcareers.com *.metacareers.com *.fbcdn.net *.facebook.com 'unsafe-eval';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.facebookcareers.com *.metacareers.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com;img-src 'self' data: blob: *.facebookcareers.com *.metacareers.com *.fbcdn.net *.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com *.youtube.com jsv3.recruitics.com;frame-src *.facebook.com *.fbcdn.net https://*.youtube.com;block-all-mixed-content;upgrade-insecure-requests; 2 connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.wcrf.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com apikeys.civiccomputing.com px.ads.linkedin.com *.googlesyndication.com *.google.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.wcrf.org; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net s3-eu-west-1.amazonaws.com calendar.google.com datawrapper.dwcdn.ne datawrapper.dwcdn.net; img-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net px.ads.linkedin.com www.google.co.uk *.google-analytics.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com documentservices.adobe.com a.omappapi.com cc.cdn.civiccomputing.com snap.licdn.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com a.omappapi.com snap.licdn.com; worker-src 'self' blob:; 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src 'self' data: https: 'unsafe-inline'; frame-src 'self' https:; style-src 'self' https: 'unsafe-inline' 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdnjs.cloudflare.com https://multicare.jotform.com https://js.jotform.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.evaliahealth.com https://*.issuu.com https://*.isu.pub https://*.jotfor.ms https://*.marketo.com https://*.moatads.com https://*.multicare.org https://*.nrchealth.com https://*.sitkainsights.com https://*.wistia.com https://*.wistia.net https://*.youtube.com https://*.licdn.com https://*.facebook.net https://siteimproveanalytics.com https://*.calltrk.com https://*.marketo.net https://*.adsrvr.org https://*.google-analytics.com https://*.applozic.com https://*.facebook.com https://*.googleadservices.com https://*.healthrecordwizard.com https://*.cloudflare.com https://*.us.tvsquared.com https://*.legitscript.com/ https://*.redditstatic.com https://*.moz.com https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://*.freshpaint.io/ https://*.monsido-consent.com https://*.monsido.com https://*.perfalytics.com https://*.freshpaint.io/ https://*.tctm.xyz https://*.freshpaint-hipaa-videos.com https://perfalytics.com https://yoast.com; frame-src 'self' https://*.evaliahealth.com https://*.issuu.com https://*.marketo.com https://*.multicare.org https://*.wistia.com https://*.wistia.net https://*.youtube.com https://*.jotform.io https://*.google.com https://*.mom365.com https://*.jotform.com https://*.fls.doubleclick.net https://*.adsrvr.org https://bid.g.doubleclick.net https://*.facebook.com https://*.googleadservices.com https://*.healthrecordwizard.com https://*.moz.com https://*.tctm.xyz https://*.freshpaint-hipaa-videos.com https://*.perfalytics.com https://perfalytics.com ; object-src 'none' 2 frame-ancestors *.b2b168.com *.b2b168.net www.b2b168.com b2b168.tz1288.com; 2 frame-ancestors 'self' https://cdn.adkaora.space; 2 frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 2 upgrade-insecure-requests; upgrade-insecure-requests 2 default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.rwjbh.org www.mychart.com; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2 default-src 'self' data:; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.google.com/; connect-src 'self' https://yoast.com/ https://www.google-analytics.com/ https://region1.google-analytics.com/; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://vod-progressive.akamaized.net/ https://errors.syslogistics.io/; form-action 'self' https://login.salesforce.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://deliveryhero.com/ https://www.googletagmanager.com/ https://www.buzzsprout.com/ https://cdnjs.cloudflare.com/ https://errors.syslogistics.io/; style-src 'self' 'unsafe-inline'; img-src 'self' https://s.w.org/ https://ps.w.org/ https://secure.gravatar.com/ https://pubads.g.doubleclick.net/ data:; worker-src 'self' blob:; report-to csp-endpoint; 2 upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 2 frame-ancestors https://caramel.la https://caramel.la/* 'self' 2 frame-ancestors 'self' https://cx360.corp.ackodev.com https://cx360.corp.acko.com https://app.ola.riskcovry.com https://lead360.corp.ackodev.com https://lead360.corp.acko.com https://cmp.mygate.com https://*.kappa.mgmaglev.xyz https://*.mygate.com https://cx360v2.corp.ackodev.com https://cx360v2.corp.acko.com https://auto-policy-frontend-ui-master.internal.ackodev.com https://auto-policy-frontend.internal.live.acko.com https://ht-affiliate-qa.hindustantimes.com http://ht-affiliate-preprod.hindustantimes.com https://staging.livemint.com https://pre-prod.livemint.com https://qa-www.hindustantimes.com https://preprod-www.hindustantimes.com https://www.livemint.com https://www.hindustantimes.com 2 connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io www.google-analytics.com; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 2 default-src 'none'; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://assets-ctb.pernod-ricard.io https://api.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://zfm2j5365u-dsn.algolia.net https://d8ejoa1fys2rk.cloudfront.net https://brandcloud.pernod-ricard.com https://optoutapi.evidon.com *.evidon.com *.betrad.com https://us-central1-pantheon-psapps.cloudfunctions.net https://insight.pravp.com/analytics *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css agegate.pr-globalcms.com https://www.googletagmanager.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://app-avp.pravp.com https://assets-ctb.pernod-ricard.io https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://static.addtoany.com https://emperia.gallery https://my.matterport.com https://www.google.com; img-src 'self' https: data:; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://avp.pravp.com https://www.google-analytics.com https://c.evidon.com https://assets-ctb.pernod-ricard.io https://cdn.jsdelivr.net/npm/algoliasearch https://zfm2j5365u-3.algolianet.com https://www.youtube.com https://player.vimeo.com *.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net *.pernod-ricard.io https://live-pernod-ricard-global-cms.pantheonsite.io https://snap.licdn.com https://www.google.com https://www.gstatic.com agegate.pr-globalcms.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://vuejs.org; style-src 'self' 'unsafe-inline' https://assets-ctb.pernod-ricard.io data: https://live-pernod-ricard-global-cms.pantheonsite.io cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; base-uri 'self'; form-action 'self' https://login.microsoftonline.com https://device.login.microsoftonline.com; frame-ancestors 'self' 2 default-src 'self'; img-src 'self' data:; media-src 'self' blob:; connect-src 'self' blob:; form-action 'self'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.hirkereso.hu http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 2 script-src 'self' 'unsafe-inline' https://maps.googleapis.com/ https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.dwin1.com/ https://smct.co/ https://lantern.roeyecdn.com/;connect-src 'self' https://maps.googleapis.com/ https://analytics-global.planethoster.com https://analytics-eu.planethoster.com https://*.google-analytics.com https://pagead2.googlesyndication.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.fr;img-src 'self' data: https://maps.googleapis.com/ https://lantern.roeye.com https://analytics-global.planethoster.com https://analytics-eu.planethoster.com https://*.google-analytics.com https://pagead2.googlesyndication.com/ https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.fr;script-src-attr 'self' 'unsafe-inline';frame-src 'self' https://player.vimeo.com/ https://www.google.com/ https://td.doubleclick.net/;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2 upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2 frame-ancestors 'self' https://cms.hanleywood.com 2 form-action 'self'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com *.quantummetric.com https://www.google.com/recaptcha *; object-src 'none' ; connect-src *; font-src *; frame-ancestors https://www.youtube.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://sslwidgetmaster.investorroom.com/css *; img-src * 'self' data: blob:; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;worker-src blob:; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha *; child-src blob:; 2 frame-ancestors https://*.netinfo.bg/ 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 2 object-src 'none'; form-action 'self'; frame-ancestors 'self'; 2 frame-ancestors 'self' https://assets.apilayer.com 2 frame-src 'self' https://193.105.74.4/ https://62.140.31.104/ https://www.gstatic.com/ https://www.google.com/recaptcha/ https://platform-use.ci360.sas.com https://individeo.com/ https://www.youtube.com/ https://www.produbanco.com.ec/ https://estella01.prd.net.ec/api/heartbeat https://cdn.botframework.com/ https://*.hotjar.com https://*.hotjar.io 2 default-src 'self'; script-src 'self' 'unsafe-inline' *.cloudflare.com *.facebook.net *.googletagmanager.com *.jsdelivr.net maps.googleapis.com *.newrelic.com *.recollect.net *.siteimprove.net siteimproveanalytics.com ui.customsearch.ai unpkg.com *.wisconsin.gov; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com hosteduxprod.blob.core.windows.net *.jsdelivr.net recollect.a.ssl.fastly.net unpkg.com; img-src 'self' data: *.google-analytics.com *.googletagmanager.com hosteduxprod.blob.core.windows.net maps.googleapis.com maps.gstatic.com recollect.a.ssl.fastly.net recollect-images.global.ssl.fastly.net *.recollect.net *.siteimproveanalytics.io; frame-src 'self' app.powerbigov.us bi.wisconsin.gov cityofmadison.maps.arcgis.com *.cityofmadison.com *.facebook.com *.google.com *.publichealthmdc.com *.recollect.net storymaps.arcgis.com *.youtube.com; frame-ancestors 'self'; child-src 'self' app.powerbigov.us bi.wisconsin.gov cityofmadison.maps.arcgis.com *.cityofmadison.com *.facebook.com *.google.com *.publichealthmdc.com *.recollect.net storymaps.arcgis.com *.youtube.com; font-src 'self' fonts.gstatic.com recollect.a.ssl.fastly.net; connect-src 'self' *.google-analytics.com maps.googleapis.com *.nr-data.net *.siteimprove.com *.siteimproveanalytics.com ui.customsearch.ai; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'self' https://*.kindly.ai https://*.kindlycdn.com https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://chat.kindlycdn.com https://acsbapp.com; connect-src 'self' https://plausible.io https://chat.kindlycdn.com https://acsbapp.com https://*.acsbapp.com https://*.kindly.ai wss://ws-eu.pusher.com https://sockjs-eu.push wss://*.kindly.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://media.graphassets.com https://*.kindlycdn.com blob: data:; media-src 'self' https://media.graphassets.com; font-src 'self' https://fonts.gstatic.com https://chat.kindlycdn.com data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; upgrade-insecure-requests; 2 frame-ancestors 'self' http://webvisor.com; 2 frame-ancestors 'self' *.affino.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 2 frame-src 'self' https://optimize.google.com https://staging.eigendev.com https://ms1.eigendev.com https://bid.g.doubleclick.net *.lpsnmedia.net *.liveperson.net *.hotjar.com *.fls.doubleclick.net *.salecycle.com https://www.google.com https://customersso.rvs.com https://customersso-stage.rvs.com https://customer-sso-api.kong.test.site-testing.com https://gsclaimsubmissions.wufoo.com https://acquire1.comenity.net *.youtube.com *.googlesyndication.com https://console.googletagservices.com https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://bookings.spot2nite.com https://bookings.spot2nite.dev https://www.google.com; 2 default-src 'self'; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: google-analytics.com 2.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; font-src 'self' data: https://use.typekit.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: http: s7.addthis.com; frame-ancestors 'self'; manifest-src 'self'; 2 frame-ancestors 'self' https://*.e-spirit.hosting https://*.intentive.de; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: https://static.mne.pt https://static.mne.gov.pt https://www.googletagmanager.com/; child-src 'self' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.youtube-nocookie.com https://player.vimeo.com; frame-src 'self' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'none'; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com; worker-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' *.windy.com:* 2 frame-ancestors 'self' https://m.v12finance.com/; 2 upgrade-insecure-requests; report-uri /csp/report; 2 base-uri 'self' https://amli.sekindo.com; connect-src 'self' https: data: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; frame-src 'self' https: googleads.g.doubleclick.net error-report.com; img-src 'self' data: https:; media-src 'self' blob: gcdn.2mdn.net video.primis.tech; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: blob: www.google-analytics.com pagead2.googlesyndication.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com content.quantcount.com live.primis.tech html-load.com; worker-src blob:; block-all-mixed-content; report-to https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e 2 frame-ancestors 'self' https://*.webjet.com.au https://*.webjet.co.nz https://webjettest.my.connect.aws https://offlinesales.my.connect.aws https://wj-ccaas-dev.my.connect.aws https://webjet-ccaas-prod.my.connect.aws; report-to csp-report; report-uri https://services.webjet.com.au/api/logger/log/platform/policy-csp 2 base-uri https://www.lumni.fr; frame-ancestors https://www.lumni.fr 2 frame-ancestors 'self' https://live.nkd.com https://www2.nkd.com 2 default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 2 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://e.issuu.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://www.shoplooks.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.liveperson.net https://*.lpsnmedia.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.thehut.com https://analytics.tiktok.com https://*.abtasty.com https://sgtm.thehut.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.com https://m.thehut.com https://checkout.thehut.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net blob:; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://google.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com blob: https://*.abtasty.com https://sgtm.thehut.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.lpsnmedia.net https://*.liveperson.net https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 2 frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 2 frame-ancestors 'self' http://*.airtable.com https://*.therapybrands.com; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 2 default-src https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src * blob:; media-src https: data: blob:; worker-src https: blob:; upgrade-insecure-requests; frame-ancestors 'self' https://*.mijnmagazines.be https://*.twipemobile.com; 2 frame-src https://*.yellohvillage.es https://*.yellohvillage.co.uk https://*.yellohvillage.de https://*.yellohvillage.it https://*.yellohvillage.fr https://*.yellohvillage.nl https://www.youtube.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.google.com https://yellohvillage.demdex.net https://*.admin.yellohvillage.fr https://admin.yellohvillage.fr https://*.iadvize.com https://*.criteo.com https://static.criteo.net https://*.facebook.com https://*.omtrdc.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.addthis.com https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://*.script.admo.tv https://js-agent.newrelic.com https://*.googletagmanager.com https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com https://*.google-analytics.com https://www.facebook.com https://*.criteo.com https://static.criteo.net https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.iadvize.com https://bat.bing.com https://assets.adobedtm.com https://yellohvillage.admo.tv https://*.yellohvillage.fr https://*.omtrdc.net https://*.zemanta.com https://itswhile.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://static.criteo.net https://*.script.admo.tv https://js-agent.newrelic.com https://*.googletagmanager.com https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com https://*.google-analytics.com https://www.facebook.com https://*.criteo.com https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://*.iadvize.com https://bat.bing.com https://assets.adobedtm.com https://yellohvillage.admo.tv https://*.yellohvillage.fr https://*.omtrdc.net; img-src https: data: 'self' 'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self' 'unsafe-inline' data: https://*.yellohvillage.es https://*.yellohvillage.co.uk https://*.yellohvillage.de https://*.yellohvillage.it https://*.yellohvillage.fr https://*.yellohvillage.nl wss://*.iadvize.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://adservice.google.com/ https://*.datacamping.com/ https://www.photoscamping.com https://*.yellohvillage.fr https://bam.nr-data.net https://yellohvillage.d3.sc.omtrdc.net https://bat.bing.com https://*.admo.tv https://ad.doubleclick.net https://stats.g.doubleclick.net https://*.clarity.ms https://*.iadvize.com https://dpm.demdex.net https://api.privacy-center.org https://www.facebook.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://o2.mouseflow.com https://*.criteo.com https://*.omtrdc.net wss://ws.hotjar.com https://content.hotjar.io https://*.zemanta.com https://itswhile.com; object-src 'none'; 2 frame-ancestors https://listado-ofertas.trabajando.cl https://*.trabajando.cl https://laboral.inacap.cl 2 default-src 'self' 'unsafe-inline' data: *.friendlycaptcha.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.doubleclick.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googlesyndication.com *.run.app *.googleapis.com *.akamaihd.net *.crossengage.io *.usercentrics.eu *.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io *.dat.de *.datgroup.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click; form-action 'self' *.dat.de *.datgroup.com *.twitter.com *.cleverreach.com mailings.dat.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.crossengage.io *.usercentrics.eu *.mouseflow.com *.akamaihd.net *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.hotjar.com *.hotjar.io *.dat.de *.datgroup.com *.twitter.com *.twimg.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.googleapis.com *.twitter.com *.twimg.com *.googleapis.com *.fairgarage.de *.fairgarage.com *.dat.de *.datgroup.com *.googletagmanager.com *.google-analytics.com; worker-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.google.com *.vimeo.com blob: 'self' *.dat.de *.datgroup.com; frame-src data: 'self' *.doubleclick.net *.hotjar.com *.hotjar.io *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.google.com *.vimeo.com; img-src 'self' data: *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.dat.de *.datgroup.com *.usercentrics.eu *.google.com *.googleapis.com *.gstatic.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.hotjar.com *.hotjar.io *.datgroup.com *.twimg.com *.twitter.com *.fairgarage.de *.fairgarage.com *.google-analytics.com; font-src 'self' data: *.fairgarage.com; object-src 'none'; 2 frame-ancestors 'self' *; default-src 'self' data: wss: mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru freekassa.com *.freekassa.ru *.freekassa.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.freekassa.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.jivosite.com *.google.com.ua *.freekassa.ru *.freekassa.com; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.googleapis.com *.freekassa.ru *.freekassa.com 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.freekassa.com *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru *.freekassa.com freekassa.ru freekassa.com 'unsafe-inline'; 2 object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 2 default-src 'self' eviden.com *.eviden.com atos.net *.atos.net yoast.com *.yoast.com 'unsafe-inline' 'unsafe-eval' *.gravatar.com ps.w.org *.matomo.cloud *.marketo.net *.mktoresp.com *.mktoweb.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googleapis.com *.google.fr *.google.com *.gstatic.com cdn-cookieyes.com *.cookieyes.com *.linkedin.com *.licdn.com cdn.linkedin.oribi.io w.soundcloud.com tribl.io gallery.sprinklr.com; frame-ancestors 'self' eviden.com *.eviden.com atos.net *.atos.net eviden.sharepoint.com; object-src 'none'; font-src 'self' fonts.gstatic.com data: 'unsafe-inline'; img-src 'self' cdn-cookieyes.com *.linkedin.com *.gstatic.com tribl.io secure.gravatar.com data: 'unsafe-inline'; worker-src 'self' blob: ; 2 child-src 'self' *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.theidolprod.com *.landginvestments.com landgmya.ctc.uk.com view.ceros.com apps.euw2.pure.cloud flo.uri.sh nr1.s3.amazonaws.com embeds.audioboom.com www.google.com aax-eu.amazon-adsystem.com 11594483.fls.doubleclick.net 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: bot.ebilobster.ai block.opendns.com butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com yournews-legalandgeneral.com zswpmanager.wip.mmc.com www.everestjs.net lgima.filepoint.live embeds.audioboom.com player.vimeo.com; connect-src 'self' *.lgnet.co.uk *.infinity-tracking.com *.infinity-tracking.net *.bold360usercontent.com *.console.glassboxsaas.com *.report.gbss.io *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net edge.adobedc.net wss://webmessaging.euw2.pure.cloud api.euw2.pure.cloud api.shelf-eu.com api-cdn.euw2.pure.cloud brochure-tool.huguenots.co.uk widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co api.ebiai.app messenger.ebiai.app; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net cdn.jsdelivr.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.legalandgeneral.com *.legalandgeneralre.com *.lgima.com *.longevitypanel.co.uk *.lgim.com; img-src 'self' data: https: blob:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.lgim.netlify.huguenots.co.uk *.infinity-tracking.com *.infinity-tracking.net *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com *.gbqofs.com *.landginvestments.com cdn.jsdelivr.net view.ceros.com apps.euw2.pure.cloud public.flourish.studio am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net 2 upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 2 frame-ancestors 'self' https://kisanuat.bankofbaroda.co.in https://kisan.bankofbaroda.com https://ams.techmahindra.com;upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'none'; child-src https://cryptpad.fr; worker-src 'self'; media-src blob:; style-src 'unsafe-inline' 'self' https://cryptpad.fr; script-src 'self' resource: https://cryptpad.fr; connect-src 'self' https://cryptpad.fr blob: wss://api.cryptpad.fr https://files.cryptpad.fr https://accounts.cryptpad.fr https://sandbox.cryptpad.info https://api.cryptpad.fr; font-src 'self' data: https://cryptpad.fr; img-src 'self' data: blob: https://cryptpad.fr; frame-src 'self' https://sandbox.cryptpad.info blob:; frame-ancestors 'self' https: vector: 2 default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 2 default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://cdnmon.cfigroup.com https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://cdn.app.cfigroup.com https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; img-src 'self' data: https://cdnmon.cfigroup.com https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://*.twitter.com https://*.usa.gov https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.jsdelivr.net/npm/jvectormap@2.0.4/ https://cdn.knightlab.com https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdn.knightlab.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://search.usa.gov;; 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 2 img-src https: 2 frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; media-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; object-src 'none'; block-all-mixed-content; 2 frame-ancestors 'self' *.meutudo.app https://www.google.com https://meutudo.api.useinsider.com https://event.getblue.io https://s.amazon-adsystem.