Values for content-security-policy:
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 9,702
upgrade-insecure-requests 8,426
upgrade-insecure-requests; 4,289
frame-ancestors 'self' 2,707
block-all-mixed-content 1,609
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 1,023
frame-ancestors 'self'; 683
frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 548
frame-ancestors 'none' 471
block-all-mixed-content; 415
default-src https: data: 'unsafe-inline' 'unsafe-eval' 322
320
frame-ancestors 'none'; 277
frame-ancestors 'self' https://*.ally.ac; 221
default-src * data: 'unsafe-eval' 'unsafe-inline' 215
img-src https: data:; upgrade-insecure-requests 178
report-uri /report-csp-violation 174
frame-ancestors 'self' ; 172
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests; 136
frame-ancestors 'self' http://webvisor.com 115
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 99
upgrade-insecure-requests; frame-ancestors 'self' 97
frame-ancestors 'self'; default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 96
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 93
frame-ancestors 'self' https://app.kajabi.com 88
default-src http: https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.gov.cn 67
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 60
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 57
frame-ancestors 'self' *.google.com *.googleusercontent.com 56
frame-ancestors 'self' https://explore.oracle.com https://my.oracle.com https://eeho.fa.us2.oraclecloud.com 55
frame-ancestors 'self' live.sagepay.com 55
frame-ancestors about: 'self' 52
default-src 'self' http: https: data: blob: 'unsafe-inline' 52
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 45
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 44
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://ajax.googleapis.com https://cdn.exoticads.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.google.com/cv/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/eureka/ https://www.gstatic.com/cast/ https://*.nr-data.net https://chaturbateapps.disqus.com https://*.disquscdn.com https://disqus.com https://certify-js.alexametrics.com ;  style-src 'self' data: 'unsafe-inline' https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.disquscdn.com ;  img-src 'self' data: https://*.highwebmedia.com https://*stream.highwebmedia.com https://*.chaturbate.com https://chaturbate.com https://www.google-analytics.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com https://cdnjs.cloudflare.com https://www.gstatic.com https://*.nr-data.net https://*.disquscdn.com https://links.services.disqus.com https://referrer.disqus.com https://certify.alexametrics.com https://stats.g.doubleclick.net ;  font-src 'self' data: https://*.highwebmedia.com https://cdnjs.cloudflare.com https://fonts.gstatic.com ;  connect-src 'self' blob: blob https://*.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 https://*.nr-data.net https://*.chaturbate.com https://chaturbate.com wss://recommend.chaturbate.com:8443 https://www.google-analytics.com https://links.services.disqus.com https://cbvideoupload.s3-accelerate.amazonaws.com https://stats.g.doubleclick.net https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  media-src 'self' https://*.highwebmedia.com https://*.chaturbate.com https://chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com;  object-src 'self' https://*.highwebmedia.com https://download.macromedia.com https://public.chaturbate.com https://s3pv.highwebmedia.com https://cbphotovideo.s3.amazonaws.com https://cbphotovideo-eu.s3.amazonaws.com https://public.chaturbate.com.s3.amazonaws.com https://wowdvr.s3.amazonaws.com https://cbvideoupload.s3.amazonaws.com ;  frame-src 'self' https://*.chaturbate.com https://chaturbate.com https://*.highwebmedia.com https://adserver.exoticads.com https://www.google.com/recaptcha/ https://disqus.com ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.chaturbate.com https://chaturbate.com https://*.stream.highwebmedia.com https://www.coinpayments.net https://wnu.com ;  manifest-src 'self' https://*.highwebmedia.com ;  report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 42
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 42
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 42
frame-ancestors 'self'; upgrade-insecure-requests 41
default-src 'self' 39
frame-ancestors https://*.poki.io http://localhost:1234 38
self 36
default-src 'self'; frame-src 'none'; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 34
* 34
report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com *.artfut.com cookies.onetrust.com cdn.cookielaw.org optanon.blob.core *.youtube-nookie.com *.fospha.com *.shorthand.com *.shorthandstories.com *.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net *.pardot.com sc-static.net *.tiktok.com *.snapchat.com *.ibytedtos.com *.arabclicks.com; 33
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js 31
report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 30
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 30
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 30
frame-ancestors https://cue.forum.cue.cloud 29
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 28
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 26
frame-ancestors 'self' azeu.marketing.adobe.com 26
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 25
upgrade-insecure-requests; block-all-mixed-content 24
upgrade-insecure-requests; block-all-mixed-content; 23
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 23
frame-ancestors 'self' https://*.adobe.com 23
script-src 'self'    23
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com creative.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 23
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 22
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 22
policy-definition 22
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 21
default-src 'none' 21
script-src 'unsafe-inline' 'unsafe-eval' http: https: 21
frame-ancestors none; 21
default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 20
block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com  https://go.indeedassessments.com/ https://take.indeedassessments.com/; frame-src 'self' *.indeed.com  https://accounts.google.com/ https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; img-src 'self' *.indeed.com  data: d13w2n5a9i6r56.cloudfront.net d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net https://res.cloudinary.com www.google-analytics.com https://www.google.com/ads https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://stats.g.doubleclick.net https://*.tvpixel.com/* https://*.optimizely.com/* https://d.turn.com/* https://idsync.rlcdn.com/* https://pt.ispot.tv; default-src 'self' 'unsafe-inline' data: *.indeed.com  d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://d13w2n5a9i6r56.cloudfront.net/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://d3fw5vlhllyvee.cloudfront.net/frontend-sentry-bundle/v1.1.2/js/sentry.js https://apis.google.com/js/platform.js https://app-sj07.marketo.com/js/forms2/js/forms2.min.js https://browser.sentry-cdn.com/4.3.3/bundle.min.js https://browser.sentry-cdn.com/4.4.2/bundle.min.js https://*.tvpixel.com/* https://*.optimizely.com/* https://cdn.optimizely.com/js/10668710116.js https://munchkin.marketo.net/munchkin.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://pxl.indeed.com/* https://match.prod.bidr.io/cookie-sync/indeed https://rs.fullstory.com/rec/; 20
report-uri /report-csp-violation; upgrade-insecure-requests 20
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 20
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 20
frame-ancestors 'self' https://widget.stackla.com https://app-sj14.marketo.com https://store.nvidia.com https://resources.nvidia.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com https://www.nvidia.cn https://wwwqa.nvidia.com https://preview.nvidia.com https://www.nvidia.com https://events.rainfocus.com https://store.nvidia.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in; 19
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 19
frame-ancestors * 19
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 19
frame-ancestors 'self' https://preview.citynavigator.nl 19
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net 'self' blob:; frame-src *; 19
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'none'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; plugin-types application/x-shockwave-flash application/pdf; report-uri https://www.cspreport.nl 19
frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 18
frame-ancestors 'self' https://sage.pathfactory.com; 18
default-src https: 'unsafe-inline' 'unsafe-eval' 18
default-src 'self'; connect-src https:; font-src https:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 18
frame-ancestors 'self' http://hybris.com https://hybris.com https://discovery-center.cloud.sap https://www.discovery-center.cloud.sap http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com *.omtrdc.net;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 17
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 17
frame-ancestors none 17
default-src 'self' http: https: *.yandex.ru *.google.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com *.googlesyndication.com data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://widget.my.feedot.com/ https://a24help.ru/ https://top-fwz1.mail.ru/ https://yastatic.net *.googlesyndication.com *.yandex.ru cdn.ampproject.org pagead2.googlesyndication.com storage.googleapis.com googleads.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com www.googletagservices.com securepubads.g.doubleclick.net adservice.google.com.ua adservice.google.com securepubads.g.doubleclick.net www.google-analytics.com *.googleadservices.com cse.google.com *.google.com *.googlesyndication.com;  img-src 'self'  data: *.alicdn.com *.gstatic.com  *.yandex.ru *.yandex.net  https://wcm-ru.frontend.weborama.fr https://www.tns-counter.ru https://top-fwz1.mail.ru/ https://edugram.com *.doubleclick.net *.googleads.g.doubleclick.net *.googlesyndication.com storage.googleapis.com pagead2.googlesyndication.com  securepubads.g.doubleclick.net google-analytics.com *.googleapis.com *.google.com *.googlesyndication.com *.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.googlesyndication.com; font-src 'self' *.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 17