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://no-cdn.convertexperiments.com https://cdn.amplitude.com/libs/analytics-browser-2.4.1-min.js.gz https://app.varify.io https://editor.varify.io *.api.useinsider.com https://www.trustedsite.com/rpc/ajax *.amazon-adsystem.com *.gstatic.com https://cdn-4.convertexperiments.com/js/10041799-10042103.js https://dashboard.purplemetrics.com.br/widget/js/widget.js https://www.trustedsite.com/rpc/tmjs/meutudo.com.br/visit https://cdn.ywxi.net *.facebook.net https://event.getblue.io https://meutudo.api.useinsider.com https://api.useinsider.com/sw.js https://s1.kwai.net/ https://static.hotjar.com https://script.hotjar.com https://widget.getblue.io/event/ https://www.clarity.ms/ *.google.com https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com; 2 frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfretecuidamos *.digitalhealth.com; 2 frame-ancestors 'self' https://*.clasquin.com https://clasquin.com 2 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net https://challenges.cloudflare.com *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com https://challenges.cloudflare.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 2 frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2 font-src 'self' *.littleforest.co.uk fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com amp.azure.net data: 2 default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud tracking.g2crowd.com fclog.baidu.com; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com fxgate.baidu.com js.sentry-cdn.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net *.adobe.com; worker-src 'self' blob:; 2 default-src 'self'; script-src *.maps.yandex.net *.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru *.1c-bitrix.ru 'self' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nextdoor.com *.smarty.com *.crazyegg.com *.invocacdn.com *.invoca.net *.statistinamics.com static.traversedlp.com api.traversedlp.com js.alocdn.com p.alocdn.com https://cableone1615402851.zendesk.com/ https://zendesk-eu.my.sentry.io *.zendesk.com https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com *.googletagmanager.com *.sparklight.com *.zdassets.com *.googleapis.com snapwidget.com fonts.googleapis.com maps.gstatic.com cableone.zendesk.com wss://widget-mediator.zopim.com *.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net *.zopim.com *.bing.com *.google-analytics.com static.hotjar.com *.googleadservices.com *.facebook.net cltgtstor001.blob.core.windows.net *.adsrvr.org *.doubleclick.net *.hotjar.com cdn.polyfill.io *.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com optimize.google.com wss://*.hotjar.com *.hotjar.io blob: dev.visualwebsiteoptimizer.com *.cognitivlabs.com; style-src 'self' 'unsafe-inline' *.crazyegg.com *.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us *.google.com; img-src 'self' data: cableone1615402851.zendesk.com *.crazyegg.com dev.visualwebsiteoptimizer.com v2assets.zopim.io *.gstatic.com www.cableone.net www.sparklight.com www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net *.nextdoor.com *.rlcdn.com *.cognitivlabs.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 2 frame-ancestors 'self' *.strumentimusicali.net; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://www.google-analytics.com https://consent.cookiebot.com/uc.js https://connect.facebook.net https://secure.quantserve.com https://rules.quantcount.com/ https://destinilocators.com *.typekit.net unpkg.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.juicer.io https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'report-sample' 'self' 'unsafe-inline' *.typekit.net unpkg.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com *.juicer.io; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://consentcdn.cookiebot.com/consentconfig/97be9b59-acbb-4b48-8cb3-7ea98bfbab50/settings.json *.juicer.io *.fontawesome.com; font-src 'self' data: static.juicer.io *.fontawesome.com *.typekit.net *.gstatic.com; frame-src 'self' data: https://destinilocators.com https://consent.cookiebot.com https://consentcdn.cookiebot.com/; img-src 'self' data: https://pixel.quantserve.com https://www.facebook.com https://www.juicer.io https://assets.juicer.io https://s.w.org https://juicer.io https://consent.cookiebot.com https://imgsct.cookiebot.com; manifest-src 'self'; media-src 'self'; report-uri https://63fcef7d3e361dd413cfe988.endpoint.csper.io/?v=0; worker-src 'self'; 2 default-src 'self' 'unsafe-inline' https: data:; base-uri 'self'; 2 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google.com cdn.firebase.com www.gstatic.com s7.addthis.com cdnjs.cloudflare.com; style-src 'self' https: 'unsafe-inline' 2 default-src 'self' *.1mp.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com *.walkme.com *.amazonaws.com *.walkmeusercontent.com *.vimeo.com *.google.com *.googleapis.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com www.gstatic.com www.google-analytics.com translate.google.com *.googleapis.com *.walkme.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com; style-src 'self' 'unsafe-inline' *.googleapis.com www.gstatic.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com cdn.walkme.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com; font-src 'self' data:; worker-src 'self' blob:; frame-src 'self' *.1mp.com www.screencast.com www.google.com *.salesforce-sites.com *.service.force.com *.1mp--assetconv.my.salesforce.com *.assetconv-onemp.cs202.force.com *.c.la3-c1cs-ia4.salesforceliveagent.com *.d.la3-c1cs-ia4.salesforceliveagent.com *.walkme.com *.walkmeusercontent.com *.vimeo.com *.salesforce.com *.force.com *.salesforceliveagent.com *.site.com 2 default-src 'self' https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://mls-photos.ojo.ca https://www.houseful.ca/; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com https://www.houseful.ca/ https://cdn.jsdelivr.net https://js.usemessages.com https://a.quora.com https://js.hscollectedforms.net https://qvdt3feo.com https://appleid.cdn-apple.com https://static.ojohosts.ca *.houseful.ca https://ojohomes-static.prod.ojocore.ca https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca https://www.gstatic.com https://storage.googleapis.com *.googleapis.com *.google.com *.google.co.in https://app.satismeter.com *.stackadapt.com *.pinimg.com https://briskpelican.io https://js.hs-scripts.com https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca https://js.hs-banner.com https://js.hs-analytics.net https://js.hsadspixel.net https://edge.fullstory.com https://rs.fullstory.com https://app.hubspot.com; style-src 'self' 'unsafe-inline' https://www.houseful.ca/ https://www.google-analytics.com https://cdn.ojo.me https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca *.googleapis.com *.google.com *.stackadapt.com; font-src 'self' 'unsafe-inline' https://www.houseful.ca/ https://cdn.ojo.me https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://fonts.gstatic.com; img-src 'self' data: blob: https://mls-photos.ojo.ca *.clarity.ms *.bing.com *.stackadapt.com *.doubleclick.net https://fonts.gstatic.com https://www.houseful.ca/ https://static.ojohosts.ca https://staging-img.ojohosts.ca https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca https://forms.hsforms.com https://www.googletagmanager.com https://staging-img.movoto.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com *.google.com *.google.co.in *.google.ca *.googleapis.com https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca https://maps.gstatic.com *.ggpht.com *.pinterest.com *.quora.com https://track.hubspot.com https://photos.wolfnet.com; connect-src 'self' https://www.houseful.ca/ https://ojohomes-boundaries.prod.ojocore.ca https://ojohomes-boundaries.dev.ojocore.ca *.ojocore.ca *.oktapreview.com https://q.quora.com https://pagead2.googlesyndication.com https://api.hubspot.com https://google.com *.google.com *.clarity.ms *.bing.com https://forms.hscollectedforms.net https://cdn.ojo.me *.google.com *.google.co.in *.google.ca https://www.google-analytics.com https://stats.g.doubleclick.net https://static.ojohosts.ca https://ojohomes-static.prod.ojocore.ca *.googleapis.com *.facebook.com https://app.satismeter.com *.stackadapt.com https://login.dev.houseful.ca https://login.stage.houseful.ca https://login.houseful.ca *.pinterest.com https://briskpelican.io https://api.hubapi.com https://analytics.crea.ca https://edge.fullstory.com https://rs.fullstory.com https://app.hubspot.com *.contentful.com; object-src 'self' https://www.houseful.ca/; worker-src 'self' https://www.houseful.ca/; frame-ancestors 'self' *.houseful.ca *.datadoghq.com; frame-src 'self' *; 2 default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org 2 upgrade-insecure-requests;block-all-mixed-content 2 default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com *.googletagmanager.com platform.twitter.com shanx.matomo.com *.amazonaws.com apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com cdn-images.mailchimp.com *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com data: https:; style-src 'self' 'unsafe-inline' *.shanx.com cdn-images.mailchimp.com *.karlaporter.com *.amitavac.com *.ionicframework.com use.typekit.net fonts.adobe.com fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com use.typekit.net *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src https:; media-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; 2 default-src 'self'; script-src 'self' https://maps.googleapis.com https://newlogin.dimepkairos.com.br https://5chat.5hub.com.br https://script.hotjar.com https://code.jquery.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.dimepkairos.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com https://l2.io https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://newlogin.dimepkairos.com.br https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com 'unsafe-inline'; font-src 'self' https://newlogin.dimepkairos.com.br https://fonts.gstatic.com; img-src 'self' data: *; connect-src 'self' https://maps.googleapis.com https://maps.google.com https://maps.google https://stats.g.doubleclick.net https://tagus.5hub.com.br https://www.google.com https://www.google-analytics.com https://bam.nr-data.net http://127.0.0.1:8731; frame-src 'self' https://qcmaint.dimepkairos.com.br https://www.google.com https://5chat.5hub.com.br https://www.dimep.space https://qcmaint.mdcomune.com.br https://www.dimepkairos.com.br https://www.mdcomune.com.br https://www.dimepkairos.pt https://www.dimepkairos.com.mx; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 2 frame-ancestors 'self' https://*.kameleoon.com https://h7vcu8taur.kameleoon.eu https://dtvktbn6qk.kameleoon.eu https://*.kameleoon.io https://portal.decibel.com 2 default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads 2 frame-ancestors https://dgbuilder2.io 2 frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://sbnation.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com 2 frame-ancestors https://dgbuilder.io http://dgbuilder.io 2 connect-src storage.elfsight.com 438-kyk-786.mktoresp.com 438-kyk-786.mktoutil.com api.mkmediaworks.com app.wistia.com ask.hotjar.io bat.bing.com blob: c.6sc.co cdn.linkedin.oribi.io cdnjs.cloudflare.com content.hotjar.io conversions-config.reddit.com core.service.elfsight.com distillery.wistia.com embed-cloudfront.wistia.com embed-ssl.wistia.com epsilon-cloudfront.6sense.com epsilon-globalaccelerator.6sense.com epsilon.6sense.com fast.wistia.com fast.wistia.net go.reliaquest.com in.hotjar.com ipv6.6sc.co j.6sc.co metrics.hotjar.io munchkin.marketo.net 'self' adservice.google.com analytics.google.com api.amcreativemedia.com api.rankmath.com data: secure.gravatar.com static.addtoany.com widgets.wp.com ws-assets.zoominfo.com ws.zoominfo.com wss://ws.hotjar.com pipedream.wistia.com cdn.jsdelivr.net snap.licdn.com api.fbanalytics.org js.adsrvr.org pixel-config.reddit.com public-api.wordpress.com px.ads.linkedin.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com js.zi-scripts.com region1.analytics.google.com secure.adnxs.com s.ml-attr.com fg8vvsvnieiv3ej16jby.litix.io s0.wp.com scout-cdn.salesloft.com scout.salesloft.com o248881.ingest.us.sentry.io directory.cookieyes.com www.google.com a.clarity.ms apis.google.com b.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms reliaquest.com s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms www.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms ad.doubleclick.net o4505518331658240.ingest.us.sentry.io intentstream.contanuity.com www.google.co.uk d.clarity.ms stats.g.doubleclick.net; script-src-elem static.elfsight.com snap.licdn.com static.addtoany.com static.hotjar.com widgets.wp.com ws-assets.zoominfo.com www.buzzsprout.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com 'self' ajax.googleapis.com analytics.tiktok.com apis.google.com blob: browser.sentry-cdn.com cdnjs.cloudflare.com code.jquery.com data: fast.wistia.com fast.wistia.net go.reliaquest.com j.6sc.co js.adsrvr.org js.driftt.com js.sentry-cdn.com js.zi-scripts.com munchkin.marketo.net nexus.ensighten.com public-api.wordpress.com script.hotjar.com stats.wp.com 'unsafe-inline' cdn.jsdelivr.net scout-cdn.salesloft.com c0.wp.com s0.wp.com abm-tracking.demandscience.com bat.bing.com www.reliaquest.com www.clarity.ms tracking.contanuity.com media-library.cloudinary.com match.prod.bidr.io; script-src blob: cdnjs.cloudflare.com code.jquery.com fast.wistia.net go.reliaquest.com j.6sc.co js.driftt.com js.sentry-cdn.com munchkin.marketo.net nexus.ensighten.com scout-cdn.salesloft.com script.hotjar.com static.addtoany.com static.hotjar.com ws-assets.zoominfo.com www.buzzsprout.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'self' stats.wp.com cdn.jsdelivr.net snap.licdn.com 'unsafe-eval' 'unsafe-inline' www.youtube.com js.zi-scripts.com js.adsrvr.org bat.bing.com abm-tracking.demandscience.com www.clarity.ms browser.sentry-cdn.com match.prod.bidr.io; style-src-elem cdn.jsdelivr.net cdnjs.cloudflare.com fast.wistia.com go.reliaquest.com 'self' 'unsafe-inline' blob: fonts.googleapis.com widgets.wp.com www.googletagmanager.com www.gstatic.com c0.wp.com s0.wp.com www.reliaquest.com; worker-src 'self' blob:; font-src 'self' c0.wp.com cdnjs.cloudflare.com data: fast.wistia.com fast.wistia.net script.hotjar.com themes.googleusercontent.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com at.alicdn.com chrome-extension moz-extension ms-browser-extension s0.wp.com s1.wp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com; frame-src 'self' fast.wistia.net go.reliaquest.com js.driftt.com rqweb.wistia.com static.addtoany.com wordpress.com www.buzzsprout.com www.google.com www.googletagmanager.com challenges.cloudflare.com www.youtube.com insight.adsrvr.org.x.0e6c10bb0b5bf04a010bfe60c50fd88d9534.9270fc52.id.opendns.com insight.adsrvr.org match.adsrvr.org widgets.wp.com wp.freemius.com reliaquest.jifflenow.com td.doubleclick.net; img-src phosphor.utils.elfsightcdn.com 'self' b.6sc.co blob: cdnjs.cloudflare.com data: driftt.imgix.net embed-fastly.wistia.com embed-ssl.wistia.com fast.wistia.net fonts.gstatic.com media.giphy.com pixel.wp.com reliaquest.com secure.gravatar.com static.elfsight.com stats.g.doubleclick.net survey-images.hotjar.com www.buzzsprout.com www.google-analytics.com www.google.com www.googletagmanager.com www.linkedin.com fast.wistia.com en.wordpress.com px.ads.linkedin.com px4.ads.linkedin.com adservice.google.com secure.adnxs.com s.ml-attr.com attr.ml-api.io c0.wp.com rqstg.wpengine.com bat.bing.com c.bing.com js.driftt.com wpengine.com www.reliaquest.com c.clarity.ms www.itgovernance.co.uk www.webtoffee.com www.google.co.uk res.cloudinary.com; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://reliaquest.report-uri.com/r/d/csp/wizard 2 frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 2 default-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; script-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://*.ada.support https://*.bing.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.launchdarkly.com https://optimize.google.com https://www.googleoptimize.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.pdst.fm https://tracker.adreadyclick.com https://www.googleadservices.com https://cdn.pbbl.co https://websdk.appsflyer.com https://banner.appsflyer.com https://www.youtube.com https://creatives-cdn.appsflyer.com https://googleads.g.doubleclick.net https://www.google.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://cdn.jsdelivr.net https://pixel.mathtag.com https://collector-20545.tvsquared.com https://*.google.com/; style-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://optimize.google.com https://cdn.jsdelivr.net https://banner.appsflyer.com https://creatives-cdn.appsflyer.com; frame-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://www.facebook.com https://cdn.pbbl.co https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://dend6g4sigg57.cloudfront.net https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com https://pixel.mathtag.com https://collector-20545.tvsquared.com; connect-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://*.ada.support https://stats.g.doubleclick.net https://www.google-analytics.com https://*.bing.com https://bam.nr-data.net https://www.facebook.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://us-central1-adaptive-growth.cloudfunctions.net https://8jq0hovjeg.execute-api.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://5mky5td3g9.execute-api.us-east-1.amazonaws.com https://participant.connect.us-east-1.amazonaws.com https://wa.onelink.me https://wa.appsflyer.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://*.google.com/; img-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://secure.gravatar.com https://m1.com data: https://m1.com https://*.bing.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google.com https://www.googletagmanager.com https://optimize.google.com https://trkn.us https://t.co https://www.facebook.com https://secure.adnxs.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://analytics.twitter.com https://pixel.mathtag.com https://collector-20545.tvsquared.com https://banner.appsflyer.com https://creatives-cdn.appsflyer.com https://cdnappicons.appsflyer.com https://impressions.onelink.me https://*.google.com/; font-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com https://fonts.googleapis.com https://fonts.gstatic.com data: https://www.googletagmanager.com https://optimize.google.com https://cdn.appsflyer.com; object-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; media-src 'self' *.m1finance.dev *.m1.dev *.m1finance.com m1.com m1finance.lndo.site https://secure.adnxs.com https://acdn.adnxs.com https://ib.adnxs.com *.m1.com https://*.launchdarkly.com https://www.google.com/ dev-m1finance.pantheonsite.io test-m1finance.pantheonsite.io live-m1finance.pantheonsite.io projkadence-m1finance.pantheonsite.io https://googleads.g.doubleclick.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io https://intercom-sheets.com https://static.intercomassets.com; 2 frame-ancestors 'self' gather.town; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob:;frame-ancestors 'self' http://localhost:3000 https://the-gui.testing.nxt.zone https://the-gui.staging.nxt.zone/ https://the-gui.production.nxt.zone/ https://the-gui.cloud 2 form-action 'self' https://ipnpb.sandbox.paypal.com https://ipnpb.paypal.com https://checkout.stripe.com; connect-src 'self' https://analytics.freedom.press https://checkout.stripe.com https://cdn.jsdelivr.net https://pressfreedomtracker.us https://media.freedom.press; media-src 'self' https://media.freedom.press; frame-ancestors 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run https://commerce.coinbase.com/ https://boards.greenhouse.io; object-src 'self' https://media.freedom.press; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://boards.cdn.greenhouse.io https://commerce.coinbase.com/; frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://boards.greenhouse.io https://commerce.coinbase.com/; default-src 'self'; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://pressfreedomtracker.us https://s5-recruiting.cdn.greenhouse.io https://media.freedom.press; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://*.optimizely.com https://www.mdon-line.com/ https://inovalon.canto.com; 2 frame-ancestors 'self'; base-uri 'self'; form-action teufel.de zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com payments.amazon.de *.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu service.teufel.de supportb2b.teufel.de *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.contentsquare.net *.contentsquare.com teufelaudio.at teufel.ch teufelaudio.fr teufelaudio.nl teufelaudio.be teufelaudio.es teufelaudio.it cz.teufelaudio.com dk.teufelaudio.com ee.teufelaudio.com fi.teufelaudio.com gb.teufelaudio.com gr.teufelaudio.com hr.teufelaudio.com hu.teufelaudio.com ie.teufelaudio.com li.teufelaudio.com lt.teufelaudio.com lu.teufelaudio.com lv.teufelaudio.com no.teufelaudio.com pt.teufelaudio.com se.teufelaudio.com si.teufelaudio.com sk.teufelaudio.com teufelaudio.pl us.teufelaudio.com 'self' 2 frame-ancestors same; report-uri /report-csp-violation 2 upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src 'self' api.personio.de/recruiting/applicant px.ads.linkedin.com/wa/ px.ads.linkedin.com/attribution_trigger googleads.g.doubleclick.net adservice.google.com/pagead *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr *.google.ae *.google.co.ma *.google.ie *.google.fi *.google.com.br *.google.com.vn analytics.google.com/g/collect www.google-analytics.com region1.analytics.google.com region1.google-analytics.com/g/collect stats.g.doubleclick.net/g/collect stats.g.doubleclick.net/j/collect region1.analytics.google.com/g/collect maps.googleapis.com www.facebook.com/tr/ *.clarity.ms/collect bat.bing.com/actionp/0 stats.jtl-software.de/matomo.php crm.jtl-software.de consent.jtl-software.de;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ *.google.com *.google.de *.google.at *.google.ch *.google.pl *.google.es *.google.nl *.google.co.uk *.google.com.tr *.google.it *.google.fr *.google.co.in *.google.com.ua *.google.dk *.google.lu *.google.co.th *.google.pt *.google.be *.google.cz *.google.com.pk *.google.gr *.google.ru *.google.ba *.google.hu *.google.se *.google.com.cy *.google.com.eg *.google.bg *.google.ro *.google.lt *.google.co.jp *.google.rs *.google.co.id *.google.com.au *.google.hr *.google.ae *.google.co.ma *.google.ie *.google.fi *.google.com.br *.google.com.vn www.google-analytics.com stats.g.doubleclick.net/g/collect wwww.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/insight.min.js www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/ www.googletagmanager.com/debug/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz www.clarity.ms/s/ bat.bing.com/bat.js bat.bing.com/p/action/56224185.js stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js blob:; 2 frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 2 base-uri 'none'; font-src 'self' https: data:; form-action 'self' https://www.formstack.com; frame-ancestors 'self'; img-src 'self' data: https://res.cloudinary.com https://images.contentstack.io https://cdn.userway.org https://api.mapbox.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 2 base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3-us-west-2.amazonaws.com/b2bjsstore/b/L9NMMZHMQENW/reb2b.js.gz *.chilipiper.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com https://translate.googleapis.com https://js.partnerstack.com/v1/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js *.google.com *.googleoptimize.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.gstatic.com 1gbg1hfkyvry.statuspage.io *.profitwell.com *.wpengine.com *.ketchcdn.com *.ketchjs.com *.datadoghq-browser-agent.com *.sentry-cdn.com *.redditstatic.com s.pinimg.com ct.pinterest.com *.pinimg.com https://1gbg1hfkyvry.statuspage.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://js.stripe.com https://checkout.stripe.com https://ajax.googleapis.com https://*.quora.com https://ajax.googleapis.com *.uniqode.com https://storage.googleapis.com https://static.uniqode.com https://static.uniqode.com dna8twue3dlxq.cloudfront.net cdn.auth0.com *.privy.com static.ads-twitter.com *.twitter.com snap.licdn.com *.bing.com *.clarity.ms *.quora.com connect.facebook.net www.facebook.com *.typeform.com z.moatads.com cdnjs.cloudflare.com *.wistia.com src.litix.io *.wistia.net *.calendly.com *.salesloft.com *.zoominfo.com https://getrockerbox.com https://*.getrockerbox.com https://*.uniqode.com cdn.taboola.com trc.taboola.com ;child-src 'self' data: blob: https: *.profitwell.com www.youtube.com *.wistia.com *.privy.com *.calendly.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com;form-action https://www.uniqode.com https://intercom.help https://api-iam.intercom.io https://www.facebook.com/tr/ *.pinterest.com *.profitwell.com *.sentry-cdn.com;frame-ancestors 'self';style-src 'self' 'unsafe-inline' *.uniqode.com https://www.gstatic.com *.wpengine.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css storage.googleapis.com *.privy.com s.pinimg.com ct.pinterest.com fonts.googleapis.com *.calendly.com tagmanager.google.com *.google.com fast.wistia.com *.profitwell.com;img-src * 'self' data: blob: https:;font-src 'self' data: blob: https: https://*.wistia.com fonts.gstatic.com storage.googleapis.com static.uniqode.com static.uniqode.com optimize.google.com https://js.intercomcdn.com https://fonts.intercomcdn.com *.profitwell.com;media-src 'self' data: blob: https: *.youtube.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://js.intercomcdn.com *.profitwell.com; object-src 'none' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://smartcaptcha.yandexcloud.net https://www.google.com https://www.gstatic.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net mc.yandex.ru mc.yandex.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net *.roistat.com tech.rtb.mts.ru qoopler.ru use.fontawesome.com app.diagrams.net viewer.diagrams.net nonce-OyGAnHWb_T3KqdSo1s6Xhg; frame-src 'self' ipeye.ru docs.google.com https://www.youtube.com https://www.youtube-nocookie.com/ mc.yandex.ru mc.yandex.com https://www.google.com https://smartcaptcha.yandexcloud.net; img-src 'self' data: i.ytimg.com api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yandex.ru mc.yandex.ru mc.yandex.com; 2 frame-ancestors https://cms-prod.brxm.grandvision.io 2 frame-ancestors 'self' https://translate.google.com 2 default-src 'self' https://www.google.com/ https://code.jquery.com/jquery-3.6.0.min.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.savoirfairelinux.com https://piwik.savoirfairelinux.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/ https://code.jquery.com/jquery-3.6.0.min.js; style-src 'self' 'unsafe-inline' https://www.savoirfairelinux.com https://fonts.googleapis.com https://code.jquery.com/jquery-3.6.0.min.js; img-src 'self' data: https://www.savoirfairelinux.com; font-src 'self' https://fonts.gstatic.com https://www.savoirfairelinux.com; media-src 'self' data:; object-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' https://piwik.savoirfairelinux.net; 2 upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: http://c.statcounter.com https://www.google.com http://www.google.com http://csi.gstatic.com http://localhost:29838; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2 frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com *.medical-xprt.com medical-xprt.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com braintree-api.com *.braintree-api.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com cardinalcommerce.com *.cardinalcommerce.com paypal.com *.paypal.com *.d35rpq4gusjz9h.cloudfront.net d35rpq4gusjz9h.cloudfront.net americanexpress.com *.americanexpress.com; frame-ancestors 'self' *.environmental-expert.com *.xprt.com *.agriculture-xprt.com *.energy-xprt.com *.medical-xprt.com environmental-expert.com xprt.com agriculture-xprt.com energy-xprt.com medical-xprt.com 2 default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de cdn.jsdelivr.net player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/ https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.fakeshop-finder.de warnung.fakeshop-finder.de www.verbraucherzentrale-niedersachsen.de www.verbraucherzentrale-niedersachsen.de; object-src 'self' cdn.jsdelivr.net *.verbraucherzentrale.de; 2 frame-ancestors 'self' https://manage.hcinnovationgroup.com https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 2 default-src 'none'; object-src 'none'; script-src 'self' https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud; style-src 'self' 'unsafe-inline' https://*.chargebee.com https://*.chargebeestatic.com; img-src 'self' data: https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com https://*.openproject.org https://openproject.org; media-src 'self' data: https://*.openproject.org https://openproject.org https://openproject-docs.s3.eu-central-1.amazonaws.com; frame-src 'self' https://js.chargebee.com https://www.youtube-nocookie.com https://*.chargebee.com https://*.chargebeestatic.com https://openproject.matomo.cloud https://opf.github.io; font-src 'self'; connect-src 'self' https://api.github.com/repos/opf/openproject https://*.openproject.com https://*.openproject.org https://openproject.matomo.cloud 2 frame-ancestors 'self' https://frida.main.messefrankfurt.com/ 2 default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 2 frame-ancestors 'self' https://*.optimizely.com; default-src 'self'; worker-src data:; font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.sharepointonline.com https://www.shopperapproved.com data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' https: data: https://*.optimizely.com; connect-src https: wss://*.hotjar.com https://*.optimizely.com; frame-src 'self' https://*.hotjar.com https://*.snapchat.com https://*.facebook.com https://*.trustpilot.com https://*.greenhouse.io https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.typeform.com https://*.optimizely.com https://*.doubleclick.net https://play.vidyard.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: chrome-extension:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data: blob: about:; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; object-src 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss: blob:; worker-src 'self' https: data: blob:; manifest-src 'self'; default-src 'self' 2 frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com 2 base-uri 'self';connect-src 'self' *.youtube.com albis-bot-backend-service-gj4kqfil6q-uc.a.run.app *.bugsnag.com *.vemcount.com *.vemcount.app vemcount.app ws://127.0.0.1:6001 wss://127.0.0.1:6001 https://*.s3.eu-central-1.amazonaws.com;form-action 'self' *.vemco.group;img-src 'self' data: tecbrain.com img.youtube.com www.gravatar.com *.eu-central-1.amazonaws.com *.meetsigma.io *.vemcogroup.com *.vemcount.com vemcount.com *.vemcount.app vemcount.app vem-assist-cdn.vercel.app;media-src 'self' *.eu-central-1.amazonaws.com;object-src 'none';script-src 'self' vemassist.albisai.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.bunny.net 2 frame-ancestors nuinvest.com.br *.nuinvest.com.br nubank.com.br *.nubank.com.br 2 frame-ancestors 'self' *.ariba.com *.gn.com 2 frame-ancestors https://*.pironet-ndh.com:4433 'self' 2 connect-src 'self' *.google-analytics.com *.doubleclick.net *.consentmanager.net *.dynamics.com *.lanxess.com *.etracker.de maps.googleapis.com directline.botframework.com wss://directline.botframework.com;default-src 'self' fonts.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.bayferrox.com *.lanxess.com *.linkedin.com media.bayferrox.com;frame-ancestors 'self' https://*.etracker.com;frame-src 'self' *.lanxess.com *.youtube-nocookie.com *.vimeo.com *.youtube.com *.investis.com digitizer.app *.equitystory.com *.vara-services.com vara-services.com *.dynamics.com towercam.cologne *.linkedin.com pmr.lanxess.com pmr.lanxess.de www.aplf.com vidicast.de iframe.cvwarehouse.com xms.deutsche-boerse.com;img-src 'self' data: *.google-analytics.com * *.linkedin.com *.google.com *.google.de *.consentmanager.net *.vimeocdn.com *.lanxess.com;media-src 'self' media.lanxess.com data:;script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com * 'unsafe-eval' *.licdn.com *.consentmanager.net *.lanxess.com;style-src 'self' 'unsafe-inline' *.lanxess.com fonts.googleapis.com; 2 default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' js.monitor.azure.com disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' wsstatic.servmetric.com cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' uksouth-1.in.applicationinsights.azure.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: ; worker-src 'none'; 2 frame-ancestors https://manage.scienceandmedicinegroup.com/ 2 frame-ancestors: 'none' 2 frame-src 'self' *.adguard.com *.adguard-vpn.com *.adguard-dns.com *.adguard-dns.io *.hcaptcha.com 2 frame-ancestors 'self' *.luxair.lu *.luxairtours.lu 2 default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://static.hotjar.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js-na1.hs-scripts.com https://snap.licdn.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net; img-src 'self' 'unsafe-inline' https://res.cloudinary.com https://teamtailor-production.s3.eu-west-1.amazonaws.com https://critizr-test.ams3.cdn.digitaloceanspaces.com https://assets.critizr.staging.verveagency.com https://assets.goodays.prod.verveagency.com https://images.teamtailor-cdn.com https://www.google.com https://www.google.nl https://track.hubspot.com https://perf-na1.hsforms.co https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://admin.goodays.co/ https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net; 2 frame-src 'self' https://www.recaptcha.net/ https://*.youtube.com; frame-ancestors 'self' https://*.krka.si https://*.ezdravje.com https://*.edit.krkawp https://*.final.krkawp; object-src 'none'; 2 frame-ancestors 'self' cdn.matrixlms.com 2 object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 2 frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.civiccomputing.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.ytimg.com https://dl.episerver.net https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.googleadservices.com https://www.recaptcha.net https://hello.myfonts.net https://widget.surveymonkey.com https://www.surveymonkey.com https://prod.smassets.net; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: tel:; frame-ancestors 'self' https://*.glgresearch.com; frame-src 'self' *.buzzsprout.com https://*.marketo.com https://*.mktoresp.com https://*.google.com https://*.doubleclick.net https://*.zoominfo.com https://www.googletagmanager.com https://player.vimeo.com *.youtube-nocookie.com *.youtube.com *.greenhouse.io; report-uri https://external-webhooks.glgresearch.com/content-security-policy-logs/; 2 frame-ancestors 'self' https://hotelnetsolutions.de 2 default-src 'self'; img-src 'self' data: https://im16.inviewer.se https://mfstatic.com https://i3.ytimg.com https://cdn.cookielaw.org https://matomo.internetstiftelsen.se https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://mfstatic.com https://cdn.jsdelivr.net https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://*.onetrust.com https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://mfstatic.com https://*.internetstiftelsen.se https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://im16.inviewer.se https://*.mediaflow.com https://api.friendlycaptcha.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' https://internetstiftelsen.confetti.events https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; frame-ancestors 'self'; media-src 'self' https://*.libsyn.com 2 frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 2 default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/eneco/client/v2/sounds/beep.mp3;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com www.clarity.ms/tag/uet/23001835 cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl pagead2.googlesyndication.com www.google.com/recaptcha/api.js www.gstatic.com *.googletagmanager.com *.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js d10lpsik1i8c69.cloudfront.net tools.luckyorange.com s.pinimg.com ct.pinterest.com www.reddit.com ads.reddit.com www.redditstatic.com tdn.r42tag.com api.salesfeed.com d3or5d0jdz94or.cloudfront.net static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com js.monitor.azure.com/scripts/b/ai.config.1.cfg.json ib.adnxs.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com www.google.com adservice.google.com googleads.g.doubleclick.net www.googleadservices.com stm.eneco.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io content.hotjar.io d.lemonpi.io cdn.linkedin.oribi.io/partner/533658/domain/acc.eneco.nl/token cdn.linkedin.oribi.io/partner/533658/domain/eneco.nl/token px.ads.linkedin.com settings.luckyorange.com settings.luckyorange.net *.visitors.live pubsub.googleapis.com api.luckyorange.com ct.pinterest.com www.reddit.com www.redditstatic.com conversions-config.reddit.com pixel-config.reddit.com/pixels/t2_8g9fz7r66/config d3or5d0jdz94or.cloudfront.net collect.kosi-analytics.io analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com api.usabilla.com;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net https://static.duurzaamwonen.eneco.nl https://edw-test.ams3.digitaloceanspaces.com www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl ade.googlesyndication.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com d10lpsik1i8c69.cloudfront.net ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com t.svtrd.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com w.usabilla.com d6tizftlrpuof.cloudfront.net img.youtube.com;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com *.hotjar.com d6tizftlrpuof.cloudfront.net;style-src 'self' 'unsafe-inline' *.hotjar.com d6tizftlrpuof.cloudfront.net;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net www.google.com vars.hotjar.com ct.pinterest.com t.svtrd.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 2 frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com *.austrian.com; script-src *.exactag.com *.quantummetric.com *.monetate.net *.doubleclick.net *.googleadservices.com *.tiqcdn.com *.tealiumiq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.usabilla.com *.artefact.com *.skyscanner.net *.skyscanner.net *.facebook.com *.facebook.net *.kayak.com *.amadeus.com *.lufthansa-group.com *.austrian.com *.lufthansa.com *.swiss.com *.brusselsairlines.com *.go-mpulse.net *.techlab-cdn.com *.instagram.com *.akamaihd.net *.akstat.io *.cloudfront.net *.cognigy.cloud *.googleapis.com *.gstatic.com *.sheerid.com *.meili.travel bat.bing.com *.dwin1.com lhopa01.custhelp.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; worker-src blob: *.lufthansa.com; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pagead2.googlesyndication.com https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://ade.googlesyndication.com https://www.googletagmanager.com https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://*.talentbrew.com; worker-src 'self' blob: ; 2 frame-ancestors 'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com https://platform.twitter.com https://anchor.fm https://airtable.com https://*.spotify.com https://checkout.freemius.com/; 2 default-src 'self' blob: data: *.apple.com; connect-src 'self' *.apple.com *.apple.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com; img-src 'self' data: *.apple.com; child-src 'self' support.apple.com apple.com km.support.apple.com; style-src 'self' 'unsafe-inline' *.apple.com; font-src 'self' data: *.apple.com 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://resources.genesys.com https://genesys.seismic.com https://know.genesys.com https://help.genesys.com https://*.contentsquare.net app.contentsquare.com; 2 frame-ancestors 'self' *.glasgowairport.com *.aberdeenairport.com *.southamptonairport.com 2 frame-ancestors https://app.contentful.com 2 default-src 'self' telit.com *.telit.com blob: bing.com *.bing.com licdn.com google-analytics.com *.google-analytics.com demandbase.com *.demandbase.com company-target.com *.company-target.com *.licdn.com *.recaptcha.net recaptcha.net gstatic.com *.gstatic.com google.com youtube-nocookie.com *.youtube-nocookie.com youtube.com *.youtube.com ggpht.com *.ggpht.com googleapis.com *.googleapis.com ytimg.com *.ytimg.com *.doubleclick.net googletagmanager.com *.googletagmanager.com pardot.com *.pardot.com osano.com *.osano.com *.sharethis.com sharethis.com driftt.com *.driftt.com oribi.io *.oribi.io linkedin.com *.linkedin.com rlcdn.com *.rlcdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat gravatar.com *.gravatar.com w.org *.w.org wpengine.com *.wpengine.com yoast.com *.yoast.com jsdelivr.net *.jsdelivr.net wistia.com *.wistia.com helpscout.net *.helpscout.net *.litix.io litix.io cloudfront.net *.cloudfront.net *.devmobo.com cinterion.com *.cinterion.com securityscorecard.com *.securityscorecard.com *.googlesyndication.com googlesyndication.com *.facebook.net *.facebook.com *.alicdn.com *.typekit.net *.vimeo.com *.indeed.com *.killadsapi.com *.zi-scripts.com *.zoominfo.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://telit-newsletter.devmobo.com/l.php; base-uri 'self';frame-ancestors 'self' 2 frame-ancestors 'self' *.webex.com 2 default-src 'self' static.dnsbelgium.be; media-src 'self' www.youtube.com youtu.be vimeo.com player.vimeo.com static.dnsbelgium.be; script-src 'self' cookie.wieni.be www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com 'sha256-n0qo0a+uNS3EBowOxlDJeqRRacNxVgew48Omj0IYROY=' api.usersnap.com resources.usersnap.com widget.usersnap.com cdn.usersnap.com 'sha256-3UZnJiUmLKDbXEjPsm9EHc0R7InC5uAtj5O1u68mBzM=' 'sha256-9JLcNkvDbyx27cZsDQUfhAXctCUn8uKZhZo7K5s+cZY=' 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net www.youtube.com s.ytimg.com static.dnsbelgium.be snap.licdn.com www.toll-net.be/h5p/wp-content/plugins/h5p/h5p-php-library/js/h5p-resizer.js https://cdn.matomo.cloud/dnsbelgium.matomo.cloud/matomo.js s.pointerpro.com survey.dnsbelgium.be pagead2.googlesyndication.com 'sha256-7b0CKEQkvadz7B/pYgEMs74upd57DoxBlXRIWY8pdRg=' 'sha256-XlGJBFdn9wZ3QRSQmE5hz2h94YBoRCV09VOA9PNwEc4=' 'sha256-7jDSgL9/dTEn7w83QbKH2DxAZSXWTe5+pNgp0l6xaGI=' 'sha256-cyhAnyf/da35tv9DMBPcWxiXKF8KRetd7+NRa8ylykg=' 'sha256-A3Dbl/cByN6GbFswAlXt66hMeUW5GNI1G4g6LzsRv0o=' 'sha256-0RBExtvEZO5CsGJ2YygQGmydb+opVDaeBuMtzkrktFw='; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com cookie.wieni.be tagmanager.google.com use.fontawesome.com; img-src wmimages.dnsbelgium.be 'self' data: www.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.usernap.com www.countryflags.io static.dnsbelgium.be www.facebook.com i.ytimg.com *.ads.linkedin.com imgsct.cookiebot.com; font-src 'self' data: use.fontawesome.com fonts.gstatic.com; frame-src 'self' www.google.com maps.google.com www.youtube.com player.vimeo.com notfound-static.fwebservices.be *.youtube-nocookie.com consentcdn.cookiebot.com calendar.google.com accounts.google.com *.medialaancdn.be www.facebook.com www.toll-net.be s.pointerpro.com https://flo.uri.sh/ survey.dnsbelgium.be datawrapper.dwcdn.net e.infogram.com youtu.be; connect-src 'self' cookie.wieni.be www.google-analytics.com widget.usersnap.com 'sha256-4YMvBqS3vvUrtHeUMQvHMMjdLUOlOHQOgs5s+Wxepkk=' consent.cookiebot.com consentcdn.cookiebot.com api.dnsbelgium.be webwhois.nic.vlaanderen webwhois.nic.brussels cdn.linkedin.oribi.io dnsbelgium.matomo.cloud pagead2.googlesyndication.com; worker-src 'self'; object-src 'self' 2 default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 2 default-src 'self'; script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com https://bi.force.com https://*.salesforceliveagent.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/ https://dl.episerver.net/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn.siteimprove.net/ https://ajax.googleapis.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://*.vo.msecnd.net/ https://player.vimeo.com/ https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js http://login.edialog24.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googleadservices.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.no/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://dl.episerver.net/ https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://web-sdk-eu.aptrinsic.com/api/ https://ucv.bynder.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://res.cloudinary.com/gobi-technologies-as/ blob: https://d.la2s-core1.sfdc-yzvdd4.salesforceliveagent.com/ https://bilogin.b2clogin.com/ https://portal.bi.no/ https://www.bi.no/ https://www.bi.edu/; style-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com https://bi.force.com https://d.la3-c1cs-cdg.salesforceliveagent.com/ https://d.la1-c1cs-cdg.salesforceliveagent.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://cdn-ukwest.onetrust.com/scripttemplates/ https://dl.episerver.net/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn.siteimprove.net/ https://ajax.googleapis.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://*.vo.msecnd.net/ https://player.vimeo.com/ https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js http://login.edialog24.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googleadservices.com/ https://www.google-analytics.com https://www.google.com/ https://www.google.no/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://d8ejoa1fys2rk.cloudfront.net/ https://d.la1-c1cs-fra.salesforceliveagent.com/ https://c.la1-c1-cdg.salesforceliveagent.com/ https://d.la1-c1-cdg.salesforceliveagent.com/ https://d.la3-c1-cdg.salesforceliveagent.com/ https://siteimproveanalytics.com/ https://dl.episerver.net/ https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://cdn.jsdelivr.net/; object-src 'none'; base-uri 'self'; connect-src 'self' https://bicx.secure.force.com/ https://static.lightning.force.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://id.siteimprove.com/ https://my2.siteimprove.com/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ http://play.google.com/ https://play.google.com/ https://www.google.com/ https://www.google.no/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://vimeo.com/ https://player.vimeo.com/ https://dc.services.visualstudio.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://d8ejoa1fys2rk.cloudfront.net/ https://sentry10.bynder.cloud/ https://media.bi.no/ https://jsonplaceholder.typicore.com/ https://easycruit.com/ https://api.gobistories.com/ https://media-proxy.gobistories.com/ https://pagead2.googlesyndication.com/ https://esp-eu.aptrinsic.com/rte/v1/configuration/ https://googleads.g.doubleclick.net/ https://easycruit.com/api/ https://www.easycruit.com/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/ https://res.cloudinary.com/gobi-technologies-as/ https://bilogin.b2clogin.com/ https://*.applicationinsights.azure.com; font-src 'self' data: https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu https://d8ejoa1fys2rk.cloudfront.net/ https://dl.episerver.net/ https://dhm5hy2vn8l0l.cloudfront.net/graphik/ https://dhm5hy2vn8l0l.cloudfront.net/lato/ https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/; frame-src 'self' https://bicx--compoc.sandbox.my.site.com/ https://bicx--compoc.sandbox.lightning.force.com/ https://bicx--compoc.sandbox.my.salesforce.com/ https://service.force.com/ https://bicx.secure.force.com https://bi.force.com http://play.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://5995713.fls.doubleclick.net/ https://my2.siteimprove.com/ https://bi.easycruit.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' https://www.bi.no/ https://www.bi.edu/ https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://6000471.global.siteimproveanalytics.io/ https://d2csxpduxe849s.cloudfront.net/ https://img.youtube.com/ https://i.ytimg.