script-src *; 16
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 16
default-src 'none'; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' data: *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com; connect-src 'self' wss://*.socialengagementcoaching.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com 16
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob: *.readspeaker.com *.speechstream.net; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 16
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp&region=US&lang=en-US&device=desktop&partner=default; 15
frame-ancestors  'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 15
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 15
default-src 'self'; 15
default-src 'self' *.edge-cdn.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.edgekey.net  *.bing.com  *.ccmp.eu  *.cookiebot.com  *.edge-cdn.net   *.google-analytics.com  *.googletagmanager.com  *.lidl  *.lidl-flyer.com  *.lidl.com  *.lidl.net  *.multichannelacd.de  *.secrz.de  *.virtualearth.net  ads.yahoo.com  advdl.ammadv.it  assets.zendesk.com  c.imedia.cz  cm.g.doubleclick.net  connect.facebook.net  d.adroll.com  d.adroll.mgr.consensu.org  form.lidl.com  lidl.media01.eu  lidlplus-prod-api.azurewebsites.net lidlqform.omax.cz  s.adroll.com  s.ytimg.com  tagmanager.google.com  track.adform.net  us-u.openx.net  www.dwin1.com  www.googleadservices.com www.google.com www.youtube.com; img-src 'self' data: *.bing.com *.ccmp.eu *.doubleclick.net *.edge-cdn.net *.google-analytics.com *.googleusercontent.com *.lidl *.lidl-flyer.com *.lidl.com *.lidl.net *.openstreetmap.org *.osm.org *.secrz.de *.virtualearth.net advdl.ammadv.it assets.zendesk.com c.imedia.cz d.adroll.com ib.adnxs.com idsync.rlcdn.com lidlplusprod.blob.core.windows.net lidlplusstaticcontentpro.blob.core.windows.net lidlplusstoragestaging.blob.core.windows.net s-static.ak.facebook.com ssl.gstatic.com stats.g.doubleclick.net track.adform.net www.facebook.com www.google.com www.googletagmanager.com www.gstatic.com x.bidswitch.net; style-src 'self' 'unsafe-inline' *.bing.com *.secrz.de assets.zendesk.com fonts.googleapis.com form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com form.lidl.com data: themes.googleusercontent.com; frame-src 'self' https: 'unsafe-inline'; connect-src 'self' *.analytics.edgekey.net *.bing.com *.ccmp.eu *.edge-cdn.net *.google-analytics.com *.lidl *.lidl.com *.lidl.net *.multichannelacd.de *.openstreetmap.org *.osm.org *.secrz.de *.test *.video-cdn.net *.virtualearth.net appgateway.lidlplus.com content.lidlplus.com form.lidl.com lidl.media01.eu lidlplus-prod-api.azurewebsites.net lidlplus-uat-api.azurewebsites.net stats.g.doubleclick.net; frame-ancestors 'self' *.bing.com *.ccmp.eu *.google-analytics.com *.googletagmanager.com *.lidl *.lidl.ch *.lidl.com *.lidl.net *.poi-service.de *.secrz.de *.test accounts-qa.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts.lidl.com website-lidl-account-dev.azurewebsites.net *.lidl-shop.pl *.lidl-sklep.pl; 15
frame-ancestors 'self' https://*.plazz.net ; 15
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 15
frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 15
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; 14
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 14
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 14
default-src http://ip-api.com/ 'self' 'unsafe-inline' 'unsafe-eval' https: data: 14
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com; 14
default-src 'self'; script-src 'self' 'unsafe-inline' 14
frame-ancestors https:; 14
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 14
referrer origin 14
frame-ancestors 'self' *.pubble.nl *.pubble.cloud *.pubble.dev *.omnyo.nl 14
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 14
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 14
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 13
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com  http://addshoppers.s3.amazonaws.com  http://connect.facebook.net  https://www.gstatic.com http://www.rtb123.com  http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com    http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com mpsnare.iesnare.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com  *.rtb123.com  *.s3.amazonaws.com https://tt.mbww.com/  https://shop.pe  https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com  https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://optimizely-hrd.appspot.com/ https://*.trustarc.com/ https://consent.trustarc.com/ http://consent.trustarc.com/ https://consent.truste.com/ *.queue-it.net *.taboola.com/ secfld.vmmpxl.com https://isz.app.sparkinfluence.net/ https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js  https://ajax.cloudflare.com https://cdn1.affirm.com/ https://www.affirm.com/  ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com maxcdn.bootstrapcdn.com tagmanager.google.com  *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com https://assets.bounceexchange.com https://cdn1.affirm.com/;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe  *.scdn2.secure.raxcdn.com https://*.buschgardens.com  https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com https://assets.bounceexchange.com;frame-src 'self' https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/  https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://members.cj.com https://survey.seaworldentertainment.com/ https://survey.zohopublic.com/ https://hpc.uat.freedompay.com/ https://hpc.freedompay.com/ https://consent-pref.trustarc.com/ https://*.trustarc.com https://x.m.buschgardens.com/ http://www.youtube.com/ https://cdn1.affirm.com/;connect-src 'self' https://staticxx.facebook.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe  https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com https://tag.mtrcs.samba.tv/v3/tag/edelman/seaworld-all/sambaTag.js https://cdn.quantummetric.com/qscripts/quantum-seaworld.js https://pixel.mtrcs.samba.tv/v2/tag/edelman/seaworld-all/ https://trc.taboola.com/ https://isz.app.sparkinfluence.net/ https://api-cf.affirm.com/ https://tracker.affirm.com/ https://www.affirm.com/api/v2/cookie_sent/%0d%0a; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/  *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg  s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/  https://stage-media.scdn6.secure.raxcdn.com/; 13
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  24703.online-adventskalender.de *.b-ite.com *.bitkomplex.de *.bright-guide.de *.cdn.office.net *.cookiebot.com *.dvinci-hr.com *.etracker.com *.etracker.de *.exmap.de *.facebook.com *.flickr.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk.de *.ihk24.de *.linkedin-ei.com *.microsoft.com *.newsletter2go.com *.staticflickr.com *.twimg.com *.twitch.tv *.twitter.com *.userlike.com *.vimeo.com *.wahlplus.de *.wirecard.com *.xing-events.com *.youtube.com app.cituro.com b6df6a39-9bba-47b4-b1e3-367604039de3.rlets.com bc.pressmatrix.com berufsausbildung-aachen-ihk.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.rlets.com cdnjs.cloudflare.com code.createjs.com code.jquery.com/jquery-3.1.1.min.js con.arbeitsagentur.de connect.facebook.net consentcdn.cookiebot.com corona.conterra.de cottbus-ihk-pruefungen.de covid19.webtvcampus.de d3dc1lgancj6l0.cloudfront.net datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net dq4irj27fs462.cloudfront.net e.issuu.com e.video-cdn.net editor.signavio.com embed.nexx.cloud expertenpool.automatisierungsregion.de geoportal-hamburg.de haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net hk24.perbit-job.de hk24.perbit-job.de  html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-darmstadt-portal.rexx-recruitment.com ihk-potsdam.perbit-job.de ihk-schwerin.wahlplus.de ihk-weiterbildung-oldenburg.de ihk.selbstdenker.com ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com inx.odav.de isi.hdb-hamburg.de komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.watch/vp/nachhaltigkeitsdialog.html maxcdn.bootstrapcdn.com pam.ihk-schleswig-holstein.de plugins.flockler.com roundme.com routenplaner.bus-bahn-thueringen.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com static.issuu.com tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vimeo.com vstdbv3 w.soundcloud.com walls.io web.ihk-pfalz.net web.inxmail.com wss://chat.userlike.com/chat/ www.ausbildungslauf.de www.azubi-magdeburg-ihk.de www.bahn.de www.berufe.tv www.bso-hessen.de www.etermin.net www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.unikam.de www.vvs.de www.youtube-nocookie.com  ;  report-uri /blueprint/servlet/serviceport/rest/csplogging/logViolation ;  13
default-src http: data: 'unsafe-inline' 'unsafe-eval' 13
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 13
frame-ancestors 'self'; img-src 'self' i.notino.com cdn.notinoimg.com blob: data: *; 13
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 13
object-src 'self' 13
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 13
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 12
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 12
block-all-mixed-content; frame-ancestors 'self' 12
frame-ancestors 12
img-src data: https: 12
default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com  data: *.accesso.com; img-src 'self' https: data: blob:; 12