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.no/ https://dl.episerver.net/ https://media-proxy.gobistories.com/ https://cdn-ukwest.onetrust.com/ https://www.bynder.com/ https://ad.doubleclick.net/ http://www.w3.org/2000/svg/ https://res.cloudinary.com/gobi-technologies-as/ data:; manifest-src 'self'; media-src 'self' https://media-proxy.gobistories.com/ blob:; report-uri https://631adb1029ad77a9b5a12c7b.endpoint.csper.io/?v=0/; worker-src blob:; 2 object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 2 default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.lantmateriet.se http://*.lantmateriet.se https://wds.callguide.telia.com https://via.tt.se http://*.readspeaker.com blob: https://unpkg.com; img-src 'self' https://*.lantmateriet.se https://*.lm.se/ http://*.readspeaker.com https://js.arcgis.com/ https://via.tt.se/ https://recruit.visma.com https://matomo.lantmateriet.se https://*.episerver.net data: https://wds.ace.teliacompany.com https://www.gstatic.com https://translate.googleapis.com; frame-src 'self' mailto: http://*.lm.se https://via.tt.se https://*.lantmateriet.se https://wds.ace.teliacompany.com/ http://app-eu.readspeaker.com/ https://*.youtube.com https://*.screen9.com https://*.quickchannel.com http://lantmateriverket.mynewsdesk.com/; child-src 'self' blob: http://*.lm.se https://*.lantmateriet.se blob: https://wds.ace.teliacompany.com/ https://*.youtube.com https://*.quickchannel.com; 2 default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/ https://devicedatasubmissions.azurewebsites.net/api/Submit https://51degrees.tv/ch-test-api https://raw.githubusercontent.com/51Degrees/ https://raw.githubusercontent.com/actions/;font-src 'self';img-src 'self' data: http://images.51degrees.mobi https://images.51degrees.mobi https://51degrees.cachefly.net https://m.media-amazon.com https://raw.githubusercontent.com/51Degrees/;frame-src 'self' https://player.vimeo.com http://player.vimeo.com; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co https://analytics.discoverflow.co; form-action *; worker-src * blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss: data: blob: 2 default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 2 frame-ancestors https://connext.conti.de/; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 2 frame-ancestors 'self' *.bambuser.com 2 script-src healthy.spartanburgregional.com 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com https://www.googletagmanager.com app.ecwid.com siteimproveanalytics.com translate.google.com *.cloudfront.net https://builder.lift.acquia.com ecomm.events translate.googleapis.com https://www.discoverhealth.org https://translate-pa.googleapis.com js.adsrvr.org scripts.cip.healthgrades.com connect.facebook.net https://www.google-analytics.com https://discoverhealth.org bam.nr-data.net maps.googleapis.com www.google.com www.gstatic.com www.youtube.com *.epichosted.com https://www.googleadservices.com *.cloudflare.com *.jsdelivr.net bam.nr-data.net *.fontawesome.com solutions.invocacdn.com script-app.mercuryhealthcare.com widgets.mindbodyonline.com assets.healcode.com brandedweb.mindbodyonline.com https://srhs-cp.srhs.com https://app.truelook.cloud *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro; frame-src 'self' adfs.srhs.com www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io srhs-cp.srhs.com *.facebook.com https://app.truelook.cloud https://www.mealpro.net mealpro.net *.calendly.com *.azure.com https://calendly.com; child-src 'self' adfs.srhs.com www.youtube.com youtube.com *.adsrvr.org www.google.com *.webdamdb.com *.acquiadam.com *.flipsnack.com *.epichosted.com https://www.hapyak.com https://embed.mindstamp.io https://app.truelook.cloud *.calendly.com *.azure.com https://calendly.com *.piwik.pro; connect-src 'self' https://www.discoverhealth.org https://sessions.bugsnag.com *.lift.acquia.com app.ecwid.com/ ecomm.events https://www.google-analytics.com/ bam.nr-data.net stats.g.doubleclick.net maps.googleapis.com api.clockwisemd.com www.facebook.com *.webdamdb.com translate.googleapis.com *.fontawesome.com adfs.srhs.com https://analytics.google.com https://widgets.mindbodyonline.com https://srhs-cp.srhs.com https://us.perz-api.cloudservices.acquia.io *.truelook.cloud ws: *.loyalhealth.com *.calendly.com *.azure.com https://calendly.com *.monsido.com *.piwik.pro www.youtube.com 2 upgrade-insecure-requests; default-src 'self'; media-src 'self'; frame-src 'self' my.matterport.com https://matterport.com *.jkrenders.com *.tourmkr.com https://tourmkr.com *.pgtb.me *.cmpgn.page *.userway.org *.gradguard.com *.betterbot.com https://*.doubleclick.net/ https://*.googlesyndication.com https://*.google.com *.youtube.com *.hsforms.com *.hsforms.net https://*.hostedpayments.com www.facebook.com console.rul.ai https://*.redditstatic.com; script-src 'self' http://www.googleadservices.com/ *.cloudflare.com *.applicationinsights.azure.com *.cloudfront.net *.azure.com *.userway.org *.engine.betterbot.com *.betterbot.com *.gradguard.com *.userway.org *.tiktok.com https://*.redditstatic.com *.cookie-script.com *.jsdelivr.net https://*.reddit.com *.salesforce.com https://*.google.com https://*.gstatic.com *.googleapis.com connect.facebook.net js.hsforms.net px.ads.linkedin.com snap.licdn.com use.typekit.net www.facebook.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.youtube.com console.rul.ai 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.cloudfront.net *.userway.org *.betterbot.com fonts.googleapis.com *.typekit.net fast.fonts.net *.gstatic.com 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com use.typekit.net *.userway.org; connect-src 'self' *.azure.com *.betterbot.com *.tiktok.com *.pangle-ads.com *.userway.org *.cookie-script.com *.doubleclick.net/ *.googlesyndication.com *.google.com www.google-analytics.com *.googleapis.com stats.g.doubleclick.net forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cdn.linkedin.oribi.io console.rul.ai; img-src 'self' *.userway.org *.amazonaws.com *.reddit.com *.linkedin.com www.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com www.wirtgen-group.com data: *.gstatic.com p.typekit.net *.hsforms.com i.ytimg.com *.bluemod.us www.facebook.com px.ads.linkedin.com static.rul.ai www.linkedin.com; frame-ancestors 'self' *.cmpgn.page *.acctest.net *.userway.org https://renterswidget.gradguard.com *.gradguard.com *.americancampus.com https://*.acctest.net https://*.bluemod.us https://*.bluemod.me *.applicationinsights.azure.com *.pgtb.me *.tourmkr.com https://tourmkr.com 2 default-src 'none'; base-uri 'self'; frame-src 'self' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com *.google.gr; connect-src 'self' https://get-vpn.site *:888; font-src 'self' data: https://get-vpn.site; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: *.google.com *.google.gr https://get-vpn.site trustzoneurl.com trustzonepost.xyz stats.g.doubleclick.net www.google-analytics.com *.twitter.com *.basemaps.cartocdn.com; manifest-src 'self' https://get-vpn.site; style-src 'self' 'unsafe-inline' https://get-vpn.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get-vpn.site trustzoneurl.com platform.twitter.com connect.facebook.net *.google-analytics.com *.twimg.com; report-uri https://trust.zone/_csp_log 2 default-src 'self';report-uri https://sentry.ladderlife.com/api/5/security/?sentry_key=256f94429c2e43ef8fadcb036d4c7e92 ;manifest-src https://ddw3p1oh0ex89.cloudfront.net;script-src https://*.adroll.com https://*.facebook.net https://sdk.twilio.com https://cdn.humanapi.co/ https://ekr.zendesk.com 'sha256-c7M5EaJ4WdOCgAf4VR5PNAIx8Tfot/Q3Nsu8lkLFXlU=' https://static.zdassets.com https://cdn.jsdelivr.net/fingerprintjs2/1.5.1/fingerprint2.min.js 'sha256-28pWGDRYnND+KcXkQSsC8a7TlpIi4HPpfQ4OvqTUNY8=' https://*.zopim.com 'sha256-ZKu42s6NuuaVSSaKshRcJFOs1ctAeLMINp2+/JEaBWM=' https://*.linkedin.com/ https://ddw3p1oh0ex89.cloudfront.net https://*.adnxs.com/ https://www.googletagmanager.com https://*.twitter.com https://app.getsentry.com https://*.g.doubleclick.net https://maps.googleapis.com https://*.plaid.com wss://ladderlife.zendesk.com https://cdn.pbbl.co https://*.googlesyndication.com https://ads.nextdoor.com/public/pixel/ndp.js https://collector-9169.us.tvsquared.com/tv2track.js 'sha256-+9xfK56z1o8LjCn+r6aZvibnWQ4slrvpI04piONRQ5U=' 'sha256-I4sssOimP4aqQ3guQTL1/GuKKN/qcNxjkHE09MYMLQA=' https://www.google-analytics.com/analytics.js https://*.bizographics.com/ https://*.newrelic.com https://ekr.zdassets.com https://bam.nr-data.net https://www.google.com https://qp.delty.io/q1/HdwFxDxD.js https://zendesk-eu.my.sentry.io https://cdn.cookielaw.org/scripttemplates/ wss://api.smooch.io 'sha256-Od08hzv9y6Vx8fH7Kz8bVZJpiAMT3DkJyoEjYXh4t50=' 'sha256-EhImtpQrxfrzkUueM3popkaGrI5KZmBuHLwfmTZTphA=' https://*.bing.com 'sha256-lpUhVVDo2EzRH5vTU08BulB+rpSke0YpGJ6ZmllJNys=' https://api.smooch.io https://qp.delty.io/q1/t/client.min.js https://media.smooch.io https://static.ads-twitter.com/uwt.js https://*.licdn.com/ 'sha256-a9K368kgMI7sk9t0Bk3PLOztxYxCDfIYzxgb6aA1dEg=' https://ladderlife.zendesk.com wss://voice-js.roaming.twilio.com 'sha256-LROnOwSP0gZe2prEj+944RV8WJ3wSYUdpLr1amrGxFE=' https://*.googleadservices.com https://*.stripe.com https://eventgw.*.twilio.com;child-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;frame-src https://*.fls.doubleclick.net/ https://www.ladderlife.com https://*.choicescreening.com https://*.facebook.com https://www.youtube.com https://*.twitter.com https://*.g.doubleclick.net https://*.plaid.com https://track.adform.net https://*.googlesyndication.com https://www.emjcd.com https://connect.facebook.net https://hapi-connect.humanapi.co https://*.stripe.com;style-src https://ddw3p1oh0ex89.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';media-src https://static.zdassets.com https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net;img-src https://static.zdassets.com https://ddw3p1oh0ex89.cloudfront.net https: data: blob: https://accounts.zendesk.com https://*.zdusercontent.com https://media.smooch.io https://ladderlife.zendesk.com 'self';font-src https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net data: https://fonts.gstatic.com;connect-src https://www.google-analytics.com/ https://ekr.zendesk.com https://adservice.google.com https://eng.trkcnv.com/postBack https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net https://api.segment.io https://*.twitter.com https://maps.googleapis.com https://*.google.com https://www.facebook.com wss://ladderlife.zendesk.com https://stats.g.doubleclick.net/ https://*.googlesyndication.com https://ekr.zdassets.com https://cdn.cookielaw.org/ https://bam.nr-data.net https://www.google.com https://geolocation.onetrust.com/ wss://api.smooch.io https://*.bing.com https://stripe.com https://api.smooch.io https://sentry.ladderlife.com wss://*.zopim.com https://ladderlife.zendesk.com https://fonts.googleapis.com https://out.stashinvest.com/event https://*.stripe.com 'self' https://privacyportal.onetrust.com/;frame-ancestors https://banking.radiusbank.com/ https://*.lendingclub.com/; 2 upgrade-insecure-requests;block-all-mixed-content; 2 default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro pretalx.surf.nl 'unsafe-inline' 'unsafe-eval' *.vwo.com https://d5phz18u4wuww.cloudfront.net/vis_opt.js; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro surfnl.piwik.pro; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program https://app.vwo.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro surfnl.piwik.pro pretalx.surf.nl; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://abs.firstdedic.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.1dedic.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.chathost.ru/; frame-src 'self' https://abs.firstdedic.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors https://metrika.yandex.ru http://webvisor.com/; 2 default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.virtualearth.net ssl.ak.dynamic.tiles.virtualearth.net virtualearth.net *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.thunderhead.com thunderhead.com cookielaw.org *.netdirector.auto netdirector.auto onetrust.com *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.coreweave.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.netdirector.co.uk *.omtrdc.net *.onetrust.com *.pinimg.com *.pinterest.com *.podscribe.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net api.pureweb.io cdn.cookielaw.org collector-37690.tvsquared.com config.landrover.com cookie-cdn.cookiepro.com d34r8q7sht0t9k.cloudfront.net decibel.com global.stun.twilio.com jlr-360--ngcrm.sandbox.my.salesforce-scrt.com jlr-360--ngcrm.sandbox.my.site.com jlr-360.my.salesforce.com landroverusa.com ldti.syndication.kbb.com leasinglandrover.de pixel.tapad.com psyma.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com podscribe.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com wss://a3pm2e78krufa2-ats.iot.us-west-2.amazonaws.com wss://lo.msg.liveperson.net wss://o5fowqu27k.execute-api.us-west-2.amazonaws.com wss://umd.userlike.com wss://xbejkea53vcrjoora2bwxpvfha.appsync-realtime-api.us-west-2.amazonaws.com data: blob:; 2 2 frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://experience.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net *.brightmine.com 2 font-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self' *.lpsnmedia.net; frame-src 'self' data: *.magellanhealth.com *.lpsnmedia.net *.liveperson.net https: lpcdn.lpsnmedia.net; img-src 'self' data: *.lpsnmedia.net https: *.google-analytics.com *.googletagmanager.com; media-src 'self' blob: *.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lpsnmedia.net *.liveperson.net http: https: googletagmanager.com google-analytics.com pi.pardot.com; style-src 'self' 'unsafe-inline' http: https: use.fontawesome.com; font-src 'self' data: http: https: use.typekit.net; connect-src 'self' data: http: https: google-analytics.com analytics.google.com googletagmanager.com ws: va.msg.liveperson.net 2 default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 2 worker-src blob:; object-src *;script-src * 'unsafe-inline' 'unsafe-eval' 2 base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com fonts.googleapis.com gateway.foresee.com happy-hill-0c4c4691e.azurestaticapps.net p.typekit.net translate.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.tealiumiq.com *.tealiumiq.com *.youtube.com ajax.googleapis.com ajax.microsoft.com bam.nr-data.net cdnjs.cloudflare.com code.jquery.com commonspirit.experiencecloud.adobe.com experience.adobe.com gateway.foresee.com googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service-us-east-1.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com platform.twitter.com/js/ platform.twitter.com/widgets.js services.cognitoforms.com static.cognitoforms.com tags.tiqcdn.com tags.tiqcdn.com tpc.googlesyndication.com/sodar/ twemoji.maxcdn.com unpkg.com use.typekit.net www.cognitoforms.com www.googletagmanager.com; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube-nocookie.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleadservices.com/pagead/ *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com api.clearsensecloud.com assets.gyant.com bam.nr-data.net cdn.jotfor.ms d1ffafozi03i4l.cloudfront.net data: developers.google.com dpm.demdex.net googleads.g.doubleclick.net happy-hill-0c4c4691e.azurestaticapps.net i.ytimg.com login.commonspirit.org rtd-tm.everesttech.net s3.amazonaws.com static.cognitoforms.com syndication.twitter.com twemoji.maxcdn.com use.typekit.net www.google.com www.googletagmanager.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.foresee.com analytics.google.com api.ipify.org apiprod.commonspirit.org bam.nr-data.net brain.foresee.com commonspirit.sc.omtrdc.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com dpm.demdex.net fid.agkn.com fonts.googleapis.com happy-hill-0c4c4691e.azurestaticapps.net identity-api.commonspirit.org identity-func.commonspirit.org lasteventf-tm.everesttech.net login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com rxnav.nlm.nih.gov survey.foreseeresults.com translate.googleapis.com www.cognitoforms.com www.googletagmanager.com; default-src 'self' *.dignityhealth.org commonspirit.demdex.net commonspirit.tt.omtrdc.net dc.services.visualstudio.com happy-hill-0c4c4691e.azurestaticapps.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: gateway.foresee.com s3.amazonaws.com/assets.gyant.com/ use.typekit.net www.slant.co; 2 frame-ancestors 'self'; frame-src *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.versio.nl *.freshdesk.com *.freshchat.com *.typeform.com *.hsforms.com *.doubleclick.net *.yourhosting.nl *.cookiebot.com 2 upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com members.cj.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com map.brightcove.com assets.map.brightcove.com tags.srv.stackadapt.com members.cj.com; 2 script-src 'unsafe-eval' 'self' wss://*.zopim.com wss://*.hotjar.com *.api.friendlycaptcha.com *.jobsplice.com *.eu-api.friendlycaptcha.eu secure-ds.serving-sys.com *.goldenbees.fr *.botrecruiter.com *.evergage.com *.youtube-nocookie.com *.evgnet.com secure.adnxs.com *.criteo.net *.addthisedge.com *.ads-twitter.com *.infogram.com *.adnxs.com *.optimalworkshop.com *.audioboom.com secure-ds.serving-sys.com secure.adnxs.com *.acsbapp.com acsbap.com *.appcast.io *.bizographics.com *.bootstrapcdn.com *.bootstrapcdn.com *.browser-update.org *.cloudflare.com *.cloudfront.net *.cloudinary.com *.criteo.com *.eggplant.cloud *.fontawesome.com *.google.co.uk *.google.ie *.googleadservices.com *.indeed.com *.ionicframework.com *.jquery.com *.jsdelivr.net *.moatads.com *.npmcdn.com *.plyr.io *.recaptcha.net *.scorecardresearch.com *.serving-sys.com *.sndcdn.com *.unpkg.com *.vimeocdn.com *.ytimg.com *.zencdn.net *.zendesk.com *.hays.ie *.moatads.com *.sndcdn.com *.d3fw5vlhllyvee.cloudfront.net *.criteo.com vc.hotjar.io *.addthis.com *.outbrain.com *.licdn.com *.doubleclick.net acsbapp.com *.accesstrade.net *.googleadservices.com consent-or.trustarc.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com secure.imaginative-trade7.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data:;worker-src 'unsafe-eval' 'self' cdn.jsdelivr.net blob: 2 default-src 'self'; script-src 'self' https://platform.twitter.com/widgets.js https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://www.calendarwiz.com https://cdn.plot.ly https://players.brightcove.net https://analytics.brightcove.net https://kit.fontawesome.com https://s0.2mdn.net https://adservice.google.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ js.hs-scripts.com js.hsforms.net/ js.hs-analytics.net *.en25.com cdn.ampproject.org cbbb.realmagnet.land http://bbbprograms.org/Sitefinity/Authenticate/OpenID/assets/app.FormPostResponse.js https://tagmanager.google.com https://cdn.rlets.com https://bbbnp-bbbp-stf-use1-01.s3.amazonaws.com https://assets.bbbprograms.org/ https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/plotly-latest.min.js:61 *.crazyegg.com https://stats.g.doubleclick.net/j/collect https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json https://js.hsforms.net/forms/v2.js https://js.hs-banner.com/8712603.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.paypalobjects.com/ https://googleads.g.doubleclick.net/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/; style-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://www.calendarwiz.com https://cbbb.wufoo.com https://players.brightcove.net 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com http://bbbprograms.org https://assets.bbbprograms.org; font-src 'self' https://cloud.typography.com/ https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com http://www.calendarwiz.com https://players.brightcove.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/ https://bbbprograms.org/ https://assets.bbbprograms.org; img-src *.s3.amazonaws.com https://www.calendarwiz.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://secure-cf-c.ooyala.com http://cf.c.ooyala.com https://players.brightcove.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com clients1.google.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.coms https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://d3w4wo0n3briz3.cloudfront.net/ https://assets.bbbprograms.org/ https://track.hubspot.com/ https://px.ads.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://perf.hsforms.com/ https://p.adsymptotic.com/ https://px4.ads.linkedin.com/ https://analytics.google.com/; media-src http://cf.c.ooyala.com 'self' data: blob:; form-action 'self' https://cbbb.wufoo.com https://bbbprograms.org https://forms.hsforms.com/ https://js.hsforms.net/ https://desk.zoho.com/support/WebToCase; child-src https://www.google.com https://auto.bbbnp.org/ https://caru.bbbnp.org https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net http://imasdk.googleapis.com/ http://l.ooyala.com/ 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com https://privacyseals.bbbprograms.org/ web.facebook.com badge.stumbleupon.com https://js.hsforms.net/forms-next/shell-recaptcha https://applications.bbbprograms.org https://forms.hsforms.com/submissions/ https://bbbprograms.org blob: *.adobe.com/ https://assets.bbbprograms.org https://privacyinitiatives.bbbprograms.org https://privacyinitiatives.bbbnp.org; connect-src *.google-analytics.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net https://licensing.bitmovin.com https://metrics-api.librato.com 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://stats.g.doubleclick.net/ https://js.hs-banner.com/cookie-banner-public/v1/domain-collection https://ka-f.fontawesome.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/aafc1d80-12f1-408c-8344-a1ec382e57db.json.gz https://script.crazyegg.com/ https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/86a3b92f-d714-41db-b093-1a560633c100.json.gz https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://pagestates-tracking.crazyegg.com/ https://analytics.google.com/ https://assets.bbbprograms.org https://cdn.linkedin.oribi.io/ https://api.hubapi.com/hs-script-loader-public/; 2 frame-ancestors 'self' https://*.pt-x.com http://localhost:9999 https://*.emandates.co.uk 2 frame-ancestors 'self' https://splytech.io https://*.splytech.io 2 default-src * 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.prebanco.com.br *.adobedtm.com *.bing.com *.google.com *.google.com.br *.facebook.com *.facebook.net *.youtube.com *.youtube.com.br *.tiktok.com *.googleapis.com https://fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com static.ads-twitter.com *.doubleclick.net *.rybena.com.br *.navdmp.com t.co https://banco.bradesco *.bradesco.com.br *.banco.bradesco *.interneth.bradesco.com.br *.bradescopessoajuridica.com.br *.bradescocelular.com.br *.omny.fm *.ggpht.com *.ytimg.com https://turn2c-sandbox.com https://wa.onelink.me https://apps.sae1.pure.cloud *.virtualearth.net https://bancobradesco.tt.omtrdc.net https://dpm.demdex.net; img-src * 'self' data: https:; font-src * 'self' data:; 2 frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; report-uri /CSPEndpoint.aspx; report-to default; 2 default-src 'none';script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://app.usercentrics.eu https://cdn.attractify.io https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com widgets.trustedshops.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://fonic.novomind.com https://fonic-oat.novomind.com;style-src 'report-sample' 'self' 'unsafe-inline' https://app.usercentrics.eu https://tagmanager.google.com https://fonts.googleapis.com https://app.vwo.com;object-src 'self';base-uri 'self';connect-src 'self' https://dev.visualwebsiteoptimizer.com https://sentry.fonic.de https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://in.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io *.google-analytics.com *.analytics.google.com analytics.google.com https://fonic-iq.novomind.com https://fonic.novomind.com wss://fonic.novomind.com https://fonic-oat.novomind.com wss://fonic-oat.novomind.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://api.attractify.io widgets.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://api/maintenance_mode https://stats.g.doubleclick.net https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com *.hotjar.io data:;font-src 'self' script.hotjar.com https://fonts.gstatic.com data:;frame-src 'self' https://app.usercentrics.eu https://vars.hotjar.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://app.vwo.com/ https://td.doubleclick.net;img-src 'self' data: https://app.usercentrics.eu https://handyshop.fonic.de https://shop.fonic-mobile.de https://dev.visualwebsiteoptimizer.com https://app.vwo.com *.google-analytics.com *.analytics.google.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://widgets.trustedshops.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com https://script.hotjar.com data:;manifest-src 'self';media-src 'self';worker-src blob:;report-uri https://sentry.fonic.de/api/2/security/?sentry_key=38cf201186774063918a253e28caadce 2 default-src https: 'unsafe-inline'; object-src 'none'; media-src https: data: blob:; font-src https: data:; img-src https: data:; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dom101.mapres *.dom101.intres *.dom101.prdres hcaptcha.com *.hcaptcha.com *.tiqcdn.com my.tealiumiq.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.youtube.com youtube.com; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' hcaptcha.com *.hcaptcha.com *.tealiumiq.com *.2o7.net; img-src data: 'self' hcaptcha.com *.hcaptcha.com *.gravatar.com *.2o7.net *.googleapis.com *.groupebpce.fr *.intrabpce.fr; style-src 'self' hcaptcha.com *.hcaptcha.com 'unsafe-inline'; font-src data: 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self'; frame-src https: *; script-src-attr 'unsafe-inline'; worker-src *.bluecoat.com; 2 script-src 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; base-uri 'self'; child-src 'self'; frame-src 'self' https://www.paypal.com/ https://b.sbox.stats.paypal.com/ https://www.sandbox.paypal.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/; frame-ancestors 'self' 2 frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 2 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 2 frame-ancestors https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org 2 frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 2 Content-Security-Policy-Report-Only 2 frame-ancestors 'self' http://www.philips.com.au *.philips.com *.philips.com.au https://philipsigtdpv.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 2 default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 2 frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 2 frame-ancestors 'self' https://*.fun.com 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de 2 policy-definition 2 frame-ancestors 'self' https://p1-studio.emerson.com 2 default-src https:; font-src https: data:; frame-src https:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2 img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 2 script-src 'self'; 2 script-src 'unsafe-inline' 'self' 'unsafe-eval'; style-src * 'unsafe-inline' data: ; img-src * data: blob:; frame-src 'self' buildamerica.com creditsummaries.assuredguaranty.com *.lumesis.com munipoints.com www.munipoints.com; connect-src www.google-analytics.com 'self' ; default-src 'self' data:; report-uri /tmc/servlet/error/csp 2 frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 2 frame-ancestors 'self' https://storyblok.com https://*.storyblok.com 2 frame-ancestors 'self'; base-uri 'self' 2 frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com 2 default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https: blob:; report-uri /csp-violation-report/ 2 frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 2 default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 2 frame-ancestors "none" 2 default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 2 default-src https: wss: ; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; connect-src 'self' *; frame-src 'self' * 2 frame-ancestors https://*.wika.com/ 'self'; 2 frame-ancestors 'self' https://app.adrianflux.co.uk https://www.bikesure.co.uk 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarity.ms *.userway.org *.js.ubembed.com *.omappapi.com ajax.googleapis.com analytics.twitter.com assets.ubembed.com bat.bing.com cdn.funnelytics.io cdn.jsdelivr.net cdnjs.cloudflare.com content.resolver.com ct.capterra.