prefetch-src *.metartnetwork.com *.hustler.com; default-src 'self' blob: *.metartnetwork.com *.hustler.com; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.hustler.com *.metartnetwork.com *.metart.network *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.hustler.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.hustler.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.hustler.com *.metartnetwork.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com; frame-src 'self' *.twitter.com *.hustler.com *.metartnetwork.com *.youtube.com *.vimeo.com *.atlassian.net; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.hustler.com *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.hustler.com *.metartnetwork.com *.zdassets.com; worker-src 'self' data: blob: wss:; object-src 'none' 12
frame-ancestors 'self' sun.eduzz.com *.monetizze.com.br *.hotmart.com; 12
default-src 'self' 'unsafe-inline' 12
default-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://cdn1.readspeaker.com https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://f1-eu.readspeaker.com https://monitoring.echobot.de https://event.beyondwork2020.com https://walls.io https://streaming.talk42.de 'unsafe-inline' blob:; img-src 'self' https://www.bmbf.de https://*.bmbfcluster.de https://*.tile.openstreetmap.org/ https://api.mapbox.com/ 'unsafe-inline' data:;font-src 'self' data:; 12
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 12
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 12
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 11
default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 11
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 11
frame-ancestors self 11
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com; frame-ancestors 'self'; 11
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm https://api.mapbox.com https://*.tiles.mapbox.com;block-all-mixed-content;upgrade-insecure-requests; 11
frame-ancestors 'self' https://*.etracker.com 11
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: * 11
'self' https://ajax.googleapis.com 11
default-src 'self' https://*.ndcmediagroep.nl;base-uri 'self';frame-ancestors 'self';object-src 'none';block-all-mixed-content;upgrade-insecure-requests;img-src 'self' data: https://s3.eu-central-1.amazonaws.com/ndc-cookiewall-images/;script-src 'self' https://cdn.harvest.graindata.com/ 'unsafe-inline';style-src 'self' 'unsafe-inline' 11
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 11
default-src https: data: blob: mediastream: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' 11
frame-ancestors 'self'; base-uri 'self'; 11
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com; 10
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 10
frame-ancestors http://kpmg.experiencecloud.adobe.com 10
frame-ancestors https://*.marketo.com 10
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 10
report-uri //report-csp-violation 10
frame-ancestors 'self' *.ci360.sas.com 10
frame-ancestors *; 10
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 10
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 10
frame-ancestors 'self'; report-uri /report-csp-violation 10
default-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 10
default-src https: blob:; frame-ancestors 'self' *.ford.com.cn *.lincolnstore.com.cn https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src  https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src  https:  'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 10
base-uri 'self'; 10
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net *.google-analytics.com *.hotjar.com *.googletagmanager.com *.qsmly.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.geetest.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 10
frame-ancestors cuedev.ece.ksml.fi cue.media.fi; 10
report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 10
frame-ancestors accounts.shopbase.com:443 templates.shopbase.com:443 test-templates.shopbase.com:443 'self' 10
default-src 'self' https://cdn.perf1.com https://saspresence.perf1.com; object-src 'none'; frame-src * 10
frame-ancestors 'self' *.roomlynx.net  10
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv 10
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 10
child-src 'self' https://b2b.verizonmedia.com https://pages.oath.com https://www.youtube.com https://pages.verizonmedia.com https://delivery.vidible.tv https://content.uplynk.com/; worker-src 'self' blob:; frame-ancestors 'self' https://b2b.verizonmedia.com 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.timeweb.net *.timeweb.ru *.timeweb.eu timeweb.eu *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com onthe.io *.onthe.io i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net blob: staging.timeweb.com 9
frame-ancestors 'self' *.basf.com basf-performance-materials.expo-ip.com 9
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors https://*.adobemsbasic.com https://*.lingotek.com https://*.nuance.com https://*.nuance.fr https://*.nuance.de https://*.nuance.es https://*.nuance.co.uk 'self' https:; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 9
frame-ancestors https://*.gov.cn  http://*.gov.cn http://zwfw.cq.gov.cn http://wmcs.devdemo.trs.net.cn 9
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 9
upgrade-insecure-requests;connect-src * 9
default-src * ; img-src * 'self' data: blob: mediastream: https: 'unsafe-inline' 'unsafe-eval'; font-src * 'unsafe-inline' 'unsafe-eval' 'self' data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval'; 9
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: 9
reflected-xss block 9
script-src 'self' 'unsafe-inline' 'unsafe-eval'  connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 9
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 9
script-src * 'unsafe-inline' 'unsafe-eval' file: data: blob: filesystem: 9
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 9
default-src * data: 'unsafe-inline' 'unsafe-eval' 9
none 9
img-src * 9
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 9
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw; frame-ancestors 'self' vznrw-piwik.init-ag.de; 9
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 9
frame-src * 9
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 8
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 8
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org; upgrade-insecure-requests 8
upgrade-insecure-requests; base-uri 'self' 8
frame-ancestors https://oa.sheincorp.cn http://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn 8
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net www.snapengage.com https://storage.googleapis.com/code.snapengage.com/js/ https://prod-nplayer.dacast.com/lib/theoplayer/ https://analytics.webgains.io/ https://analytics-wg.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; img-src 'self' https: data:; media-src 'self' https://ftr.imgix.net; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com https://view.vzaar.com https://www.facebook.com https://*.fls.doubleclick.net https://optimize.google.com www.snapengage.com https://www.expresvpn-private-analytics.net; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://*.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.snapengage.com https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://api.webgains.io/ https://track.webgains.com/ https://w-it.m-t.io/ https://www.mczbf.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 8
frame-ancestors 'self' http://localhost:* https://*.bustle.com 8
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 8
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 8
frame-ancestors https://*.canalplus.com https://*.cnews.fr 8
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 8
base-uri 'self'; frame-ancestors 'self' 8
frame-ancestors 'self' https://*.ccma.cat http://*.ccma.cat; 8
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
block-all-mixed-content; upgrade-insecure-requests; 8
nosniff 8
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.syndication.twimg.com https://cdn.tradelab.fr https://connect.facebook.net https://d2hya7iqhf5w3h.cloudfront.net https://dfc.inovestor.com https://fo-api.omnitagjs.com https://fonts.googleapis.com https://ib.adnxs.com https://js-agent.newrelic.com https://js.hs-scripts.com https://pixels.omnitagjs.com https://platform.twitter.com https://script.crazyegg.com https://snap.licdn.com https://tm.vendemore.com https://track.adform.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://its.tradelab.fr https://js.hsadspixel.net/fb.js https://js.hs-analytics.net https://js.hsleadflows.net https://www.googleadservices.com https://static.hotjar.com https://a.optnmstr.com https://www.youtube.com https://js.hsforms.net https://forms.hsforms.com https://script.hotjar.com https://s.ytimg.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://app.interactiveads.ai https://maps.googleapis.com https://cdn.rawgit.com http://cdn.siteimprove.net https://tagmanager.google.com https://js.hs-banner.com https://s2.adform.net https://c.go-mpulse.net https://173c5b0c.akstat.io dfc.inovestor.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://unpkg.com; style-src * 'unsafe-inline' 'unsafe-eval' 8
frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 8
default-src * 'unsafe-inline' 'unsafe-eval' data: blob 8
frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 8
frame-src *; 8
frame-ancestors 'self' *.vergic.com 8
object-src 'none' 8
frame-ancestors 'self' http://*.elsevier.es/ 8
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net tagmanager.google.com platform.twitter.com;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de api.permutive.com adservice.google.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be player.vimeo.com secureframe.doubleclick.net universe.queue-it.net www.google.com www.universe.com www.youtube.com youtu.be terriverhoeven.wufoo.com;worker-src 'self' blob: 8
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 8
frame-ancestors 'self' https://*.facebook.com; 8