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net i.tryinteract.com ipinfo.io jobs.jobvite.com js.chilipiper.com munchkin.marketo.net play.vidyard.com snap.licdn.com tags.clickagy.com *.zoominfo.com www.google-analytics.com www.google.ca www.google.com www.googleadservices.com www.googletagmanager.com z.moatads.com t.unbounce.com trust.bitsighttech.com qvdt3feo.com code.jquery.com js.zi-scripts.com tracking.g2crowd.com j.6sc.co *.stackadapt.com; style-src 'self' 'unsafe-inline' https: resolver.com cdn.jsdelivr.net cdnjs.cloudflare.com content.resolver.com fonts.googleapis.com i.tryinteract.com www.resolver.com ws.zoominfo.com ws-assets.zoominfo.com ipinfo.io d.clarity.ms *.clarity.ms jobs.jobvite.com app.ewebinar.com assets.ewebinar.com d3pkntwtp2ukl5.cloudfront.net tags.clickagy.com t.unbounce.com cdn.userway.org *.omappapi.com; img-src 'self' https: data: bat.bing.com www.googletagmanager.com ws.zoominfo.com ws-assets.zoominfo.com ipinfo.io *.clarity.ms jobs.jobvite.com app.ewebinar.com assets.ewebinar.com d3pkntwtp2ukl5.cloudfront.net t.unbounce.com googleads.g.doubleclick.net www.google.com www.google.ca px.ads.linkedin.com www.linkedin.com *.chilipiper.com; font-src 'self' https: data: fonts.gstatic.com content.resolver.com www.resolver.com www.resolver.com cdn.userway.org; media-src 'self' https:; form-action 'self' https:; frame-ancestors 'self'; object-src 'self'; frame-src 'self' https: jobs.jobvite.com quiz.tryinteract.com content.resolver.com 2 font-src *.olark.com mediacdn.espssl.com *.imi.chat *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.authorize.net destinilocators.com *.duosecurity.com *.olark.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com frontiercoop.widen.net *.olark.com lux.speedcurve.com mediacdn.espssl.com brxcdn.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.authorize.net js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com cdn.speedcurve.com acsbapp.com s.pinimg.com bat.bing.com ct.pinterest.com *.exponea.com *.imi.chat js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.zendesk.com *.widen.net *.widencdn.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com https://js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.olark.com mediacdn.espssl.com *.imi.chat *.klevu.com *.ksearchnet.com 'unsafe-inline' assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net tagmanager.google.com https://js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net bam.nr-data.net lux.speedcurve.com *.acsbapp.com acsbapp.com ct.pinterest.com bat.bing.com *.exponea.com facebook.com *.facebook.com *.imi.chat *.olark.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ; img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/ https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ https://widget.molin.ai/ https://www.googletagmanager.com https://fonts.gstatic.com https://ceginfo.hu/assets/images/ ; style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ; font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.mjs blob: 'self'; connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ https://lottie.host/18ceabf4-51c0-410e-8bce-1e1ee2924c57/gb9fKyPMO2.json https://widget.molin.ai/ https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ https://ep1.adtrafficquality.google/getconfig/ ; frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ https://securepubads.g.doubleclick.net/ ; worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ; media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 2 frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com unsafe-inline assets.braintreegateway.com static.ecorebates.com 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.ecorebates.com hayward.ecorebates.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net https://mavenoidfiles.com/ https://mavenoid.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: https://haywardpools.tfaforms.net/72 fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com haywardpools.tfaforms.net *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com static.ecorebates.com data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect https://widget-hosts.mavenoid.com https://app.mavenoid.com https://api.mavenoid.com/ https://mavenoidfiles.com/ https://mavenoid.com/ https://commerce.hayward-pool-assets.com/magento/ https://haywardpools.tfaforms.net/72 dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com api.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; 2 frame-ancestors 'self' *.martech.zone 2 script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src * data: blob: 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; img-src * data: blob: 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src * data: blob: 'unsafe-inline' https://fonts.gstatic.com; frame-src * data: blob: https://optimize.google.com; 2 frame-ancestors 'self' *.xcatalyst.com *.authorize.net 2 frame-ancestors 'self' https://app.kontent.ai; 2 base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 2 frame-ancestors 'self' https://*.devsite.spin.ro https://bingo-sw360.pragmaticplay.net 2 default-src https: 'unsafe-inline' 'unsafe-eval' https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com; connect-src 'self' https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com bots.kore.ai wss://rtm.kore.ai *.clarity.ms analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net api.trafficguard.ai; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com fonts.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.doubleclick.net *.useinsider.com *.api.useinsider.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com marketing.rcbcbankard.com www.google.com www.google.com.ph www.google-analytics.com https://stats.g.doubleclick.net www.facebook.com lh.trafficguard.ai https: data:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com *.googleadservices.com www.google.com www.google-analytics.com tgtag.io www.googletagmanager.com www.gstatic.com apis.google.com connect.facebook.net bots.kore.ai; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com *.clarity.ms *.facebook.net *.googleadservices.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.facebook.neti tgtag.io; worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; object-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; 2 default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' data: blob: 2 default-src 'self' https://optimize.google.com; frame-src 'self' data: bytedance: sslocal: https://*.pinterest.com https://www.pinterest.nz https://*.criteo.com https://oc-assets.klarnaservices.com https://*.api.useinsider.com https://*.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.trustpilot.com; script-src 'self' data: https://*.adsrvr.org https://*.adunion.com.au https://t.cfjump.com https://*.criteo.com https://*.criteo.net https://oc-library.klarnaservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.api.useinsider.com https://*.useinsider.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.nzsale.co.nz https://*.ozsale.com.au https://*.singsale.com.sg https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com https://*.openpay.com.au/ https://*.trustpilot.com https://tools.luckyorange.com analytics.tiktok.com https://*.roeyecdn.com https://*.zip.co https://zip.co 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.google.com; style-src 'self' https://*.klarnacdn.net https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://*.googleapis.com https://*.api.useinsider.com https://*.useinsider.com https://*.zip.co 'unsafe-inline'; font-src 'self' data: https://*.api.useinsider.com/ https://*.useinsider.com/ https://font.static.useinsider.com/ https://static.zipmoney.com.au https://*.klarnacdn.net https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://*.zip.co https://roktcdn1.akamaized.net; connect-src 'self' https://*.adunion.com.au https://*.adsrvr.org https://*.criteo.com https://*.klarnaservices.com https://*.useinsider.com https://*.api.useinsider.com https://*.g.doubleclick.net https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbcb.nzsale.co.nz wss://fbcb.identitydirect.com.au https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://*.identitydirect.com.au https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://*.useinsider.com https://*.visa.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.useinsider.com; 2 base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 2 frame-ancestors 'self' *.hexia.io *.zigtools.nl *.zig365.nl 2 default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *; navigate-to *; connect-src *; 2 style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com static.cinepolis.com stage-modernizacion.cinepolis.com fonts.googleapis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com blob: api.mapbox.com events.mapbox.com; "default-src" 'script-src' 'self' stage.cinepolis.com static.cinepolis.com stage-modernizacion.cinepolis.com localhost tpc.googlesyndication.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com data: securepubads.g.doubleclick.net pagead2.googlesyndication.com google.com csi.gstatic.com analytics.google.com/g/collect www.google-analytics.com/collect www.google-analytics.com/j/collect www.google.com/ads/measurement/l stats.g.doubleclick.net/j/collect dynatrace.com js-cdn.dynatrace.com https://js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js https://bf87178acl.bf.dynatrace.com/ bf87178acl.bf.dynatrace.com https://js-cdn.dynatrace.com/ https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com google-analytics.com/ stage-modernizacion.cinepolis.com.gt/ https://www.google-analytics.com/g/collect; img-src 'self' https://www.facebook.com/* static.cinepolis.com tagmanager.com googletagmanager.com tpc.googlesyndication.com cinepolis.com stage.cinepolis.com data: mapbox-gl.com blob: api.mapbox.com events.mapbox.com ssl.gstatic.com securepubads.g.doubleclick.net google.com pagead2.googlesyndication.com www.google-analytics.com/collect www.google-analytics.com/j/collect www.google.com/ads/measurement/l www.googletagmanager.com/a googleads.g.doubleclick.net/pagead/interaction/ www.google.com/ads/ga-audiences www.google.com/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com *.twitter.com/* www.facebook.com/* www.facebook.com/tr/*; frame-src 'unsafe-eval' 'self' td.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com static.cinepolis.com stage.cinepolis.com stage-modernizacion.cinepolis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com *.safeframe.googlesyndication.com safeframe.googlesyndication.com google.com www.google.com googleads.g.doubleclick.net/ https://8267269.fls.doubleclick.net/ 8267269.fls.doubleclick.net td.doubleclick.net; "script-src" 'unsafe-inline' 'unsafe-eval' 'self' tpc.googlesyndication.com googletagmanager.com cdnjs.cloudflare.com static.cinepolis.com code.jquery.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com pagead2.googlesyndication.com partner.googleadservices.com google-analytics.com apis.google.com google-analytics.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com securepubads.g.doubleclick.net tagmanager.google.com www.googletagmanager.com www.google-analytics.com/gtm/optimize.js www.google-analytics.com/analytics.js www.google-analytics.com/analytics.js adservice.google.com.mx/adsid/integrator.js www.google-analytics.com/plugins/ua/ec.js www.google-analytics.com/plugins/ua/linkid.js www.google-analytics.com/gtm/js www.google-analytics.com/collect www.google-analytics.com/j/collect adservice.google.com/adsid/integrator.js www.googletagservices.com/activeview/js/current/rx_lidar.js connect.facebook.net/en_US/fbevents.js js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js b.scorecardresearch.com/beacon.js analytics.tiktok.com/i18n/pixel/events.js assistant.woorank.com/hydra/assistantLoader.latest.js static.ads-twitter.com/uwt.js connect.facebook.net/signals/config/375285878099814 dynatrace.com js-cdn.dynatrace.com https://js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js https://bf87178acl.bf.dynatrace.com/ bf87178acl.bf.dynatrace.com https://js-cdn.dynatrace.com/ https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com *.facebook.net/* connect.facebook.net/*; worker-src 'unsafe-eval' 'unsafe-inline' 'self' mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com; frame-ancestors tpc.googlesyndication.com static.cinepolis.com stage.cinepolis.com stage-modernizacion.cinepolis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com; object-src 'none'; 2 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com https://stx-gravity-p1-widgets.quantum.secutix.com/stx-widgets/v2/Widgets.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 2 img-src * data:; 2 default-src 'self' https://download.teamviewer.com/ https://dl.teamviewer.com/ https://cdn.cookielaw.org/ https://reportsession.teamviewer.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://code.jquery.com data:; script-src data: 'unsafe-inline' 'self' https://code.jquery.com; object-src 'self'; style-src 'unsafe-inline' 'self' https://code.jquery.com; img-src 'self' https://code.jquery.com; frame-src 'self' *.teamviewer.com teamviewer8: tvassign1: tvsqcustomer1: tvcustomqs: intent: 2 default-src 'none'; script-src 'nonce-ccdf441bb7' 'strict-dynamic';script-src-elem 'self' 'nonce-ccdf441bb7' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com; 2 X-Frame-Options: SAMEORIGIN 2 frame-ancestors https://*.wfscorp.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dewebmakers.nl *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.cloudflare.com cdn.leadinfo.net *.seranking.com https://monitor.fraudblocker.com https://cdn-cookieyes.com https://asset-tidycal.b-cdn.net; object-src *; style-src 'self' 'unsafe-inline' *.dewebmakers.nl cdn.leadinfo.net fonts.googleapis.com https://www.googletagmanager.com; img-src * data:; media-src *; frame-src *; font-src *; connect-src *; 2 frame-ancestors 'self' *.storyblok.com; 2 default-src 'self' *.phonebooky.com *.booky.ph *.bky.ph *.crazyegg.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com static.clevertap.com sg1.wzrkt.com d2r1yp2w7bby2u.cloudfront.net *.crazyegg.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.crazyegg.com;img-src 'self' 'unsafe-inline' *.booky.ph booky-nonprod-images.s3-ap-southeast-1.amazonaws.com booky-merchant-dashboard.s3.amazonaws.com *.bky.ph *.phonebooky.com data: *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com *.crazyegg.com;object-src 'none';media-src 'self' static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com;font-src 'self' data: fonts.gstatic.com;report-uri /report-violation;worker-src none;connect-src 'self' *.phonebooky.com *.booky.ph *.bky.ph https://api.v5.booky.ph/booky-apollo-serverless static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com *.crazyegg.com;script-src-attr 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;frame-ancestors 'self' 2 frame-ancestors 'self' *.maxon.net 2 connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 2 frame-ancestors ‘self’ 2 default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self'; img-src 'self' 2 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2 frame-ancestors 'self' https://daytondailynews.newspapers.com https://journal-news.newspapers.com https://springfieldnewssun.newspapers.com https://www.legacy.com https://epaper.daytondailynews.com https://editions.daytondailynews.com 2 frame-ancestors flashpoint-intel.com *.flashpoint-intel.com flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net; frame-src 'self' flashpoint-intel.com *.flashpoint-intel.com app.flashpoint.io *.app.flashpoint.io flashpoint.io fp.tools *.flashpoint.io *.echosec.net *.fp.tools automate.fp.tools autodemo.fp.tools *.platform.fpint.net *.cyberriskanalytics.com *.crft.app *.arcade.software *.okta.com *.calendly.com *.pendo.io *.googleapis.com *.wistia.net *.looker.com *.twitter.com *.platform.fpint.net *.youtube.com youtube.com linkedin.com *.linkedin.com 2 frame-ancestors 'self' https://www.escanav.com; 2 frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 2 frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2 frame-ancestors 'self' https://st-martin-kub.crono.travel 2 default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; object-src 'none'; worker-src 'none'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://mafo1.myaudience.de https://api.fdbserver.de; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src https: data: blob:; font-src https: data:; frame-ancestors https://*.sphere.uk https://*.cozmos.com https://*.sphere.co.uk https://*.toysphere.co.uk https://*.toysphere.com https://*.shortstackapp.com https://*.figma.com https://link.to https://*.linkfire.com; worker-src blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://info.dentsu.com https://pi.pardot.com http://pi.pardot.com https://cdn.pardot.com http://cdn.pardot.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com/ http://info.dentsu.com/ https://info.dentsu.com/ https://vercel.live https://app.storyblok.com wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.gstatic.com https://ipwhois.pro https://geolocation.onetrust.com https://vercel.live https://px.ads.linkedin https://api.storyblok.com https://api.emailjs.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com; frame-ancestors https://app.storyblok.com storyblok.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://a.storyblok.com https://cdn.cookielaw.org https://i.vimeocdn.com/; manifest-src 'self'; media-src 'self' https://a.storyblok.com; report-uri https://6551f73079107a8bf3ffdb54.endpoint.csper.io; worker-src blob:; 2 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; frame-ancestors 'self' ; base-uri 'self' ; prefetch-src 'self' ; img-src https: data: ; 2 child-src blob:; connect-src 'self' 'unsafe-inline' https://*.wcms.basf.com https://strawberry.basf.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://my-basf-privacy.my.onetrust.com https://login.microsoftonline.com https://federation-qa.basf.com https://federation.basf.com https://api.friendlycaptcha.com https://*.decibelinsight.net wss://*.decibelinsight.net https://*.decibel.com https://pick.basf.com https://platform.b4u-cloud.de https://*.kampyle.com https://*.medallia.eu https://*.medallia.com; default-src 'self'; font-src 'self' data: https://*.wcms.basf.com; frame-ancestors https://*.wcms.basf.com; frame-src https://*; img-src 'self' data: https://*.wcms.basf.com https://cdn.cookielaw.org https://collect.tealiumiq.com https://platform.b4u-cloud.de *.kampyle.com *.medallia.eu; media-src 'self' blob: https://*.wcms.basf.com; object-src 'none'; script-src 'wasm-unsafe-eval' 'unsafe-inline'; script-src-elem 'self' https://*.wcms.basf.com https://tags.tiqcdn.com https://tag.aticdn.net https://my.tealiumiq.com https://blackberry.basf.com https://cdn.cookielaw.org 'sha256-ttfnBjqp3Wtmn9FUPKkR3GLb0D3xMFCg7QcjYux8Y+o=' https://player.youku.com https://cdn.decibelinsight.net https://pick.basf.com https://platform.b4u-cloud.de https://*.kampyle.com https://*.medallia.eu https://*.medallia.com; style-src 'unsafe-inline' 'self'; style-src-elem 'self' 'unsafe-inline' https://*.wcms.basf.com https://player.youku.com https://platform.b4u-cloud.de; worker-src blob: 2 default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://*; worker-src 'self' blob:; 2 frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://* http://* data:; style-src 'self' 'unsafe-inline' https://* http://* data:; font-src 'self' https://* http://* data:; object-src 'self'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml; object-src 'none'; base-uri 'none'; frame-ancestors 'self' 2 default-src https: 2 base-uri 'none'; default-src: 'none'; block-all-mixed-content 2 frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org https://thearisenetwork.net https://indioumc.org https://sshpumc.org https://www.graceumcmesa.org https://everettumc.org https://unitedchurchofthetford.org https://zionumchurch.com 2 frame-ancestors https://app.contentful.com 'self' 2 frame-ancestors 'self' weleda.sabio.de 2 frame-ancestors 'self' levelone.com *.levelone.com www.realpage.com 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline'; 2 default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.getresponse.com https://an.gr-wcon.com *.gr-cdn.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io https://static.etracker.com https://www.etracker.de https://code.etracker.com https://*.delivery.consentmanager.net https://cdn.consentmanager.net;style-src 'self' 'unsafe-inline' *.getresponse.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io https://www.youtube.com;img-src 'self' data: https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com *.google.ae/ads/ *.google.al/ads/ *.google.am/ads/ *.google.at/ads/ *.google.ba/ads/ *.google.be/ads/ *.google.bg/ads/ *.google.bj/ads/ *.google.by/ads/ *.google.ca/ads/ *.google.cd/ads/ *.google.ch/ads/ *.google.cl/ads/ *.google.cn/ads/ *.google.co.id/ads/ *.google.co.il/ads/ *.google.co.in/ads/ *.google.co.jp/ads/ *.google.co.kr/ads/ *.google.co.ma/ads/ *.google.co.nz/ads/ *.google.co.th/ads/ *.google.co.uk/ads/ *.google.co.uz/ads/ *.google.co.za/ads/ *.google.com.au/ads/ *.google.com.bd/ads/ *.google.com.br/ads/ *.google.com.co/ads/ *.google.com.cy/ads/ *.google.com.ec/ads/ *.google.com.eg/ads/ *.google.com.hk/ads/ *.google.com.jm/ads/ *.google.com.lb/ads/ *.google.com.mx/ads/ *.google.com.my/ads/ *.google.com.ng/ads/ *.google.com.np/ads/ *.google.com.ph/ads/ *.google.com.pk/ads/ *.google.com.qa/ads/ *.google.com.sa/ads/ *.google.com.sg/ads/ *.google.com.tr/ads/ *.google.com.tw/ads/ *.google.com.ua/ads/ *.google.com.uy/ads/ *.google.com.vn/ads/ *.google.com/ads/ *.google.cz/ads/ *.google.de/ads/ *.google.dk/ads/ *.google.dz/ads/ *.google.es/ads/ *.google.fi/ads/ *.google.fr/ads/ *.google.gr/ads/ *.google.gy/ads/ *.google.hr/ads/ *.google.hu/ads/ *.google.ie/ads/ *.google.it/ads/ *.google.jo/ads/ *.google.li/ads/ *.google.lt/ads/ *.google.lu/ads/ *.google.lv/ads/ *.google.md/ads/ *.google.mk/ads/ *.google.mu/ads/ *.google.nl/ads/ *.google.no/ads/ *.google.pl/ads/ *.google.pt/ads/ *.google.ro/ads/ *.google.rs/ads/ *.google.ru/ads/ *.google.se/ads/ *.google.si/ads/ *.google.sk/ads/ *.google.tn/ads/ https://*.delivery.consentmanager.net;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io data:;connect-src 'self' *.getresponse.com https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net https://api.curator.io https://www.etracker.de https://consentmanager.mgr.consensu.org https://*.delivery.consentmanager.net;frame-src 'self' *.getresponse.com https://register.gotowebinar.com https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net https://vimeo.com https://webcast2.promeas.com/ https://player.vimeo.com/ https://www.brn-ag.de/ https://soziale-anwendung.de/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/;media-src 'self' blob: https://curator-assets.b-cdn.net *.cloudfront.net/jenoptik/ https://video.twimg.com;worker-src blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 2 script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 2 upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com cdn.penguin.co.uk *.ads-twitter.com *.doubleclick.net *.jquery.com *.yoast *.quizzes.cx *.shopifycdn.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self'; frame-ancestors 'none'; 2 frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 2 upgrade-insecure-requests;frame-ancestors 'self' 2 default-src 'none'; child-src 'self'; connect-src 'self' data: http://ad.doubleclick.net https://adservice.google.com https://analytics.google.com https://assets-tracking.crazyegg.com https://cdn.cookielaw.org https://dc.services.visualstudio.com https://esp-eu.aptrinsic.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://molnlycke2gir36prod.dxcloud.episerver.net https://pagead2.googlesyndication.com https://pagestates-tracking.crazyegg.com https://privacyportal-de.onetrust.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.crazyegg.com https://server-side-tagging-tagkg43egq-uc.a.run.app https://stats.g.doubleclick.net https://tracking.crazyegg.com https://www.facebook.com https://www.google-analytics.