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.ametek.com *.ametekweb.com *.baidu.com *.boltdns.net *.bootstrapcdn.com *.brightcove.com *.brightcove.net *.brightinfo.com *.cloudflare.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.usemessages.com *.hsadspixel.net *.hubspot.com *.jquery.com *.list-manage.com *.mailchimp.com *.maxcdn.com *.pardot.com *.pingdom.net *.sharethis.com *.site24x7rum.com *.spectro.com *.thomasnet.com *.twimg.com *.twitter.com *.vimeo.com *.webtraxs.com *.youku.com *.youtube.com *.zencdn.net *.zopim.com *.vresp.com *.zdassets.com *.marketingautomation.services *.leadforensics.com *.constantcontact.com *.icontact.com *.linkedin.com *.hootsuite.com *.3dpublisher.net *.amazonaws.com https://js.hscta.net https://js.hs-banner.com https://js.hsleadflows.net *.force.com https://analytics-eu.clickdimensions.com *.clickdimensions.com *.zoominfo.com https://snap.licdn.com *.salesforceliveagent.com *.salesforce.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.lightning.com *.visualforce.com *.adobedtm.com *.rumiview.com *.simpli.fi *.googletagmanager.com *.kickfire.com *.doubleclick.net *.lightning.com *.adroll.com *.ytimg.com *.loopanalytics.com 'unsafe-eval';style-src * 'unsafe-inline';font-src * 'unsafe-inline' data:;img-src * 'unsafe-inline' data:;frame-src * 'unsafe-inline';connect-src * 'unsafe-inline';worker-src 'self' blob:;media-src 'self' *.boltdns.net *.akamaihd.net blob:;object-src 'unsafe-inline' 'self' 8
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com 7
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 7
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 7
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 7
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 7
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net ssl.google-analytics.com *.google.com *.gstatic.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com; object-src 'self' 7
frame-ancestors https://nurture.solarwinds.com/ https://try.solarwinds.com/ https://www.solarwinds.com/ 7
block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline'  'unsafe-eval'; 7
upgrade-insecure-requests ; 7
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' *.royal-canin.de; 7
form-action https: 7
default-src 'self';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline';  font-src * 'unsafe-inline' 7
base-uri 'self' 7
frame-ancestors 'self' *.psplugin.com 7
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io ; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com ; frame-ancestors 'self' https://trustseal.enamad.ir 7
frame-ancestors 'none' ; 7
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 7
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 7
base-uri 'self'; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https:; upgrade-insecure-requests; default-src 'self' https://*.googlesyndication.com; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/ 7
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' wss://*.iadvize.com 7
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 7
object-src 7
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org 7
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 7
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://survey.g.doubleclick.net https://tagmanager.google.com *.googleapis.com *.gstatic.com  https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://app-sj01.marketo.com https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com https://cdnjs.cloudflare.com https://radiomd.com https://tours.sunnymedia.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com *.twimg.com *.marketo.com *.sitefinity.xyz *.tenethealth.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://www.gstatic.com https://ssl.gstatic.com https://optimize.google.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com  *.google.co.in *.google.com *.googletagmanager.com *.tenethealth.com  https://*.youtube.com https://app-sj01.marketo.com https://stats.g.doubleclick.net https://service-prep.tenethealth.com https://68956.global.siteimproveanalytics.io https://i.ytimg.com https://px.marchex.io https://pixel.mathtag.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com; media-src 'self' data: blob:; form-action *.sitefinity.xyz *.facebook.com 'self' https://optimize.google.com https://paypage.epx.com ; frame-src *.marketo.com *.sitefinity.xyz 'self'  *.tenethealth.com *.google.com *.youtube.com *.facebook.com *.facebook.com/tr/  https://optimize.google.com https://tenethealth.outgrow.us https://platform.twitter.com https://tenethealthbotprodcontainer01.azurewebsites.net/ https://pixel.mathtag.com/ https://player.vimeo.com/ https://radiomd.com https://tours.sunnymedia.com https://9207741.fls.doubleclick.net https://my2.siteimprove.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.marketo.com *.sitefinity.xyz *.tenethealth.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  https://optimize.google.com https://survey.g.doubleclick.net https://dyv6f9ner1ir9.cloudfront.net https://362-lxb-565.mktoutil.com https://storage.googleapis.com https://i.ytimg.com https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.googletagmanager.com *.youtube.com/iframe_api  https://pnapi.invoca.net https://maps.googleapis.com https://d.monetate.net https://se.monetate.net https://s.ytimg.com https://pixel.mathtag.com https://player.vimeo.com https://rw1.marchex.io https://resources.xg4ken.com https://rw1.marchex.io https://resources.xg4ken.com https://ajax.googleapis.com https://solutions.invocacdn.com https://polyfill.io http://siteimproveanalytics.com https://cdn.siteimprove.net https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com https://se.monetate.net https://d.monetate.net  'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.twitter.com *.marketo.com *.inquicker.com *.sitefinity.xyz *.tenethealth.com  *.siteimprove.net *.facebook.com *.google.com *.google.co.in *.gstatic.com  https://googleads.g.doubleclick.net https://static.doubleclick.net https://munchkin.net https://stats.g.doubleclick.net https://pnapi.invoca.net https://www.google-analytics.com https://player.vimeo.com https://pixel.mathtag.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://s.ytimg.com https://se.monetate.net https://maps.googleapis.com https://maps.gstatic.com https://siteimproveanalytics.com https://d.monetate.net https://rw1.marchex.io https://resources.xg4ken.com https://www.googletagmanager.com https://ajax.googleapis.com https://px.marchex.io https://my2.siteimprove.com https://www.googletagmanager.com https://maps.googleapis.com https://munchkin.marketo.net https://solutions.invocacdn.com https://service-uat.tenethealth.com https://service-test.tenethealth.com https://service-prep.tenethealth.com  https://id.siteimprove.com https://cdn.siteimprove.net https://polyfill.io https://www.google-analytics.com https://www.youtube.com https://munchkin.marketo.net https://68956.global.siteimproveanalytics.io https://siteimproveanalytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://px.marchex.io https://www.googletagmanager.com https://my2.siteimprove.com https://s.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://se.monetate.net https://rw1.marchex.io https://ajax.googleapis.com https://resources.xg4ken.com  *.baptisthealthsystem.com *.nacmedicalcenter.com *.resolutehealth.com *.providencechildrenshospital.com *.thehospitalsofprovidence.com *.valleybaptist.net *.dmc.org *.childrensdmc.org *.rimrehab.org *.brookwoodbaptisthealth.com *.saintfrancishosp.com *.saintfrancisbartlett.com *.eastcoopermedctr.com *.hiltonheadregional.com *.piedmontmedicalcenter.com *.coralgableshospital.com *.delraymedicalctr.com *.floridamedctr.com *.goodsamaritanmc.com *.hialeahhosp.com *.northshoremedical.com *.palmbeachchildrenshospital.com *.pbgmc.com *.palmettogeneral.com *.stmarysmc.com *.westbocamedctr.com *.stvincenthospital.com *.mwmc.com *.abrazohealth.com *.carondelet.org *.desertcarenetwork.com *.doctorsmanteca.com *.dmc-modesto.com *.emanuelmedicalcenter.org *.fountainvalleyhospital.com *.lakewoodregional.com *.losalamitosmedctr.com *.placentialinda.com *.sanramonmedctr.com *.sierravistaregional.com *.twincitieshospital.com *.brookwoodbaptistmedicalcenter.com *.brookwoodwomensmedicalcenter.com *.citizensbaptistmedicalcenter.com *.princetonbaptistmedicalcenter.com *.shelbybaptistmedicalcenter.com *.walkerbaptistmedicalcenter.com *.tenethealthcentralcoast.com https://img.youtube.com; 7
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 7
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; base-uri 'none' 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&ar=true&a=cmscache 6
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://3g2upl4pq6kufc4m.onion/ https://duck.co ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 6
frame-ancestors 'self' *.wellsfargo.com 6
media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 6
frame-ancestors 'self' *.nokia.com; report-uri /report-csp-violation 6
frame-ancestors https://pam.mcafee.com 6
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 6
upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 6
frame-ancestors 'self' *.freshworks.com *.freshsuccess.com *.freshsuccess.io views.paperflite.com app.paperflite.com web.paperflite.com canvas.paperflite.com 6
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://rum-http-intake.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://*.hotjar.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net; frame-src https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://vars.hotjar.com https://*.doubleclick.net; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 6
default-src *; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 6
frame-ancestors *.ivanti.com https://dash.cloudflare.com 6
frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' https://c.riskified.com wss://*.firebaseio.com wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://h.online-metrix.net https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in  https://*.redbus.com https://*.googleapis.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://*.google.co.in https://*.facebook.net http://www.googleadservices.com https://www.facebook.com https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon.riskified.com https://tags.tiqcdn.com http://cdn-akamai.mookie1.com https://*.firebaseio.com https://h.online-metrix.net https://*.twitter.com  https://static.ads-twitter.com https://www.googletagservices.com https://bam.nr-data.net https://*.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com http://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://*.redbus.in https://www.gstatic.com http://*.rdbuz.com; img-src 'self' data: blob: https://img.riskified.com https://web-elb https://*.online-metrix.net https://*.goibibo.com https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://*.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com  https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com http://origin-st.redbus.in https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com  https://ssl.google-analytics.com https://*.facebook.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://api.midtrans.com https://www.glassdoor.co.in; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in  http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://*.firebaseapp.com https://*.firebaseio.com  https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://*.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://*.facebook.com https://www.youtube.com https://dis.as.criteo.com; object-src 'self' 6
default-src https: 'unsafe-eval' 'unsafe-inline' 6
img-src *; 6
; 6
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 6
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 6
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 6
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve 6
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net *.google-analytics.com *.hotjar.com *.googletagmanager.com *.qsmly.com *.googleapis.com *.cdnnetworks.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.gstatic.com *.geetest.com; worker-src 'self' blob:; report-uri https://csp.trackit.tk/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 6
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 6
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru www.google-analytics.com *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net megatimer.ru stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' megatimer.ru mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru anycaster.tv *.anycaster.tv livezvezda.mediacdn.ru *.livezvezda.mediacdn.ru newapp.bonus-tv.ru *.newapp.bonus-tv.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru yandex.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://vuz.mil.ru https://www.mil.ru https://*.mil.ru https://anycaster.tv https://livezvezda.mediacdn.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 6
default-src 'self' *.cscglobal.com *.swiftypecdn.com  *.swiftype.com *.doubleclick.net *.google-analytics.com geoip-js.com *.maxmind.com *.typekit.net api.company-target.com sample-api-v2.crazyegg.com api.hubapi.com; script-src 'self' ws.zoominfo.com js.hs-banner.com js.hsadspixel.net *.swiftypecdn.com  *.swiftype.com *.wufoo.com tag.demandbase.com script.crazyegg.com s3.amazonaws.com dnn506yrbagrg.cloudfront.net gateway.zscalertwo.net sjs.bizographics.com px.ads.linkedin.com *.google-analytics.com *.googletagmanager.com *.maxmind.com 'unsafe-inline' 'unsafe-eval' *.typekit.net forms.hsforms.com api.hubapi.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net *.hubspot.com *.googleadservices.com tagmanager.google.com *.zmags.com snap.licdn.com; style-src 'self' ocp.cscglobal.com ocu.cscglobal.com gateway.zscalertwo.net *.swiftypecdn.com fast.fonts.net fonts.googleapis.com 'unsafe-inline' tagmanager.google.com ssl.gstatic.com *.gstatic.com; img-src 'self' p.adsymptotic.com *.swiftype.com *.cscglobal.com  *.googletagmanager.com googleapis.com match.prod.bidr.io segments.company-target.com cdn2.hubspot.net *.google-analytics.com *.crazyegg.com *.google.com track.hubspot.com data: *.doubleclick.net ssl.gstatic.com *.gstatic.com *.zmags.com px.ads.linkedin.com; font-src 'self' 'unsafe-inline' ocp.cscglobal.com ocu.cscglobal.com data: fonts.gstatic.com *.typekit.net; frame-src 'self' *.youtube.com *.wufoo.com forms.hsforms.com *.zmags.com drive.google.com 6
worker-src 'self'; 6
Content-Security-Policy-Report-Only 6
frame-ancestors 'self' https://dashboard.vidy.com; 6
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 6
default-src * 'unsafe-inline' 'unsafe-eval'; 6
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com code.jquery.com sentry.io stats.g.doubleclick.net sumo.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com themes.googleusercontent.com wrss-2c7e.kxcdn.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.libsyn.com *.twitter.com sumo.com twitter.com; img-src 'self' *.bbb.org *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com about: assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net data: dp8k5pf9le6li.cloudfront.net extended-validation-ssl.thawte.com https://seal.verisign.com pubads.g.doubleclick.net seal.thawte.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com syndication.twitter.com twitter.com verify.authorize.net wrss-2c7e.kxcdn.com; manifest-src ammo.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com wrss-2c7e.kxcdn.com www.ammoforsale.com www.ammoman.com www.ammunitiontogo.com www.bulkammo.com www.cheapammo.com www.luckygunner.com www.targetbarn.com www.wideners.com; media-src 'self' *.facebook.com; object-src 'self' *.facebook.com www.luckyreferrals.com; report-uri https://sentry.io/api/1201369/security/?sentry_key=66651cc2476b475987e75acc58880acc; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.bbb.org *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com api.bufferapp.com assets.targetbarn.com blob: browser.sentry-cdn.com buttons.reddit.com cdn-secure.luckygunner.com cdn.ravenjs.com code.jquery.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net reddit.com seal.thawte.com seal.verisign.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com verify.authorize.net widgets.pinterest.com wrss-2c7e.kxcdn.com www.linkedin.com www.luckyreferrals.com www.reddit.com; style-src 'self' 'unsafe-inline' *.bbb.org *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com assets.targetbarn.com cdn-secure.luckygunner.com d1w4q6ldc8l0qo.cloudfront.net d3s1gm5djwyp3q.cloudfront.net dp8k5pf9le6li.cloudfront.net sload.sumo.com static-cdn.ammunitiontogo.com static-secure.cheapammo.com static1-bulkammocom.netdna-ssl.com sumo.b-cdn.net wrss-2c7e.kxcdn.com 6
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 6
frame-ancestors 'self' *.facebook.com *.vk.com 6
report-uri https://sentry.io/api/1481323/security/?sentry_key=6a0d90a447e5404786cce69b90774dbc https://sentry.io/api/1481316/security/?sentry_key=5ed17bd323a34165b4278b59fe665e28 6
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 6
upgrade-insecure-requests; base-uri 'self'; 6
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 6
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 6
default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 6
frame-ancestors 'self' https://api.opentlv.com 6
default-src https: http://*.sim-cms.net http://sdk.listenlive.co 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http://cdn.saleminteractivemedia.com; 6
default-src * 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 6
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 6
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net clients.opinary.com compass.pressekompass.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 5
frame-ancestors 'self' https://*.target.com; 5
frame-ancestors 'self' hhs.gov *.hhs.gov 5
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 5
frame-ancestors 'self' https://*.adobe.com; 5
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https:  5
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 5
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 5
frame-ancestors https://*.complex.com 5
frame-ancestors https://app.c-spanbus.org https://*.c-span.org 5
frame-ancestors *; report-uri https://www.rackspace.com/report-uri/enforce 5
default-src 'none'; script-src 'self'; style-src 'self'; connect-src 'self' https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://322-bwx-936.mktoresp.com https://322-bwx-936.mktoutil.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://createsend.com/t/getsecuresubscribelink; font-src 'self'; object-src 'self'; img-src 'self' https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://secure.livechatinc.com; form-action 'self' https://agilemail.createsend.com https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe https://start.1password.com; prefetch-src https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors 'none' 5
frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 5
frame-ancestors https://*.ionos.de https://ionos.de https://*.ionos.at https://ionos.at https://*.profiseller.de https://profiseller.de https://*.1und1-partner.de https://1und1-partner.de https://*.1und1-hostingpartner.de https://1und1-hostingpartner.de https://*.1und1-premiumpartner.de https://1und1-premiumpartner.de; 5
frame-ancestors 'self' investor.cmegroup.com  http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com  www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com  https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com  https://benzinga.com https://www.benzinga.com https://m.benzinga.com  https://bz.benzinga.com https://zingbot.bz https://www.zingbot.bz https://m.zingbot.bz https://bz.zingbot.bz https://dev.futuresfirstacademy.com https://uat.futuresfirstacademy.com https://futuresfirstacademy.com http://stage.barchart.com http://www.barchart.com https://stage.barchart.com https://www.barchart.com https://www.infinityfutures.com https://datamineuat.cmegroup.com https://next.benzinga.com https://quotes.benzinga.com https://kilofutures.com https://m.cqg.com https://mdemo.cqg.com https://uatm.cqg.com  https://local.zingbot.bz https://www.gulfbondsukuk.org www.kgieworld.sg https://www.propex24.wpcomstaging.com https://www.propex24.com *.straitsfinancial.gate39tech.com us.straitsfinancial.com https://*.kapcoclients.com https://kapcoclients.com https://*.wallstreetbound.org https://wallstreetbound.org https://cofcointl.plateau.com https://rise.articulate.com https://members.tradeday.com; 5