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ro https://www.google.se https://www.googleadservices.com; font-src 'self' data: http://themes.googleusercontent.com https://*.cloudfront.net/graphik/ https://*.cloudfront.net/lato/ https://fonts.gstatic.com https://sc-static.net https://svcs.tql.com; frame-src 'self' blob: http://td.doubleclick.net.x.1c7e1df30bec4044730985d0a84d8c494578.d045213d.id.opendns.com http://td.doubleclick.net.x.2692d56f0c056049aa09a20042bf1e3d82d5.d045213e.id.opendns.com http://td.doubleclick.net.x.40aed8270c8d70421b08a97048094bca2186.d045227c.id.opendns.com http://td.doubleclick.net.x.49dc1dfe0e1da04a9409fa6044634062ceec.d045211d.id.opendns.com http://td.doubleclick.net.x.614c7b4e06362040090b38d049013aad468e.d045211d.id.opendns.com http://td.doubleclick.net.x.6202e7a60d8ff0425409e18086d3328a1afb.d045211d.id.opendns.com http://td.doubleclick.net.x.640060950e7da04331090df0ea9768595fd4.d045211d.id.opendns.com http://td.doubleclick.net.x.7775ebd00923e04eda08d810fae9d219bc30.d045227d.id.opendns.com http://td.doubleclick.net.x.862dcbb80862b04c420a0d100062031d8a19.d045213d.id.opendns.com http://td.doubleclick.net.x.8beedf8e04d9e0449b0b86a06bc650a8d94a.d045211d.id.opendns.com http://td.doubleclick.net.x.acdd37a008b65042010abdf0cbf18f1fc80f.d045227d.id.opendns.com http://td.doubleclick.net.x.fe0150ae0b5de04c5f0b7ac0c088413b58d3.d045211d.id.opendns.com https://api.screen9.com https://block.opendns.com https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://cdn.cookielaw.org https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://storage.googleapis.com https://translate.google.com https://www.facebook.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.ec https://www.google.com.eg https://www.google.com.gh https://www.google.com.hk https://www.google.com.lb https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.ph https://www.google.com.pk https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.se https://www.google.si https://www.googletagmanager.com https://www.molnlycke.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://gc.kis.v2.scr.kaspersky-labs.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://sc-static.net https://script.crazyegg.com https://snap.licdn.com https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://web-sdk-eu.aptrinsic.com https://www.gstatic.com; manifest-src https://molnlycke2gir36prod.dxcloud.episerver.net https://www.molnlycke.com; worker-src blob:; script-src-attr https://www.google.com; report-to stott-security-endpoint;report-uri http://169.254.132.5/stott.security.optimizely/api/cspreporting/reporturiviolation/; 2 Content-Security-Policy: default-src https: 2 default-src 'self' https://hhglobal.com https://www.hhglobal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://www.googletagmanager.com https://player.vimeo.com https://www.youtube.com https://snap.licdn.com/ https://secure.intelligent-business-wisdom.com/ https://marketing.hhglobal.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://decoupledhhg.wpengine.com/; img-src 'self' data: https://www.hhglobal.com https://www.googletagmanager.com/ https://ps.w.org https://secure.gravatar.com/ https://px.ads.linkedin.com/ https://i.vimeocdn.com https://cdn.cookielaw.org/ https://marketing.hhglobal.com; object-src 'none' ; font-src 'self' data: ; frame-src 'self' https://player.vimeo.com/; connect-src 'self' https://region1.google-analytics.com/ https://submit-form.com https://px.ads.linkedin.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://idx.liadm.com/; worker-src 'self' https://hhglobal.com https://www.hhglobal.com; frame-ancestors 'self' 2 frame-ancestors 'self' *.alineops.com; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://rum-static.pingdom.net/ https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qweb.nl https://*.google-analytics.com https://*.pingdom.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self' https://*.qweb.nl https://*.qweb.net; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://app.qweb.nl 2 base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://dpm.demdex.net https://kbc.symex.be https://uat.serversidegraphics.com https://uk.personalcard.net https://www.facebook.com https://*.contentsquare.net https://admp-tc-mediahuis.adtlgc.com https://es6-elasticapm.kbc.be https://es6-elasticapm-a.kbc.be https://*.contentsquare.net https://onesignal.com https://*.googleapis.com https://*.adobe.com https://viewlicense.adobe.io https://*.adobedc.net https://adobedc.demdex.net; child-src 'self' blob: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://*.adobedc.net; default-src 'self'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.com https://*.kbc-group.com https://*.kbcgroup.eu https://*.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc-group.com https://*.omniture.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com https://kbc.symex.be https://*.trustarc.com https://code3.adtlgc.com/ https://scdn.cxense.com/ https://player.hihaho.com/ https://documentservices.adobe.com/; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.contentsquare.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://*.omtrdc.net https://*.adobemc.com https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://*.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://*.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://scomcluster.cxense.com https://secure.adnxs.com https://t.co https://touch.azureedge.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.be https://www.google.com https://www.googleadservices.com https://img.youtube.com https://*.truste.com https://*.trustarc.com https://cdn.publish.macrobond.net https://*.cxense.com https://*.contentsquare.net https://refini.tv https://product.datastream.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kbc-group.com https://*.24plus.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com https://t.contentsquare.net https://contentsquare.com https://code3.adtlgc.com https://*.trustarc.com https://*.truste.com https://*.cxense.com https://shared.mediahuis.be https://t.contentsquare.net https://contentsquare.com https://*.contentsquare.com https://player.hihaho.com/ https://documentservices.adobe.com/ https://uk.personalcard.net; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbc.com https://*.kbcsecurities.com https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://cdn.tt.omtrdc.net https://*.googleapis.com https://uk.personalcard.net; manifest-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.24plus.be https://cdn.tt.omtrdc.net https://*.googleapis.com; worker-src 'self' blob:; 2 frame-ancestors 'self' https://rewards.theexcellencecollection.com https://tecloyalty.c5.stage.livecms.site; 2 default-src 'self' cocubes.com *.cocubes.com cocubes.in cdn.cookielaw.org www.youtube.com player.vimeo.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cocubes.com *.cocubes.com cdn.cookielaw.org blob:; connect-src 'self' cocubes.com *.cocubes.com cocubes.in *.blob.core.windows.net cdn.cookielaw.org *.onetrust.com; img-src data: https: blob:; style-src 'unsafe-inline' https:; media-src 'self' blob: *.blob.core.windows.net cocubes.com *.cocubes.com cocubes.in; font-src data: https:;object-src 'self' cocubes.com *.cocubes.com cocubes.in *.blob.core.windows.net youtube.com player.vimeo.com; 2 base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; media-src 'self' multimedia.gsb.bund.de medien.bsi.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 2 frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io; font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 2 default-src 'self' data: *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl 2 default-src 'self' blob: centinelapi.cardinalcommerce.com *.consentmanager.net api.cyberity.ru *.doubleclick.net www.facebook.com ffin.global *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com code.jivo.ru *.mail.ru api.sumsub.com widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com *.tradernet.by; img-src 'self' 'unsafe-inline' blob: data: *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net earn.broker earn.eu www.facebook.com ffin.global *.freedom24.com w8ben.freedomholdingcorp.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com trade.inveza.com code.jivosite.com code.jivo.ru *.kursiv.media top-fwz1.mail.ru trade.mind-money.eu content.mql5.com *.onelink.me t.co *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru turlov.co.za analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com code.jivo.ru cdn.jsdelivr.net yastatic.net; font-src 'self' data: *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app wss://realtime-services-eu-chat-2.carrotquest.io realtime-services-eu-chat-2.carrotquest.io wss://rts-v2.carrotquest.app/websocket_connect_time rts-v2.carrotquest.app/websocket_connect_time api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props delivery.consentmanager.net/delivery/ *.clarity.ms suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.tradernet.am ffin.global mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com pay.google.com www.google.com google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivosite.com *.jivo.ru wss://*.jivosite.com wss://*.jivo.ru top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.tradernet.com *.typi.team wss://wss.trader.az wss://wss.tradernet.by wss://wss.tradernet.com wss://wss.tradernet.global wss://wss.tradernet.kg wss://wss.tradernet.kz tradernet.ru admin.tradernet.ru sentry.dev.tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.ru ekr.zdassets.com *.zendesk.com widget-mediator.zopim.com v2.zopim.com wss://widget-mediator.zopim.com mc.yandex.com wss://wssdev.tradernet.dev wss://wss.tradernet.dev wss://wss.tfos.com wss://wss.walletsolutions.eu; frame-ancestors 'self' https://*.bankffin.kz https://*.freedom24.com https://bankffin.kz https://freedom24.ru https://*.tradernet.com; 2 default-src 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://stats.wpmudev.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://stats.wpmudev.com https://stats.wpmucdn.com https://code.jquery.com https://js-cdn.dynatrace.com https://www.youtube.com https://cdn.datatables.net; style-src 'unsafe-inline' 'self' https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com https://cdn.datatables.net; img-src 'self' data: https://www.google.cl https://analytics.tiktok.com https://stats1.wpmudev.com https://www.facebook.com https://secure.gravatar.com https://www.google.com.co https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.arauco.cl https://www.arauco.com https://i.ytimg.com https://arauco.com/argentina http://arauco-qas.arauco.com https://arauco.com/chile https://arauco.com https://www.googletagmanager.com https://placehold.it https://www.placeholder.com https://via.placeholder.com https://ps.w.org https://cdn1.iconfinder.com https://cdn.datatables.net; connect-src 'self' https://analytics.tiktok.com https://stats1.wpmudev.com https://analytics.google.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bf72388lyn.bf.dynatrace.com https://ipinfo.io https://cdn.datatables.net https://www.facebook.com; font-src 'self' data: https://www.araucoonline.com https://fonts.gstatic.com https://ajax.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://fonts.googleapis.com https://maps.googleapis.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://use.fontawesome.com; media-src 'self'; child-src 'self' https://www.araucoonline.com https://www.arauco.cl https://www.arauco.com; form-action 'self' https://www.facebook.com https://www.googletagmanager.com; frame-ancestors 'self'; object-src 'self'; frame-src 'self' https://www.google.com https://td.doubleclick.net https://www.araucoonline.com https://www.arauco.cl https://www.arauco.com https://www.youtube.com https://www.youtube-nocookie.com https://arauco-qas.arauco.com https://arauco.com https://arauco.b3dservice.de https://arauco.esignserver3.com https://orbitvu.co https://issuu.com https://www.facebook.com https://www.googletagmanager.com https://www.optimizadoronline.com; worker-src 'self' blob:; manifest-src 'self'; 2 frame-ancestors 'self' https://metrika.yandex.ru; 2 default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' data: https://cdn.livechatinc.com/tracking.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://api.livechatinc.com/ https://ipapi.co/ https://connect.facebook.net/ https://www.facebook.com/ https://region1.google-analytics.com/ https://www.youtube.com/ https://region1.analytics.google.com/ https://ajax.cloudflare.com/ https://api.ipify.org/ https://ipapi.co/ https://privacy-proxy.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://region1.analytics.google.com/ https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/ https://static.elfsight.com/platform/platform.js https://universe-static.elfsightcdn.com/ ; style-src 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://www.facebook.com/ https://connect.facebook.net/ https://aggregator.service.usercentrics.eu/ https://px.ads.linkedin.com/ https://region1.google-analytics.com/ https://ipapi.co/ https://googleads.g.doubleclick.net/ https://region1.analytics.google.com/ https://core.service.elfsight.com/ https://ipapi.co/ https://ipapi.co/49.43.97.126/json/ https://api.ipify.org/ https://ipapi.co/49.43.97.0/json/ https://graphql.usercentrics.eu/graphql https://privacy-proxy.usercentrics.eu https://consent-api.service.consent.usercentrics.eu/ https://app.usercentrics.eu/ https://privacy-proxy.usercentrics.eu/ https://uct.service.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/latest/uc-block.bundle.js https://www.youtube.com/api/stats/atr https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://api.usercentrics.eu/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://play.google.com/log https://www.youtube.com/youtubei/v1/log_event https://snap.licdn.com/li.lms-analytics/insight.min.js https://tragwerksplanung.rib-software.com/; font-src 'self' data: https://fonts.gstatic.com https://www.youtube.com/s/player/704f0391/www-widgetapi.vflset/www-widgetapi.js; frame-src 'self' data: https://www.meinauftrag.rib.de/ https://api.ipify.org/ https://secure.livechatinc.com/ https://td.doubleclick.net/ https://www.byggeweb.dk/ https://app.usercentrics.eu/ https://posimyththemes.com/ https://region1.analytics.google.com/ https://go.rib-software.com/ https://tragwerksplanung.rib-software.com/ https://www.rib-tragwerksplanung.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com https://www.youtube.com https://go.dach.data.rib-software.com/; img-src 'self' data: https://www.facebook.com/ https://connect.facebook.net/ https://analytics.google.com/ https://i.ytimg.com/ https://px4.ads.linkedin.com/ https://www.google.de/ads/ga-audiences https://secure.gravatar.com/ https://region1.analytics.google.com/ https://googleads.g.doubleclick.net/ https://uct.service.usercentrics.eu/ https://www.google.co.in/ads/ga-audiences https://app.usercentrics.eu/ https://privacy-proxy-server.usercentrics.eu/ https://api.iconify.design/ https://googleads.g.doubleclick.net/ https://i.vimeocdn.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://65f14453bc57ae1120bf6fd9.endpoint.csper.io/?v=1; 2 script-src 'self' 'unsafe-inline' adobedtm.com t.contentsquare.net connect.facebook.net blob: http: https:; object-src 'none'; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily; 2 base-uri 'self';frame-ancestors 'self' 2 frame-ancestors 'self' https://*.encompass.ice.com https://www.encompassloconnect.com https://encompassloconnect.com https://*.ellieservices.com https://encompass.ice.com 2 frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 2 default-src 'self'; base-uri 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://s.yimg.jp/ https://connect.facebook.net/ https://*.yahoo.co.jp/ https://maps.googleapis.com/ https://*.mul-pay.jp/ https://*.google.com https://global.localizecdn.com/ https://use.typekit.net/ https://cdnjs.cloudflare.com https://cdn.auth0.com https://ads.twitter.com https://imasdk.googleapis.com https://pagead2.googlesyndication.com https://static.ads-twitter.com https://s0.2mdn.net https://www.googletagservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net/; connect-src * data: blob: 'unsafe-inline'; frame-src https://*.google.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ https://*.facebook.com/ https://www.youtube.com/ https://td.doubleclick.net/ https://imasdk.googleapis.com/; media-src * data: blob:; worker-src * data: blob: 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; style-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src https: data:; font-src https: data:; upgrade-insecure-requests; 2 frame-ancestors www.red-gate.com; 2 default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 2 frame-ancestors 'self' bcaa.me https://insurance.bcaa.com https://*.vulog.center 2 default-src 'self' https://*.wistia.com https://*.wistia.net; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-sj31.marketo.com/ https://www.juicer.io/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://cc.cdn.civiccomputing.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tools.eurolandir.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://player.vimeo.com/api/player.js http://tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js https://assets.calendly.com/; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; font-src 'self' data: https://fast.wistia.net/ https://static.juicer.io/fonts/ https://*.wistia.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ ; style-src 'self' 'unsafe-inline' blob: https://app-sj31.marketo.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fonts.googleapis.com/ https://assets.calendly.com/; connect-src 'self' https://analytics.google.com/ https://fast.wistia.net/ http://craneware.emperordev.com/ https://*.litix.io https://region1.analytics.google.com https://region1.google-analytics.com/ https://*.wistia.com https://embedwistia-a.akamaihd.net https://clapi.civiccomputing.com/ https://apikeys.civiccomputing.com/ https://our.umbraco.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/ ; frame-src 'self' data: https://x.com/ https://twitter.com/ https://www.linkedin.com/ https://www.facebook.com/ https://craneware.my.salesforce-sites.com/ https://craneware.secure.force.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fast.wistia.net https://craneware.wistia.com/ https://tools.eurolandir.com/ https://fast.wistia.net/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://calendly.com/; img-src 'self' data: https://www.google.rs/ https://media.licdn.com/dms/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://www.google.com/ https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://public.craneware.com/ https://www.googletagmanager.com/ https://assets.calendly.com/; frame-ancestors 'self' https://www.linkedin.com/; worker-src 'self' blob: 2 default-src 'self'; base-uri 'none'; img-src 'self' data:; worker-src 'none'; frame-src 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM=' 'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE=' 'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig=' 'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA=' 'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8=' 'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0=' 'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4=' 'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE=' 'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po=' 'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY=' 'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE=' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com *.archgroup.com www.googletagmanager.com www.clarity.ms; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com px.ads.linkedin.com p.adsymptotic.com snap.licdn.com www.google-analytics.com player.vimeo.com extend.vimeocdn.com www.archgroup.com www.googletagmanager.com platform.twitter.com www.clarity.ms c.clarity.ms e.clarity.ms; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com *.googletagmanager.com fonts.gstatic.com; frame-src *.archgroup.com www.podbean.com www.youtube.com www.google.com *.icims.com player.vimeo.com *.twitter.com; img-src 'self' data: www.archgroup.com archgroup.com ps.w.org p.adsymptotic.com wpengine.com dify.wpengine.com maps.gstatic.com *.googleapis.com *.ggpht.com secure.gravatar.com *.linkedin.com *.google-analytics.com *.analytics.google.com *.twitter.com c.clarity.ms c.bing.com; font-src 'self' data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' www.archgroup.com insurance.archgroup.com mortgage.archgroup.com reinsurance.archgroup.com *.google-analytics.com analytics.google.com *.analytics.google.com archcapital2020tf.q4web.com *.licdn.com stats.g.doubleclick.net my.wpengine.com yoast.com api.redirect.li px.ads.linkedin.com cdn.linkedin.oribi.io e.clarity.ms; media-src *.archgroup.com extend.vimeocdn.com; form-action 'self'; base-uri 'self'; frame-ancestors 'self' www.slipcase.com marketplace.marsh.com; upgrade-insecure-requests ; object-src 'self'; child-src 'self'; worker-src 'self' blob; 2 frame-ancestors 'self' dashboard.myrazz.com; report-uri /report-violation 2 frame-ancestors 'self' *.qfc.cn *.tnc.com.cn *.aliyuncs.com *.aliyun.com *.ctcn.com.cn *.globaltextiles.com *.qfcgroup.com 2 script-src 'unsafe-inline' 'self' blob: data: https://widget.intercom.io/widget/x9ly9yez https://calendly.com/ https://www.google-analytics.com https://api.amplitude.com https://cdn.bek.coop https://www.gstatic.com https://www.google.com https://www.youtube.com wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://fonts.gstatic.com https://code.ionicframework.com https://use.typekit.net https://static.hotjar.com https://www.googletagmanager.com https://unpkg.com https://api.testbek.com https://js.intercomcdn.com https://vjs.zencdn.net/7.11.4/video.min.js https://unpkg.com/vue@2.6.14 https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://assets.swarmcdn.com/cross/swarmdetect.js https://assets.calendly.com/assets/external/widget.js https://js.chargebee.com/v2/chargebee.js; worker-src 'self' 'unsafe-inline' blob: https://testbek.com; img-src https://* data:*; style-src 'unsafe-inline' 'self' https://testbek.com https://vjs.zencdn.net https://code.ionicframework.com https://fonts.googleapis.com https://*.typekit.net https://dkg63mm7284y1.cloudfront.net/b9a32b69eab70562cf0906b5d9614b628cbc65a7/widget/captivated.css https://unpkg.com https://unpkg.com/swiper/swiper-bundle.min.css; style-src-elem 'self' https://unpkg.com https://dkg63mm7284y1.cloudfront.net https://*.typekit.net https://code.ionicframework.com https://vjs.zencdn.net https://fonts.googleapis.com 'unsafe-inline'; script-src-elem https: 'unsafe-inline'; 2 object-src 'self'; frame-ancestors 'self' 2 frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'self' https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com https://*.auth0.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.auth0.com; worker-src 'self' 2 frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 2 base-uri 'self';manifest-src 'self' https://myownconference.com https://cdn.myownconference.com;default-src 'self';connect-src 'self' https://cdn.myownconference.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.myownconference.com https://client.crisp.chat;img-src 'self' data: https://cdn.myownconference.com https://image.crisp.chat;style-src 'self' 'unsafe-inline' https://cdn.myownconference.com https://client.crisp.chat;font-src 'self' data: https://cdn.myownconference.com https://client.crisp.chat;object-src 'self';frame-src 'self' https://support.myownconference.com;frame-ancestors 'self';form-action 'self';upgrade-insecure-requests 2 default-src 'self' https://videos.ctfassets.net/; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src *; 2 default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 2 connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 2 frame-ancestors 'self' https://accept.authorize.net 2 default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: 'self' *; media-src *; object-src *; script-src data: 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' *.verti.es *.verti.it *.verti.com *.verti.de *.mazda.de; 2 upgrade-insecure-requests; frame-ancestors https://willowpointrehab.com; 2 "upgrade-insecure-requests;" 2 connect-src 'self' *.fontawesome.com *.yimg.com *.google-analytics.com *.doubleclick.net rest-api.e-shot.net bat.bing.com terryberry.force.com *.omappapi.com z.omappapi.com a.omappapi.com api.omappapi.com *.nr-data.net *.terryberry.com secure.agile-company-365.com idx.liadm.com *.clickagy.com *.zoominfo.com *.hu-manity.co onesignal.com *.onesignal.com cdn.linkedin.oribi.io *.duosecurity.com terryberry.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com terryberry.my.site.com *.clickcease.com pagead2.googlesyndication.