child-src * 5
frame-ancestors 'self' https://app.brandwatch.com https://login.brandwatch.com https://app.stage.brandwatch.net https://auth-gateway.platform-stage.gcp0.bwcom.net https://login.brndwt.ch; 5
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com; 5
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au 5
frame-ancestors https://*.flexera.com https://*.flexerasoftware.com https://*.revenera.com; 5
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 5
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io; 5
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.netinnederland.nl *.2doc.nl *.vprogids.nl; 5
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 5
frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com https://www-dev.tibco.com https://tibco.seismic.com; report-uri /report-csp-violation 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net d.la1-c2-frf.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com d.la2-c2-cdg.salesforceliveagent.com d.la2-c1cs-cdg.salesforceliveagent.com c.la2-c1cs-cdg.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 5
: frame-ancestors 'none' 5
upgrade-insecure-requests; frame-ancestors 'self'; 5
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org; upgrade-insecure-requests; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report-block; report-to csp-endpoint-block 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: 5
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self' https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com 5
frame-ancestors 'self' goqubit.net ; 5
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: piwik.bmvg.de *.video-cdn.net *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://piwik.bmvg.de/report-uri/ 5
default-src 'self'; connect-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; font-src 'self' http://script.hotjar.com https://script.hotjar.com; frame-src https://vars.hotjar.com; img-src 'self' data: *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com *.hotjar.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 5
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 5
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 5
frame-ancestors http://webvisor.com 5
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at https://www.youtube.com; 5
frame-ancestors *.cas.cn 5
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 5
font-src *;img-src * data:; 5
frame-ancestors 'self' http://*.trendin.com https://*.trendin.com 5
frame-ancestors https://*.ptc.com https://ptc.seismic.com https://liveshareeast3.seismic.com 5
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 5
worker-src 'self' http://*.austlii.edu.au *.datalex.org www.lawnet.sg; 5
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 5
frame-ancestors 'self' weleda.sabio.de 5
style-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation 5
script-src 'self' 'unsafe-inline' 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn; object-src 'self' 5
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 5
default-src 'self'; img-src 'self' https://d300tb5wusuhi2.cloudfront.net https://assets.abenity.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://abs.twimg.com https://api.mapbox.com https://b.tiles.mapbox.com https://bam.nr-data.net https://bat.bing.com https://chart.apis.google.com https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://i.ytimg.com https://img.youtube.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://syndication.twitter.com https://www.google-analytics.com https://www.gstatic.com; font-src 'self' https://cloud.typography.com https://fast.wistia.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com; object-src 'self' https://embedwistia-a.akamaihd.net; connect-src 'self' 'unsafe-eval' https://d300tb5wusuhi2.cloudfront.net https://a.tiles.mapbox.com https://api.abenity.com https://api.mapbox.com https://bam.nr-data.net https://bat.bing.com https://distillery.wistia.com https://distillery.wistia.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://events.mapbox.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://app.wistia.com https://bam.nr-data.net https://bat.bing.com https://cdn.walkme.com https://distillery.wistia.com https://fast.wistia.com https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://use.fontawesome.com; media-src 'self'  https://d300tb5wusuhi2.cloudfront.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net blob:; frame-src 'self'  https://abenityinc.freshdesk.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://platform.twitter.com https://www.google.com https://www.youtube.com; report-uri https://api.abenity.com/public/csp-logger.json 5
referrer no-referrer 5
script-src https: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 5
default-src 'self' *.kpn.com; frame-ancestors 'self' app.optimizely.com kpn.blueconic.net mijnzakelijk.kpn.com www.grip-on-it.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.optimizely.com cdn.blueconic.net kpn.blueconic.net *.kpn.com *.salesforceliveagent.com www.googletagmanager.com tagmanager.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com www.google-analytics.com maps.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-reload.liquix.eu dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.pardot.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com survey.mopinion.com; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl www.google.com www.facebook.com *.doubleclick.net adservice.google.com invitation.opinionbar.com *.optimizely.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net csi.gstatic.com maps.gstatic.com maps.googleapis.com kpn.com fonts.googleapis.com www.google-analytics.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com; frame-src *.optimizely.com *.doubleclick.net ezpay.liquix.eu callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com fonts.gstatic.com static.customersaas.com; connect-src 'self' api-accept.customersaas.com www.google-analytics.com *.optimizely.com kpn.blueconic.net *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl ezpay.liquix.eu wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.tt.omtrdc.net https://adobeioruntime.net; object-src 'self' 5
child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com optimize.google.com gateway.euronext.com forms.logiforms.com https://*.iadvize.com *.iadvize.com aax-eu.amazon-adsystem.com *.trustcommander.net *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net www.ausschreiben.de cdn.thinglink.me *.thinglink.com 5
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 5
frame-ancestors 'none'; connect-src http://127.0.0.1:*; default-src https: 'unsafe-inline' 5
report-uri /csp-hotline.php; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net  https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com http://tomsk.effad.ru *.effad.ru effad.ru *.me-talk.ru disgusting.ru https://api-maps.yandex.ru *.yandex.net yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 5
default-src 'unsafe-inline' 'unsafe-eval' 'self'  https://www.mincotur.gob.es http://www.mincotur.gob.es https://use.fontawesome.com https://comercio.gob.es/ https://comercio.gob.es.aplicaciones https://comercio.serviciosmin.gob.es https://apis.google.com https://collect.sdgacceptance.eu https://collect.youreurope.europa.eu https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://cdn.syndication.twimg.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/; img-src 'unsafe-inline' 'self' https://www.mincotur.gob.es http://www.mincotur.gob.es https://* http://* data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://*; style-src-elem 'unsafe-inline' 'self' https://www.mincotur.gob.es http://www.mincotur.gob.es https://fonts.googleapis.com http://fonts.googleapis.com https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.mincotur.gob.es http://www.mincotur.gob.es https://platform.twitter.com; media-src 'unsafe-inline' 'unsafe-eval' 'self' https://* http://* 5
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 5
block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 5
default-src * data: blob: about:;script-src 'self' https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp 4
child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org firefox.com www.firefox.com www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com ad.doubleclick.net; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com sentry.prod.mozaws.net https://accounts.firefox.com/ https://accounts.firefox.com.cn/ 4
default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 4
frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 4
default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 4
upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 4
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 4
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 4
object-src 'none'; base-uri 'self' 4
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 4
connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://js.hs-banner.com https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com/pagead/conversion/477628662/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://static.hotjar.com/c/ https://script.hotjar.com/modules.0734134ae79697970353.js https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com; connect-src *; img-src 'self' data: https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg; frame-src 'self' https://embedsocial.com/ https://view-awesome-table.com/ https://vars.hotjar.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/; font-src 'self' data: https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com 4
frame-ancestors https://*.ionos.com https://ionos.com; 4
frame-ancestors 'self' *.windy.com:* 4
default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 4
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * https://www.google-analytics.com https://optimize.google.com https://optanon.blob.core.windows.net http://*.hotjar.com https://*.onetrust.com https://www.googletagmanager.com https://connect.facebook.net *.rfihub.net *.bing.com *.ads-twitter.com *.twitter.com *.t.co *.ytimg.com; style-src 'self' 'unsafe-inline' * blob: https://optimize.google.com https://fonts.googleapis.com https://optanon.blob.core.windows.net cdnjs.cloudflare.com cloud.typography.com *.twitter.com *.t.co ; img-src 'self' 'unsafe-inline' data: * https://www.google-analytics.com https://optimize.google.com https://code.jquery.com/ *.twitter.com *.facebook.com *.bing.com *.t.co; frame-src 'self' data: * https://optimize.google.com https://*.adsrvr.org *.rfihub.com; font-src 'self' 'unsafe-inline' data: * https://fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' * https://*.optmnstr.com; report-uri /report-csp-violation 4
frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com; 4
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 4
frame-ancestors 'self' https://help.patagonia.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 4
worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 4
frame-ancestors 'self' http://www.farmzone.com https://www.farmzone.com http://www.zoneverte.com https://www.zoneverte.com http://widget.twnmm.com https://widget.twnmm.com https://s1.twnmm.com http://beta.theweathernetwork.com https://beta.theweathernetwork.com http://beta.meteomedia.com https://beta.meteomedia.com http://*.theweathernetwork.com https://*.theweathernetwork.com http://*.meteomedia.com https://*.meteomedia.com https://www.flonase.ca 4
frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect; 4
frame-src 'self' *.microfocus.com *.ubembed.com https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://html5-player.libsyn.com/ http://demo.havendemo.com/; frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com https://microfocuspartner.force.com; 4
script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https: https://api.useinsider.com; 4
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 4
frame-ancestors 'self' http://info.barchart.com 4
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com 'unsafe-eval' 'unsafe-inline'; 4
frame-ancestors 'self';default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' *.optus.com.au *.ippayments.com *.pegacloud.net *.gomo.com.au; 4
frame-ancestors 'self' *.blackbaud.com; 4
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.oebb.at https://apis.google.com https://*.googleapis.com  https://*.azureedge.net https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com https://*.azureedge.net https://static.userback.io; connect-src 'self' https://*.oebb.at https://obc.rola.at https://*.azureedge.net https://directline.botframework.com wss://directline.botframework.com https://api.userback.io; img-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://static.userback.io https://oebbtalentinastorage.blob.core.windows.net data: blob:; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com  https://at.cloud.fabasoft.com https://roundme.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://ec21aac802964ead8485bcf19e4d7cc9.svc.dynamics.com https://*.azureedge.net https://live.virtual-events.at; frame-ancestors https://oebb-test.hafas.de https://*.oebb.at http://fahrplan.oebb.at; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 4
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: mediastream:; connect-src 'self' https: data: mediastream: blob:; font-src 'self' 'unsafe-inline' https: data:; media-src 'self' 'unsafe-inline' https: data: mediastream: blob:; child-src *; form-action 'self' 'unsafe-inline' https:; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; base-uri *; upgrade-insecure-requests 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net blob: data: 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://optimize.google.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https://fonts.googleaps.com https://fonts.gstatic.com http://chart.apis.google.com https://maxcdn.bootstrapcdn.com https://*.inside-graph.com https://use.typekit.net https://p.typekit.net data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.omegawatches.com https://www.omegawatches.cn https://www.omegawatches.com.tw https://www.omegawatches.com.hk https://www.omegawatches.jp https://www.omegawatches.co.kr https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.inside-graph.com https://use.typekit.net https://p.typekit.net; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 4
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content 4
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 4
default-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; img-src http: https: data: 4
block-all-mixed-content; upgrade-insecure-requests 4
frame-ancestors 'self' https://*.costco.co.uk https://*.costco.com.au https://*.costco.com.mx https://*.costco.co.jp https://*.costco.fr https://*.costco.es https://*.costco.is https://*.costco.co.kr https://*.costco.com.tw 4
style-src https: 'unsafe-inline' ; script-src https: data 'unsafe-inline' 'unsafe-eval' ; default-src * data: ; 4
default-src https: *.hwcdn.net *.teeitup.com *.golfid.io; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 4
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com;  font-src    'self' data: *.googleapis.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com;  object-src  'self' ;  frame-src   'self' data: *.facebook.com https://platform.twitter.com/ *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com;  form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io; 4
frame-ancestors 'self' https://*.adventhealth.com 4
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 4
frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 4
frame-ancestors 'self' https://tektronix.lookbookhq.com https://buzz.tek.com 4
default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *;frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 4
allow 'self'; 4
frame-ancestors *.nordangliaeducation.com *.tfaforms.net 'self' 4
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' api.mapbox.com blob:; style-src 'self' *.flickr.com *.staticflickr.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube.com *.vimeo.com country-profiles.unstatshub.org; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com www.google-analytics.com; report-uri /report-csp-violation 4
frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests 4
frame-ancestors 'self' https://*.experiencecloud.adobe.com https://experiencecloud.adobe.com https://experience.adobe.com 4
default-src 'self' blob: data:  *.miraheze.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org *.mediawiki.org mediawiki.org *.wikidata.org wikidata.org *.wmflabs.org *.google.com *.gstatic.com *.addthis.com *.youtube.com *.youtube-nocookie.com maxcdn.bootstrapcdn.com twitter.com *.creativecommons.org images.uncyc.org www.mikrodev.com *.reviservices.com *.twitter.com www.sciencedaily.com *.googleapis.com *.twimg.com discordapp.com *.tile.openstreetmap.org *.freenode.net *.sorcery.net *.fontawesome.com *.a.wmflabs.org nenawiki.org *.cloudytheology.com i.imgur.com na.llnet.sims3store.cdn.ea.com cdn.discordapp.com m.media-amazon.com image.tmdb.org *.stripe.com *.twitch.tv *.fastly.net *.facebook.com *.shields.io *.bilibili.com *.163.com discord.com googleusercontent.com imgbox.com cdnjs.cloudflare.com cdn.jsdelivr.net reddit.com *.reddit.com redd.it *.redd.it redditmedia.com *.redditmedia.com dropbox.com *.dropbox.com dropboxstatic.com *.dropboxstatic.com disqus.com *.disqus.com *.nicovideo.jp lh3.googleusercontent.com db.onlinewebfonts.com wikiapiary.com *.vimeo.com *.googleusercontent.com *.imgbox.com www.gnu.org www.desmos.com z.moatads.com www.recaptcha.net snap.berkeley.edu *.netease.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'  *.miraheze.org www.desmos.com snap.berkeley.edu 4
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 4
script-src 'unsafe-inline' 'unsafe-eval' 'self' www.googletagmanager.com idtechex.bamboohr.com platform.twitter.com ssl.google-analytics.com www.googleadservices.com *.idtechex.com oss.maxcdn.com ie7-js.googlecode.com https://googleads.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://cdn.syndication.twimg.com www.google.com www.gstatic.com ajax.googleapis.com *.livechatinc.com *.arcot.com *.verifiedbyvisa.com *.3dsecure-vrp.de *.cardinalcommerce.com *.securesuite.net *.securesuite.co.uk *.securecode.com *.citibank.com *.citibank.co.kr *.cardcenter.ch *.swisscard.ch *.icscards.nl *.sia.eu *.swedbank.se *.dnp-cdms.jp acs.cafis-paynet.jp *.hanacard.co.kr *.shinhancard.com *.wooricard.com *.hyundaicard.com *.wlp-acs.com *.secure.dkb.de *.nab.com.au *.mbank.pl *.ccb.com.cn *.cmbchina.com *.bccard.com *.cartasi.it ws.zoominfo.com 4
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 4
<options and value> 4
script-src 'self' 4
frame-ancestors 'self' www.haier.com *.haier.com cnwcm.haier.com http://cnwcm.haier.com https://mgta.trs.cn http://mgta.trs.cn http://devta.trs.cn *.haier.net *.tongshuai.com *.casarte.com *.geappliances.cn 4
frame-ancestors 'self' nurture.solarwinds.com; 4
font-src * 4
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 4
frame-ancestors 'self' *.promoplace.com; 4
frame-src api.xprt.com *.api.xprt.com extension.xprt.com *.extension.xprt.com xprt.com *.xprt.com energy-xprt.com *.energy-xprt.com agriculture-xprt.com *.agriculture-xprt.com environmental-expert.com *.environmental-expert.com google.com *.google.com google.es *.google.es ubembed.com *.ubembed.com braintreegateway.com *.braintreegateway.com newrelic.com *.newrelic.com *.gstatic.com *.googlesyndication.com *.googlesyndication.com iperceptions.com *.iperceptions.com doubleclick.net *.doubleclick.net vimeo.com *.vimeo.com youtube.com *.youtube.com placeholder.com *.placeholder.com dailymotion.com *.dailymotion.com d20854696ijsuu.cloudfront.net *.d20854696ijsuu.cloudfront.net d3c0q80nmylf81.cloudfront.net *.d3c0q80nmylf81.cloudfront.net d3pcsg2wjq9izr.cloudfront.net *.d3pcsg2wjq9izr.cloudfront.net dpjzd8xd615dp.cloudfront.net *.dpjzd8xd615dp.cloudfront.net adservice.google.com *.adservice.google.com 4
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' 4
frame-ancestors 'self' https://www.endesaclientes.com 4
connect-src 'self' habboo-a.akamaihd.net *.habbo.com www.facebook.com *.googlesyndication.com *.g.doubleclick.net hb.improvedigital.com pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com *.g.doubleclick.net *.googlesyndication.com *.gstatic.com images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net hb.improvedigital.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 4
frame-ancestors 'self' http://www.fx-graphics.com; 4
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 4
frame-ancestors 'self' https://smartnutri-stag.firebaseapp.com/ https://smartfitnutri.app/ 4
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; 4
default-src 'self' cdn.register.to 'unsafe-eval' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.register.to tld.register.to cdn.ywxi.net www.google-analytics.com seal.websecurity.norton.com s3-us-west-2.amazonaws.com www.trustedsite.com cdn.jsdelivr.net www.google.com cdn.datatables.net https:; style-src 'unsafe-inline' https:; manifest-src 'self' cdn.register.to 'unsafe-eval' https:; 4
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 4
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 4
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline';  4
default-src 'self'; connect-src 'self'; img-src 'self' data: 'unsafe-eval' ;  style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data:  4
frame-ancestors 'self' *.mathworks.com; 4
default-src 'self'; font-src 'self' 'unsafe-inline' https://cdn.podigee.com/; connect-src 'self' https://ottogroupunterwegs.podigee.io https://www.google.com https://media.manufactum.de https://*.scene7.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; img-src 'self' data: https://images.podigee.com/ https://manufactum.scene7.com https://media.manufactum.de https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://s.pinimg.com https://ct.pinterest.com; child-src blob: https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com; frame-src blob: https://bid.g.doubleclick.net https://*.adition.com https://s3.eu-central-1.amazonaws.com/esomecdn/60 https://www.google.com/maps/ https://test-brot-und-butter.mfdp.io https://www.brot-und-butter.de https://www.facebook.com https://cdn.podigee.com; worker-src blob:; media-src blob: 'self' https://media.manufactum.de https://*.scene7.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ottogroupunterwegs.podigee.io https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.net https://cdn.podigee.com https://media.manufactum.de https://cdn.epoq.de/flow/ https://*.arc.epoq.de/inbound-servletapi/ 'sha256-24E9spO23svDkTBI3pZ9OBMtJ9sLH2RiAbSkYdi/38c=' 'sha256-RK5gWrwaWY7/F6AUGQ9ZmFFw6206P+y8yxL2hevtowc='; style-src 'self' 'unsafe-inline' https://cdn.podigee.com/ https://media.manufactum.de  ; report-uri /sell/csp-violation; base-uri 'self' 4
default-src * 'unsafe-inline' 'unsafe-eval' data: 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google.com www.gstatic.com  www.onlinechatcenters.com *.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com googleads.g.doubleclick.net data:; style-src 'unsafe-inline' 'self' fonts.gstatic.com www.gstatic.com  fonts.googleapis.com tagmanager.google.com 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 4
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://s.ytimg.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagservices.com https://ad.doubleclick.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net https://*.googleusercontent.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io https://static-cdn.jtvnw.net https://i.ytimg.com 4
frame-ancestors 'self' www.nassp.org www.nhs.us www.njhs.us www.nehs.org www.natstuco.org www.principalsmonth.org files.nassp.org; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 4
frame-ancestors 'none'; upgrade-insecure-requests; 4
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 4
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * 'self' data: 'unsafe-inline'; connect-src *; media-src *; frame-src *; frame-ancestors *; 4
frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl itesco.sk 4
default-src 'self'; connect-src 'self' *; font-src 'self' data: fonts.googleapis.com *.fonts.googleapis.com *.gstatic.com *.tagmanager.google.com tagmanager.google.com *.paypalobjects.com *.cloudfront.net; img-src 'self' data: *; object-src jsctool.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; media-src 'self' *.youtube.de *.youtube-nocookie.com *.youtube.com *.youtu.be; frame-src 'self' *.adup-tech.com adup-tech.com *.youtube.de youtube.de *.youtube-nocookie.com *.youtube.com youtube.com *.youtu.be youtu.be *.herma.de *.umfragen-einfach.de *.test.umfragen-einfach.de umfragen-einfach.de *.doubleclick.net *.criteo.com *.webmasterplan.com *.paypal.com paypal.com *.paypal.de paypal.de uc8.tv *.uc8.tv; manifest-src 'self'; upgrade-insecure-requests 4
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com data: 4
default-src 'self'; connect-src 'self' *.yandex.ru *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.vk.com *.branch.io *.google.com *.google.ru *.livetex.ru *.livetex.me *.mail.ru *.google.com.ua odds.ru *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; script-src-elem 'self' 'unsafe-inline' cdn.syndication.twimg.com opentracking.ru *.gstatic.com *.twitter.com *.ytimg.com app.link *.branch.io *.vk.com onesignal.com *.onesignal.com *.livetex.me *.livetex.ru *.googletagmanager.com *.google-analytics.com *.yandex.ru *.facebook.net *.facebook.com odds.ru vk.com *.youtube.com *.vimeo.com *.wp.com *.google.com *.cloudflare.com yastatic.net webvisor.com *.mail.ru *.instagram.com *.imgur.com *.yastatic.net *.adfox.ru *.yandex.net; img-src 'self' data: *.wp.com *.w.org *.gravatar.com www.facebook.com *.youtube.com *.livetex.ru *.livetex.me *.google-analytics.com *.doubleclick.net *.google.com *.google.ru *.googleapis.com graph.facebook.com vk.com *.vk.com *.yandex.ru odds.ru opentracking.ru www.opentracking.ru *.twimg.com *.twitter.com *.gstatic.com *.googletagmanager.com *.google.com.ua *.yastatic.net *.adfox.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru *.ligastavok.ru ligastavok.ru *.yandex.net; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com odds.ru *.twitter.com *.twimg.com *.yastatic.net *.adfox.ru *.yandex.net onesignal.com *.onesignal.com; child-src 'self' *.youtube.com *.vimeo.com *.facebook.com *.vk.com vk.com *.twitter.com twitter.com *.livetex.ru *.livetex.me onesignal.com *.onesignal.com www.instagram.com *.google.com *.yandex.ru webvisor.com blob: https://mc.yandex.ru *.imgur.com imgur.com *.yastatic.net *.adfox.ru *.yandex.net vimeo.com; font-src 'self' 'unsafe-inline' *.gstatic.com *.livetex.ru *.livetex.me data:; media-src 'self' *.livetex.ru *.livetex.me *.yastatic.net *.adfox.ru *.yandex.net; frame-ancestors 'self' https://metrika.yandex.ru http://webvisor.com https://yastatic.net https://mc.yandex.ru; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.kaltura.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://connect.facebook.net https://maps.google.com https://hosting.img.dk https://siteimproveanalytics.com https://*.global.siteimproveanalytics.io 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 4
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 4
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 4
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self'  *.bigcommerce.com 4
; frame-ancestors 'self' 4
default-src 'self' 'unsafe-inline'; 4
default-src 'self' blob: https://*.map.qq.com ; connect-src 'self' https://*.mapbox.com https://*.tiles.mapbox.com https://*.google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.googlesyndication.com https://translate.googleapis.com https://*.parkopedia-ppds.com https://*.google.com https://slack.com https://business.parkopedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.google.com https://*.google.cn https://*.tiles.mapbox.com https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.gtimg.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.googleapis.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://*.mapbox.com https://*.stripe.com https://*.adroll.com https://*.workable.com https://*.ampproject.org https://browser-update.org https://*.bootstrapcdn.com https://*.fuelcdn.com https://cdn.datatables.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.fontawesome.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.recaptcha.net https://*.google.com https://*.google.gr;style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://*.fuelcdn.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.fontawesome.com https://*.tiles.mapbox.com https://*.gstatic.com https://*.mapbox.com https://unpkg.com;font-src 'self' 'unsafe-inline' chrome-extension data: https: https://*.fontawesome.com http://fonts.gstatic.com;img-src 'self' blob: data: https: http://p.parkopedia.com http://p.parkopedia.cn http://*.openstreetmap.org;frame-src 'self' https://*.g.doubleclick.net https://*.qq.com https://*.google.com https://*.stripe.com https://*.googlesyndication.com https://*.parkopedia.com https://*.parkopedia.com https://*.dcos.parkopedia.com https://*.localhost.com https://*.localhost.co.uk;object-src blob: data: https://*.qq.cn https://*.qq.com https://*.map.qq.com https://*.localhost.com https://*.parkopedia.com;report-uri