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.ads.linkedin.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; default-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' data: *.fontawesome.com fonts.gstatic.com *.hu-manity.co *.duosecurity.com terryberry.com *.terryberry.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; frame-src 'self' bid.g.doubleclick.net service.force.com www.facebook.com go.pardot.com *.youtube.com storage.pardot.com terryberry.com *.terryberry.com player.vimeo.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com td.doubleclick.net *.trstplse.com *.trustpulse.com data: *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; img-src 'self' 'unsafe-inline' terryberry.com *.terryberry.com *.gravatar.com *.linkedin.com *.bing.com *.analytics.yahoo.com *.google.com *.google.co.uk *.google.de *.facebook.com *.google-analytics.com live-terryberry.pantheonsite.io p.adsymptotic.com go.pardot.com *.doubleclick.net i.ytimg.com *.omappapi.com *.googletagmanager.com *.clickagy.com *.rlcdn.com *.demdex.net *.crwdcntrl.net *.agkn.com *.bluekai.com pixel-sync.sitescout.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.my.site.com *.gstatic.com *.google.com *.hcaptcha.com terryberry.my.salesforce.com *.clickcease.com *.trstplse.com *.trustpulse.com data: *.chilipiper.com trustpulse.s3.amazonaws.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; media-src 'self' 'unsafe-inline' *.terryberry.com *.duosecurity.com terryberry.com data: *.optinmonster.com *.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pantheonsite.io *.360recognition.com *.giveawow.com *.youtube.com *.google.com *.google-analytics.com *.googleapis.com use.fontawesome.com kit.fontawesome.com www.googletagmanager.com service.force.com terryberry.my.salesforce.com bat.bing.com *.googleadservices.com snap.licdn.com tracking.g2crowd.com s.yimg.com connect.facebook.net pi.pardot.com *.salesforceliveagent.com *.doubleclick.net signup.es-mail.co.uk ajax.googleapis.com static.lightning.force.com terryberry.force.com *.omappapi.com *.googleoptimize.com *.adservice.google.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.terryberry.com secure.agile-company-365.com player.vimeo.com *.zoominfo.com *.clickagy.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com *.clickcease.com *.trstplse.com *.trustpulse.com *.chilipiper.com cdnjs.cloudflare.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com unpkg.com/vue@3/dist/vue.global.js unpkg.com/vue@3/; style-src 'self' 'unsafe-inline' *.pantheonsite.io *.fontawesome.com service.force.com terryberry.force.com fonts.googleapis.com *.omappapi.com *.terryberry.com secure.agile-company-365.com *.hu-manity.co onesignal.com *.onesignal.com *.duosecurity.com terryberry.com *.gstatic.com *.google.com terryberry.my.site.com *.hcaptcha.com terryberry.my.salesforce.com *.trstplse.com *.trustpulse.com *.chilipiper.com *.cookiebot.com *.optinmonster.com *.visualwebsiteoptimizer.com; worker-src 'self' 'unsafe-inline' *.terryberry.com terryberry.com blob: data:; 2 default-src 'self' * ws: wss: data: blob:; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * ws: wss:; img-src 'self' data: * http: https:; child-src 'self' * blob:; 2 default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 2 default-src 'self' cdn.upstract.com; font-src 'self' cdn.upstract.com; style-src 'self' 'unsafe-inline' cdn.upstract.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.upstract.com https://hcaptcha.com/ https://cdn.jsdelivr.net/; img-src 'self' data: cdn.upstract.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://rumble.com/ https://embed.ted.com/ https://*.hcaptcha.com 2 default-src 'self' *.jquery.com *.googleapis.com *.jquery.com *.vimeo.com; connect-src *; script-src * https://www.googletagmanager.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; img-src * 'self' blob: data: https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.sharethis.com *.jquery.com https://cs-cdn.realpage.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' app.hubspot.com *.sharethis.com *.google.com *.vimeo.com https://www.youtube.com/ https://player.vimeo.com/; object-src 'none' 2 frame-ancestors 'self' *.doppelherz.de *.dppim.gfeserver.de *.doppelherz.ae *.doppelherz.at *.doppelherz.bg *.doppelherz.com *.doppelherz.co.ao *.doppelherz.co.id *.doppelherz.co.kr *.doppelherz-algeria.com *.doppelherz.com.kw *.doppelherz-iraq.com *.doppelherz.dj *.doppelherz.dk *.doppelherz.eg *.doppelherz.es *.doppelherz.fr *.doppelherz.hr *.doppelherz.hu *.doppelherz.it *.doppelherz.me *.doppelherz.mk *.doppelherz.ng *.doppelherz.pl *.doppelherz.pt *.doppelherz.ro *.doppelherz.rs *.doppelherz.sg *.doppelherz.tn *.doppelherz.ug *.doppelherz.ru *.doppelherz.com.tr *.doppelherz.com.gh *.doppelherz.cm *.doppelherz.ge *.doppelherz.qa *.doppelherz.cz *.doppelherz.si *.doppelherz-southkorea.com *.doppelherz.ua *.doppelherz.ch *.doppelherz.tw *.queisser.de *.queisser.com *.queisser.pl *.queisser.ro *.doppelherz.ma *.doppelherz.ba *.doppelherz.uz 2 frame-ancestors ; upgrade-insecure-requests; 2 base-uri 'self'; connect-src 'self' *.cookiepro.com *.google.com *.hotjar.com wss://ws26.hotjar.com *.hotjar.io *.googleapis.com *.onetrust.com cdn.cookielaw.org *.google-analytics.com *.readspeaker.com stats.g.doubleclick.net yoast.com; default-src 'self' ; font-src fonts.gstatic.com *.hotjar.com 'self' data:; frame-src www.google.com 'self' www.youtube-nocookie.com *.hotjar.com cdn.cookielaw.org *.readspeaker.com gamma.euroland.com tools.eurolandir.com e.infogram.com art.kunstmatrix.com; img-src blob: 'self' data: maps.googleapis.com *.google.com *.googletagmanager.com maps.gstatic.com *.google-analytics.com 0.gravatar.com *.hotjar.com cdn.cookielaw.org maps.googleapis.com maps.gstatic.com secure.gravatar.com *.google-analytics.com ps.w.org s.chkmkt.com; manifest-src 'self';media-src 'self'; object-src 'none';script-src www.google.com www.gstatic.com *.onetrust.com cdn.cookielaw.org *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiepro.com *.onetrust.com cdn.cookielaw.org p-eu.chkmkt.com *.readspeaker.com www.googletagmanager.com ajax.googleapis.com maps.gstatic.com maps.googleapis.com tools.eurolandir.com *.google-analytics.com e.infogram.com www.youtube-nocookie.com p-eu.chkmkt.com; style-src 'unsafe-inline' 'self' eu.mar.medallia.com ajax.googleapis.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com tagmanager.google.com *.readspeaker.com s.chkmkt.com; worker-src 'self' blob:; 2 default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 2 default-src * 'unsafe-inline' 'unsafe-eval' data: wss: *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: *; img-src * 'unsafe-inline' 'unsafe-eval' data: *; frame-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src * 'unsafe-inline' 'unsafe-eval' data: * 2 default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' https:; frame-src 'self' https: 2 frame-ancestors 'self' *.first.bank https://admin.first.bank/ https://admin.belay.bank/ https://ondemand.eoriginal.com https://firstbankmo--sbadev.sandbox.lightning.force.com https://firstbankmo--sbadev.sandbox.my.site.com https://firstbankmo--uat.sandbox.my.salesforce.com https://firstbankmo--uat.sandbox.lightning.force.com https://firstbankmo.my.salesforce.com; 2 default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 2 default-src *.mouseflow.com 'self' 'unsafe-inline' 'unsafe-eval' data: * 2 frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 2 default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 2 default-src 'self'; script-src 'self' https://*.azirevpn.com/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.azirevpn.com/; img-src 'self' blob: data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 2 default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 2 connect-src 'self' *.googlesyndication.com *.googleapis.com *.gstatic.com *.google-analytics.com securepubads.g.doubleclick.net stats.g.doubleclick.net wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.yimg.com; default-src 'self' *.googlesyndication.com; font-src 'self' data: *.gstatic.com *.zopim.com https://*.hotjar.com; form-action 'self'; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com *.google.com *.googlesyndication.com *.googleapis.com https://www.googleadservices.com *.doubleclick.net https://*.hotjar.com youtube.com www.youtube.com; frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com; img-src 'self' data: media.rewardsnetwork.com https://apple-resources.s3.amazonaws.com *.ggpht.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com cdn.buttercms.com res.cloudinary.com *.doubleclick.net stats.g.doubleclick.net seal-chicago.bbb.org *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com *.facebook.com *.yahoo.com; media-src 'self' cdn.buttercms.com res.cloudinary.com *.zdassets.com ; object-src 'self' media.rewardsnetwork.com res.cloudinary.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com res.cloudinary.com *.doubleclick.net cdn.ampproject.org seal-chicago.bbb.org assets.adobedtm.com assets.zendesk.com *.zopim.com *.zdassets.com https://*.hotjar.com *.facebook.net *.yimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.hotjar.com cloud.typography.com; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wistia.com https://*.walkme.com https://arn.upraise.io https://cdn.jsdelivr.net https://lp.poweredbyonsite.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://simpleui-test-au.vixverify.com https://code.jquery.com https://gateway.nab.com.au https://cdnjs.cloudflare.com.au https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://www.gstatic.com https://www.google.com https://paynow.pmnts.io https://app.powerbi.com https://js-agent.newrelic.com https://bam-cell.nr-data.net blob:; frame-src https://avetta.wistia.com https://arn.upraise.io https://pumaenergyqld.safetyhub.com https://*.onsitetrackeasy.com.au https://www.google.com https://gateway.nab.com.au https://paynow.pmnts.io https://player.vimeo.com https://*.avetta.com https://app.powerbi.com https://*.poweredbyonsite.com https://*.ls.poweredbyonsite.com https://cloud.scorm.com https://*.qa.ls.poweredbyonsite.com https://*.dev.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://www.google.com https://gateway.nab.com.au https://paynow.pmnts-sandbox.io https://paynow.pmnts.io https://player.vimeo.com https://*.qa.poweredbyonsite.com https://*.dev.poweredbyonsite.com https://*.avetta.com https://app.powerbi.com https://reports-staging.poweredbyonsite.com https://www.youtube.com https://cloud.scorm.com 'self' blob: data:; frame-ancestors https://paynow.pmnts.io https://*.ls.poweredbyonsite.com https://*.onsitetrackeasy.com.au https://*.poweredbyonsite.com https://poweredbyonsite.com https://*.okta.com; object-src 'self' https://*.ls.poweredbyonsite.com blob:; 2 default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:; 2 frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 2 default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ ; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net *.awin1.com *.zenaps.com https://www.dwin1.com https://the.sciencebehindecommerce.com https://*.wepowerconnections.com https://bat.bing.com https://channel.me https://engie.conversationalsdevelopment.nl https://cdn.conversationalsdevelopment.nl https://api.seamly.ai wss://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://engie-engie.digitalcx.com https://api.digitalcx.com https://www.50five-engie.nl https://engie.pti.nl https://api.ipdata.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://google.com https://www.google.com https://www.google.nl https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://adservice.google.com https://storage.googleapis.com https://www.gstatic.com https://s.ytimg.com https://code.jquery.com https://snap.licdn.com https://px.ads.linkedin.com https://api.membergetmember.co https://embedded.membergetmember.co https://events.membergetmember.co https://heartbeat.membergetmember.co https://tracking.membergetmember.co https://prod-mgw.engie-app.nl/api/v1/opening-hours https://prod-mgw.engie-app.nl/api/v1/waiting-times https://prod-mgw.engie-app.nl/api/v1/opening-hours/waiting-time https://*.optimizely.com https://ws.pushcall.com https://smartcontactbutton.pushcall.com https://api.storyteq.com https://assets.storyteq.com https://www.youtube.com https://www.youtube-nocookie.com https://v2.zopim.com wss://widget-mediator.zopim.com https://static.zdassets.com https://ekr.zdassets.com;font-src 'self' data:;img-src *.awin1.com *.zenaps.com https://bat.bing.com https://cdn.conversationalsdevelopment.nl https://newstat.net https://ds1.nl https://www.google.nl https://www.google.com https://storage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.optimizely.com https://api.storyteq.com https://assets.storyteq.com 'self' data:;style-src 'self' 'unsafe-inline' https://www.50five-engie.nl https://storage.googleapis.com https://fonts.googleapis.com https://cdn.conversationalsdevelopment.nl; 2 frame-ancestors 'self' https://learn.spot.io; 2 frame-ancestors 'self' https://mcnk64xr71xx8t-v1mr4dcx1zk84.pub.sfmc-content.com 2 default-src * 'self' blob: data: gap:; style-src * 'self' 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * 'self' 'unsafe-inline' blob: data: gap:; connect-src 'self' * 'unsafe-inline' blob: data: gap:; frame-src * 'self' blob: data: gap: 2 frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 2 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: https:; font-src * data: https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 2 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://analytics.tiktok.com https://static.doubleclick.net https://access.equalweb.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://tagmanager.google.com https://cdn.cookielaw.org https://code.jquery.com https://cdn.krxd.net https://connect.facebook.net https://beacon.krxd.net https://consumer.krxd.net https://plugin.handtalk.me https://*.youtube.com https://s.ytimg.com https://cdn.equalweb.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://tcp.googlesyndication.com https://pixel.mathtag.com https://maps.googleapis.com ; img-src 'self' data: blob: https://ad.doubleclick.net https://match.adsrvr.org https://pixel.rubiconproject.com https://yt3.ggpht.com https://pixel.mathtag.com https://sp.analytics.yahoo.com https://*.fls.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://adservice.google.com https://lh3.googleusercontent.com https://cdn.cookielaw.org https://beacon.krxd.net https://usermatch.krxd.net https://cm.g.doubleclick.net https://stags.bluekai.com https://ib.adnxs.com https://sync.mathtag.com https://analytics.twitter.com https://cms.analytics.yahoo.com https://sync.navdmp.com https://global.ib-ibi.com https://www.facebook.com https://i.ytimg.com https://www.google.com https://www.google.com.br https://googleads.g.doubleclick.net https://access.equalweb.com https://plugin.handtalk.me https://test.cocacola.com.br https://stage.cocacola.com.br https://www.coca-cola.com.br https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://*.privacysandbox.googleadservices.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://immakers.go2cloud.org https://image2.pubmatic.com https://dsum-sec.casalemedia.com https://idsync.reson8.com https://eb2.3lift.com https://idsync.rlcdn.com https://x.bidswitch.net https://sync.go.sonobi.com https://ad.360yield.com https://ads.stickyadstv.com https://sync.search.spotxchange.com https://pixel.tapad.com https://x.dlx.addthis.com https://ups.analytics.yahoo.com https://us-u.openx.net https://uipus.semasio.net https://loadm.exelator.com https://su.addthis.com https://maps.googleapis.com https://img.youtube.com ; style-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://*.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://*.gstatic.com https://cdn.cookielaw.org https://code.jquery.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://plugin.handtalk.me ; child-src 'self' blob:; object-src 'none' ; frame-src 'self' https://s.amazon-adsystem.com https://access.equalweb.com https://*.doubleclick.net https://www.googletagmanager.com https://plugin.handtalk.me https://www.google.com https://cdn.krxd.net https://*.youtube.com https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://pixel.mathtag.com ; connect-src 'self' data: https://checkip.amazonaws.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://play.google.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://s.yimg.com https://stats.g.doubleclick.net https://us-central1-kora-nlp-prod.cloudfunctions.net https://www.google-analytics.com https://la.ces.coke.com https://plugin.handtalk.me https://stage-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://prod-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://gamma-latam-us-west-2-api-config.s3.amazonaws.com https://prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com https://pyhdy1j3zh.execute-api.us-west-2.amazonaws.com https://8lioi8nl48.execute-api.us-west-2.amazonaws.com https://cdn.equalweb.com https://access.equalweb.com https://translation.handtalk.me https://translation-v3.handtalk.me https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://adservice.google.com https://aadb2c-apig.latam.gcds.coke.com https://aadb2c-apig.gamma.latam.gcds.coke.com https://aadb2c-apig.alpha.latam.gcds.coke.com https://analytics.google.com https://maps.googleapis.com ; form-action 'self' https://www.facebook.com ; font-src 'self' data: https://fonts.gstatic.com ; 2 script-src-elem 'self' 'unsafe-inline' *; 2 frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 2 object-src 'none'; frame-ancestors 'none' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com 2 default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self' https://iface.core-networks.de; frame-ancestors 'none'; block-all-mixed-content 2 frame-ancestors 'self' multimaps360.de; 2 default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com; script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 2 frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 2 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.google-analytics.com *.visualwebsiteoptimizer.com app.vwo.com *.tvsquared.com *.googleoptimize.com *.gstatic.com *.cloudflareinsights.com *.w.org *.google.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net *.worldchangers.reviews *.guildgiving.org wingify-assets.s3.amazonaws.com s3.amazonaws.com chart.googleapis.com *.cloudfront.net *.googletagmanager.com www.gstatic.com *.cherrycreekcolorado.com *.artisanhomeloans.com *.pentrustmortgage.com *.viewmortgage.com *.bellcohomeloans.com *.betterbuiltmortgage.com *.loansbyjohnny.com *.beauknowsmortgages.com *.smartmortgage.com; 2 default-src 'self'; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' https://kit.fontawesome.com https://cdnjs.cloudflare.com https://browser-update.org https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com; script-src-elem 'self' 'unsafe-inline' https://kit.fontawesome.com https://cdnjs.cloudflare.com https://browser-update.org https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://www.recaptcha.net https://www.google.com https://www.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://i.ytimg.com https://www.google.be; connect-src 'self' https://*.fontawesome.com https://noembed.com https://cdn.plyr.io https://*.google.com https://*.doubleclick.net; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://www.google.com https://www.recaptcha.net; object-src 'none'; media-src 'self' 2 default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2 frame-ancestors 'self' *.vu.lt 2 report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/reportOnly; 2 default-src *; style-src http: https: 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data:; font-src 'self' http: https: data:; img-src 'self' https: http: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 2 frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 2 frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org 2 connect-src *; default-src 'self' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net; font-src 'self' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net https://fonts.gstatic.com; img-src * https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com *.reviews.io data: blob:; media-src *.comparaonline.com https://res.cloudinary.com s3.amazonaws.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net *.youtube.com https://comparaonline-design.s3.amazonaws.com; frame-src *.youtube.com *.hotjar.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.facebook.com *.hsforms.com https://www.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.comparaonline.com *.comparaonline.cl https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net client.perimeterx.net *.youtube.com googleads.g.doubleclick.net https://*.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.googletagmanager.com connect.facebook.net bat.bing.com *.hotjar.com *.dwin1.com https://*.google.com https://cdn.segment.com https://purecatamphetamine.github.io http://js.hsforms.net/forms/embed/v2.js *.reviews.io *.visualwebsiteoptimizer.com tracking.bciplus.cl https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *.comparaonline.com https://d2o3bbd14e8un6.cloudfront.net https://d7nxjt1whovz0.cloudfront.net https://optimize.google.com https://fonts.googleapis.com *.reviews.io data:; worker-src blob:; 2 default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 2 frame-ancestors https://www.facebook.com/ 2 default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://skoda-admin.porsche-holding.com; 2 report-uri /algemeen/report_CSP_error.php; frame-ancestors 'self' https://*.ict.lan; 2 default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 2 frame-ancestors https://100jahre.caritas-stpoelten.at/ https://abrakadabra.caritas-tirol.at/ https://abz-wielandgasse.caritas-steiermark.at/ https://agyoungcaritas.caritas.at/ https://www.caritas-stadtteilarbeit.at/ https://freiwillige.caritas-wien.at/ https://spenden.helfen.at/ https://hlw.caritas-kaernten.at/ https://intern.sob-linz.at/ https://jahresbericht.caritas-stpoelten.at/ https://www.bildungszentrumnord.at/ https://seegasse.caritas-wien.at/ https://sob.caritas-kaernten.at/ https://sob.caritas-wien.at/ https://vorlagen.caritas.at/ https://wirkungsbericht.caritas-burgenland.at/ https://wirkungsbericht.caritas-salzburg.at/ https://wirkungsbericht.caritas-wien.at/ https://www.caritas.at/ https://www.caritas-austria.at/ https://www.caritas-bigs.at/ https://www.caritas-bildungszentrum.at/ https://www.caritas-burgenland.at/ https://www.caritas-commit.at/ https://www.caritas-foundation.at/ https://www.caritas-jobs.at/ https://www.caritas-kaernten.at/ https://www.caritas-leo.at/ https://www.caritas-linz.at/ https://www.caritas-ooe.at/ https://www.caritas-pflege.at/ https://www.caritas-rundumbetreut.at/ https://www.caritas-salzburg.at/ https://www-caritas-salzburg-at.caritas.host https://www.caritas-schulen.at/ https://www.caritas-steiermark.at/ https://www.caritas-stiftung.at/ https://www.caritas-stpoelten.at/ https://www.caritas-tirol.at/ https://www.caritas-vorarlberg.at/ https://www.caritas-wien.at/ https://www.caritas-wiewirwirken.at/ https://www.caritasabend.at/ https://www.caritasakademie.at/ https://www.carla.at/ https://www.carla-vorarlberg.at/ https://www.carla-wien.at/ https://www.diesozialschule.at/ https://www.fsbwr-neustadt.ac.at/ https://www.hilfswerk-sr-emmanuelle.at/ https://www.homelessworldcup.at/ https://www.internationalerfreiwilligeneinsatz.at/ https://www.josee.at/ https://www.junges-wohnen.at/ https://www.lebensraeume-caritas.at/ https://www.neuearbeit.or.at/ https://www.obenauf.cc/ https://www.paraplue-steyr.at/ https://www.patenschaften.at/ https://www.perspektive-handel.at/ https://www.project-bera.eu/ https://www.schule-am-himmel.at/ https://www.schwangerenberatung.at/ https://www.sob-caritas.at/ https://www.sob-linz.at/ https://www.speisewagen-caritas.at/ https://www.unser-wirken.caritas-kaernten.at/ https://www.winternothilfe.at/ https://www.zeitschenken.at/ https://www.gruft.at/ https://www.opentalk.at/ https://caritas-wegweiser.at/ https://www.krone.at/ https://vka.or.at/ https://open2chat.at/ https://www.ausbildungszentrum-linz.at/ https://triptalks.at/ https://www.lena.or.at/ https://www.streetfootball.at/ https://www.carotte-caritas.at/ https://sozialberufe-wolfsberg.caritas-kaernten.at/ https://annualreport.caritas.at/ https://typo3.caritas.at/ https://haus-antonius.caritas-kaernten.at/ https://wirkungsbericht.caritas-tirol.at/ https://wirkungsbericht.caritas.at/ https://www.ife-austria.at/ https://www.inklusive-redaktion.at/ https://test01.caritas.at/ https://test02.caritas.at/ https://test03.caritas.at/ https://test04.caritas.at/ https://test05.caritas.at/ https://test06.caritas.at/ https://test07.caritas.at/ https://test08.caritas.at/ https://test09.caritas.at/ https://test10.caritas.at/ https://test11.caritas.at/ https://test12.caritas.at/ https://test13.caritas.at/ https://test14.caritas.at/ https://test15.caritas.at/ https://test16.caritas.at/ https://test17.caritas.at/ https://test18.caritas.at/ https://test19.caritas.at/ https://test20.caritas.at/ https://campus22.caritas-schule.at/ https://inigo.at/ https://www.fachschule-grabenstrasse.at/; 2 default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br https://js.intercomcdn.com; frame-src 'self' *.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a; frame-ancestors *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.wheely.com.br *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi 2 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';worker-src 'self' 'unsafe-inline' * blob:; 2 default-src 'self' accounts.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src *;img-src * data:; script-src * www.google-analytics.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' * 2 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; font-src *; img-src * data:; connect-src * data: 2 script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: https: ; 2 frame-ancestors https://viega.showpad.biz; 2 base-uri 'self'; form-action 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://bat.bing.com; worker-src 'self' blob:; 2 default-src 'self' *.sberdisk.dev *.sberdisk.ru; script-src 'self' *.sberdisk.dev *.sberdisk.ru *.googletagmanager.com https://mc.yandex.ru https://cdn.amplitude.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' https: blob: data:; frame-src 'self' https: blob: atlassian-companion:; media-src 'self' https: blob: data:; font-src *; 2 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 2 frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.visualwebsiteoptimizer.com app.vwo.com https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.visualwebsiteoptimizer.com app.vwo.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net; img-src 'self' data: https://*.visualwebsiteoptimizer.com app.vwo.com https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com https://loyal-lyrebird.cloudvent.net; media-src 'self'; frame-src 'self' https://app.vwo.com https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com; font-src 'self' data: https://script.hotjar.com https://loyal-lyrebird.cloudvent.net https://*.typekit.net; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.visualwebsiteoptimizer.com app.vwo.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://surveystats.hotjar.io https://ask.hotjar.io https://in.hotjar.com https://*.googlesyndication.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 2 frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 2 img-src 'self' blob: *.googlesyndication.com 'unsafe-inline' data: 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 2 frame-ancestors 'self' simplicate.nl; 2 default-src 'self' https://www-cdn01.avisonyoung.com https://api-eu1.hubspot.com https://analytics.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://www-proxy01.avisonyoung.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://www.avisonyoungproperty.co.uk https://cdn.jsdelivr.net https://*.sharplaunch.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hs-banner.com http://script.hotjar.com https://script.hotjar.com https://*.sharplaunch.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://www-proxy01.avisonyoung.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://cdn.analytics.foleon.com https://previewer.foleon.com https://optimize.google.com https://uat-ay.buildout.com https://e.infogram.com https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://avantanalytics.avisonyoung.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsforms.com https://ext.chtbl.com https://www.googleoptimize.com https://js-eu1.hsleadflows.net https://www.google.com https://www.gstatic.com https://js-eu1.usemessages.com https://js-eu1.hsadspixel.net https://analytics.avisonyoung.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js-eu1.hubspot.com https://cdn.jsdelivr.net https://www.avisonyoungproperty.co.uk https://sdk.sharplaunch.com https://cdnjs.cloudflare.com https://maps.google.com https://realtyads.com https://www.onelink-edge.com https://link.edgepilot.com https://analytics.sharplaunch.com https://*.sharplaunch.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com https://optimize.google.com https://buildout-production.s3.amazonaws.com https://e.infogram.com https://vars.hotjar.com https://avantanalytics.avisonyoung.com https://*.hsforms.com https://omny.fm https://forms-eu1.hubspot.com https://app-eu1.hubspot.com https://analytics.avisonyoung.com https://player.cohostpodcasting.com https://bid.g.doubleclick.net https://open.spotify.com https://td.doubleclick.net https://app.powerbi.com https://realtyads.com https://api.mapbox.com; connect-src 'self' https://www-cdn01.avisonyoung.com https://www.google-analytics.com https://maps.googleapis.com/ https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com https://s3.eu-west-2.amazonaws.com https://assets.foleon.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hs-banner.com https://web.chtbl.com https://stats.g.doubleclick.net https://forms-eu1.hubspot.com https://vimeo.com https://api-eu1.hubspot.com https://api-eu1.hubapi.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://content.hotjar.io https://metrics.hotjar.io https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://cta-eu1.hubspot.com https://cdn.growthbook.io https://sdk.sharplaunch.com https://analytics.sharplaunch.com https://5igwwa7oi7.execute-api.us-east-1.amazonaws.com https://pagead2.googlesyndication.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 2 upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none' 2 img-src * data: 2 base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.emmi-caffelatte.com *.emmi-kaltbach.com *.emmi.com ssgtm.derscharfemaxx.com ssgtm.kaeserei-studer.ch newsletter.chaesbueb.ch *.kaiku.es *.gstatic.com fonts.googleapis.com *.google.com *.googleadservices.com content.googleapis.com ajax.googleapis.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.youtube.com youtu.be www.facebook.com connect.facebook.net ct.pinterest.com tr6.snapchat.com export.highcharts.com intocities.com *.pipedrive.email analytics.tiktok.com issuu.com sc-static.net/scevent.min.js tr.snapchat.com emmilangnau.us3.list-manage.com eepurl.com dialog.scoutsss.com business.dialogify.io static.dialogify.io business.scoutsss.com s.pinimg.com *.freizeitplan.net *.eqs.com *.hana.ondemand.com *.equitystory.com siteimproveanalytics.com *.prospective.ch *.hotjar.com wss://*.hotjar.com *.typekit.net *.mookie1.com fonts.bunny.net cdn.polyfill.io emmi-chatbot.smack.build js.frubil.info ga-dev-tools.appspot.com player.vimeo.com pano.nautilusstudios.ch charts3.equitystory.com webservices.newsbox.ch live.solique.ch e3.marco.ch embed.eventfrog.ch *.spotify.com spotify.com *.issuu.com *.tiqcdn.com *.tiqcdn.cn *.tealiumiq.com emmi-luzerner-farm-auslastung.vercel.app cdnjs.cloudflare.com *.clarity.ms *.adnxs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.emmi-caffelatte.com *.emmi-kaltbach.com *.kaiku.es www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com *.googleadservices.com www.youtube.com connect.facebook.net tags.tiqcdn.com siteimproveanalytics.com sc-static.net tr.snapchat.com *.clarity.ms *.adnxs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.bunny.net *.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.typekit.net fonts.bunny.net data:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' jobs.emmi.com newsletter.chaesbueb.ch www.google.com youtu.be www.youtube.com pano.nautilusstudios.ch tr.snapchat.com charts3.equitystory.com export.highcharts.com e.issuu.com embed.eventfrog.ch irpages2.eqs.com forms.office.com td.doubleclick.net; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' ssgtm.kaeserei-studer.ch *.google-analytics.com ssl.gstatic.com www.gstatic.com *.google.com *.google.at *.googleadservices.com www.google.ch www.google.de stats.g.doubleclick.net *.doubleclick.net www.facebook.com ct.pinterest.com s3.eu-west-1.amazonaws.com business.scoutsss.com *.eqs.com *.siteimproveanalytics.io emmi-chatbot.smack.build *.mookie1.com *.adnxs.com embed.eventfrog.ch c.clarity.ms data: 2 default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2 default-src 'self' https://css.page-source.com https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; 2 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2 frame-ancestors 'self' https://www.totbarcelona.cat https://totbarcelona.cat https://vadevi.elmon.cat https://vadegust.cat https://www.vadegust.cat https://monesport.cat https://www.monesport.cat https://balearsvadegust.cat https://www.balearsvadegust.cat https://monterrassa.cat https://monplaneta.cat https://www.la-clau.net https://www.tornaveu.cat https://tornaveu.cat https://www.elmon.cat https://mundus.cat https://vermuts.es https://vinari.cat https://totbarcelona.elmon.cat https://la-clau.net https://diarilaveu.cat https://www.diarilaveu.cat https://diarilaveu.com https://www.diarilaveu.com https://laveupv.com https://www.laveupv.com https://balearsvadevi.cat https://www.balearsvadevi.cat https://elsingular.cat https://www.elsingular.cat https://mon.cat https://www.mon.cat https://www.lasemaineduroussillon.com https://lasemaineduroussillon.com; 2 block-all-mixed-content; frame-ancestors 'none'; 2 frame-ancestors 'self' https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 2 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 2 script-src unsafe-inline http: https: https://www.baindepot.com/ 'unsafe-inline' 'unsafe-eval' *.digitalbridgehq.com *.fixtuur.io *.adobedtm.com *.adobe.com *.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com s.ytimg.com *.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com https://www.gstatic.com/recaptcha/ *.google.com *.google.ca *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com *.affirm.com *.affirm.ca 'unsafe-eval' 'unsafe-inline' *.baindepot.com *.bathdepot.com *.bathdepot.ca www.googleadservices.com *.g.doubleclick.net *.google-analytics.com *.facebook.com *.facebook.net t.trackedlink.net *.noibu.com *.addthisedge.com *.addthis.com z.moatads.com *.online-metrix.net *.signifyd.com *.trackedlink.net *.trackedweb.net *.heatmap.it *.hotjar.com *.hotjar.io *.bing.com *.dotdigital.com *.comapi.com *.tawk.to *.tawk.link cdn.jsdelivr.net ajax.cloudflare.com *.dotdigital-pages.com *.ksearchnet.com *.klevu.com wurfl.io *.dotmailer-surveys.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.aptrinsic.com *.jotform.com *.jotfor.ms *.jotform.io *.klaviyo.com *.a.klaviyo.com *.telemetrics.klaviyo.com *ad.doubleclick.net *.static-tracking.kla *.clarity.ms *.gorgias.chat *.gorgias.io *.gorgias.work js.klevu.com wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com wheeliofuncstats.azurewebsites.net *.stackadapt.com qvdt3feo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' https://www.baindepot.com/ *.digitalbridgehq.com *.fixtuur.io *.adobe.com *.baindepot.com *.bathdepot.com *.bathdepot.ca maxcdn.bootstrapcdn.com *.klevu.com *.google.com *.google.ca *.heatmap.it *.ksearchnet.com *.affirm.com *.jsdelivr.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai wurfl.io *.paypal.com *.aptrinsic.com *.jotfor.ms *.jotform.io *.klaviyo.com wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.googleapis.com *.ksearchnet.com *.stackadapt.com; img-src data: http: https: assets.adobedtm.com *.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: blob: www.googleadservices.com *.ftcdn.net *.behance.net data: *.paypal.com *.paypalobjects.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.googleusercontent.com *.affirm.com *.affirm.ca *.baindepot.com *.bathdepot.com *.bathdepot.ca *.google.com *.google.ca *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.facebook.com *.facebook.net *.ggpht.com *.signifyd.com *.addthis.com *.online-metrix.net *.abmr.net *.trackedlink.net online.swagger.io *.heatmap.it *.ytimg.com *.bing.com *.tawk.to *.tawk.link *.jsdelivr.net ajax.cloudflare.com *.klevu.com *.ksearchnet.com wurfl.io *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.dotmailer-surveys.com *.jotform.com *.jotfor.ms *.jotform.io *.adentifi.com *.klaviyo.com *.static-tracking.klaviyo.com *.a.klaviyo.com *.telemetrics.klaviyo.com *ad.doubleclick.net *.static-tracking.kla *.clarity.ms *.gorgias.chat *.gorgias.io *.gorgias.work mageside.com *.canadapost.ca https://*.online-metrix.net wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.stackadapt.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com *.typekit.net *.digitalbridgehq.com *.fixtuur.io data: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.google.com *.google.ca *.bootstrapcdn.com *.g.doubleclick.net *.heatmap.it *.tawk.to *.tawk.link cdn.jsdelivr.net *.klevu.com *.ksearchnet.com wurfl.io *.affirm.ca *.affirm.com *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.paypal.com *.static.klaviyo.com *.gorgias.chat *.gorgias.io *.gorgias.work *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com data: 'unsafe-inline'; frame-src https: 'self' *.moneris.com assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.digitalbridgehq.com *.fixtuur.io *.klevu.com *.ksearchnet.com *.moneris.com *.affirm.ca; frame-ancestors 'self'; connect-src 'self' data: blob: 'unsafe-inline' dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com www.googleadservices.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com *.paypal.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca wss: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.g.doubleclick.net *.hotjar.com *.hotjar.io *.noibu.com *.addthis.com *.facebook.com *.facebook.net *.signifyd.com bt.signifyd.com:11103 *.trackedweb.net *.demdex.net *.comapi.com *.tawk.to *.tawk.link *.klevu.com *.ksearchnet.com *.digitalbridgehq.com *.fixtuur.com *.klaviyo.com wurfl.io *.jsdelivr.net *.cloudflare.com bat.bing.com *.google-analytics.com *.google.com *.google.ca *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.jotform.com *.jotfor.ms *.jotform.io *.gorgias.chat *.gorgias.io *.gorgias.work https://telemetrics.klaviyo.com/ wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.stackadapt.com *.bamboohr.com; default-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com *.paypal.com *.baindepot.com *.bathdepot.com *.bathdepot.ca *.facebook.com *.hotjar.com *.hotjar.io *.google.com *.google.ca *.googleapis.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.vimeo.com *.affirm.com *.jotform.com *.jotfor.ms *.jotform.io *.gorgias.chat *.gorgias.io *.gorgias.work *.canadapost.ca https://sso.epost.ca 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://connect.facebook.net https://www.google-analytics.com https://unpkg.com https://cdn.rawgit.com https://cdn-media.web-view.net https://cdn.simplebooking.it https://cdn.jsdelivr.net https://cdn.datatables.net https://vee-crm.com js https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://forms.monday.com https://analytics.tiktok.com; 2 default-src 'none'; frame-ancestors 'none'; script-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com; worker-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com blob:; connect-src 'self' api.segment.io cdn.segment.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com editor.ne16.com data: blob:; frame-src 'self' https://*.appcues.com; style-src 'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline'; img-src 'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net blob: data: *; font-src 'self' fonts.gstatic.com data:; report-uri /Analytics/api/Error/Csp; 2 frame-ancestors 'self' apac.marketing.adobe.com 2 default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 2 worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com https://googleads.g.doubleclick.net https://www.googletagmanager.com 2 default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 2 default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 2 img-src 'self' data: https: 2 script-src 'unsafe-inline' 'unsafe-eval' http: https: 2 default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob: 2 frame-src https://www.google.com https://app.hubspot.com https://forms.hsforms.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; form-action 'self' https://forms.hsforms.com; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://js.usemessages.com/conversations-embed.js https://js.hsforms.net/forms/embed/v2.js https://ssl.google-analytics.com/ga.js https://www.pagespeed-mod.com/v1/taas; 2 default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data:; 2 frame-ancestors 'self' https://*.onlineplasticsgroup.com https://onlineplasticsgroup.com 2 default-src * blob: data: filesystem: javascript: mediastream:; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; frame-ancestors 'self' 2 frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com 2 frame-ancestors 'self' *.facebook.com 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.unica.vn www.googletagmanager.com connect.facebook.net web.facebook.com www.facebook.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com onesignal.com tpc.googlesyndication.com webpush.vn cdnjs.cloudflare.com accounts.google.com www.google.com www.youtube.com zoom.us source.zoom.us cdn.jsdelivr.net unpkg.com npmcdn.com translate.google.com sp.zalo.me analytics.tiktok.com w.ladicdn.com salekit.io za.zdn.vn embed.tawk.to cdn.tailwindcss.com ipinfo.io *.googleapis.com apis.google.com *.edubit.vn www.wiris.net edubit.live www.pdftron.com fchat.vn cdn.fchat.vn embed.ybai.me salekit.page player.vimeo.com livechat.fpt.ai www.misa.vn a.pancake.vn api.webcake.io zigzag.vn yoga.vn app.chatbiz.vn chatgpt.com sf-cdn.coze.com rc-help.pagefly.io; worker-src 'self' blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dbwas.service.deutschebahn.com flinkster.omq.de app.usercentrics.eu tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com assets.bahn-x.de www.gstatic.com https://www.gstatic.com www.google.com https://www.google.com *.payengine.de webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net; style-src 'self' 'unsafe-inline' webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net flinkster.omq.de; img-src 'self' data: *.tile.openstreetmap.org https://*.usercentrics.eu webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net flinkster.omq.de i.ytimg.com https://osm-prod.noncd.db.de/services/; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data:; 2 default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://151.80.69.121 http://62.210.201.98 http://195.154.187.103 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 http://195.154.225.146 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 2 default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self'; 2 default-src * gap:; script-src blob: 'self' http://* https://* * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data: blob: android-webview-video-poster:; style-src * 'unsafe-inline'; 2 connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: fonts.gstatic.com fonts.googleapis.com www.googleadservices.com googleads.g.doubleclick.net td.doubleclick.net www.googletagmanager.com www.google-analytics.com region1.google-analytics.com analytics.google.com *.analytics.google.com ajax.googleapis.com *.force.com snap.licdn.com *.leadboxer.com cdn.cookielaw.org *.onetrust.com *.ads.linkedin.com privacyportal-de.onetrust.com stats.g.doubleclick.net www.linkedin.com *.hotjar.com www.youtube-nocookie.com cdn-images.mailchimp.com www.google.com www.google.nl *.adsymptotic.com *.livechatinc.com *.hotjar.io img.youtube.com *.pardot.com ortec.my.salesforce-sites.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com go.ortec.com cdn.linkedin.oribi.io ws.zoominfo.com; 2 base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com *.crazyegg.com https://tracking.g2crowd.com https://google.com;default-src 'self' *.crazyegg.com;font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'self' https://esko.showpad.biz;frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com *.crazyegg.com *.cvent.com https://td.doubleclick.net https://esko317.outgrow.us;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com *.crazyegg.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com *.crazyegg.com *.cvent.com https://tracking.g2crowd.com *.pardot.com https://*.esko.com blob:;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.crazyegg.com;worker-src 'self' blob:; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.youtube.com/iframe_api https://*.gstatic.com https://www.google.com/recaptcha/api.js https://*.tiktok.com https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com/ https://www.google.com/ https://*.cookiebot.com https://*.doubleclick.net; report-uri /api/csp-report 2 default-src 'self' ;script-src 'self' 'unsafe-inline' data: *.googleapis.com *.twitter.com *.facebook.net www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com storage.bannernow.com c.bannerflow.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data:;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;frame-src 'self' www.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io storage.bannernow.com c.bannerflow.net;worker-src 'self' self blob: 'unsafe-inline'; 2 default-src'self' 2 worker-src 'self' blob:; 2 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2 default-src * blob: data: https: *.crazyegg.com; script-src https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; style-src https: 'unsafe-inline' *.crazyegg.com; worker-src blob: 'self' 2 frame-ancestors 'self' http://admin.bonami.cz 2 font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: oct8necdneu.azureedge.net *.oct8ne.com https://widgets.trustedshops.com https://fonts.gstatic.com use.fontawesome.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.vimeo.com *.oct8ne.com *.googletagmanager.com *.cookiebot.com *.retailrocket.net *.google.com *.google.es *.facebook.net *.facebook.com *.facebook.es *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.oct8ne.com *.cookiebot.com *.google.com.ua *.facebook.com *.bing.com *.etrusted.com *.retailrocket.net *.facebook.net *.facebook.es *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com cdn.datamanager.arinet.com partstream.arinet.com cdn.doofinder.com *.ggpht www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ polyfill.io *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.facebook.net *.bing.com *.trustedshops.com/ connect.facebook.net bat.bing.com *.retailrocket.net *.facebook.com *.facebook.es *.klarna.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com services.arinet.com partstream.arinet.com use.fontawesome.com cdn.doofinder.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.etrusted.com *.trustedshops.com *.cookiebot.com *.retailrocket.net *.google.com *.google.es *.facebook.net *.facebook.com *.facebook.es https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://fonts.googleapis.com use.fontawesome.com partstream.arinet.com *.doofinder.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.trackingplan.com *.cookiebot.com *.googlesyndication.com *.bing.com *.retailrocket.net *.facebook.net *.facebook.com *.facebook.es *.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.doofinder.com wss://*.doofinder.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self' https://app.socialscreen.com 2 default-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net; script-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.salesforceliveagent.com c.la4-c2-dfw.salesforceliveagent.com c.la1-c1-ord.salesforceliveagent.com *.facebook.net *.doubleclick.net *.rmtag.com *.linksynergy.com 'unsafe-inline'; style-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.facebook.com; font-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.hsforms.com *.doubleclick.net; object-src 'none' 2 frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 2 frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 2 frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 2 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 2 block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 2 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.googleapis.com data: https://api.systempay.fr/static/ https://cdnjs.cloudflare.com *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.cloudfront.net *.audiorista.com *.pubfront.com *.tharpa.com tharpa.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.canadapost.ca https://sso.epost.ca *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.link.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com www.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ *.google.com/ *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ mageside.com *.canadapost.ca *.canadapost-postescanada.ca https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.cloudfront.net mcusercontent.com *.afip.gob.ar *.intuit.com *.audiorista.com *.pubfront.com *.tharpa.com tharpa.com * blob: www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardi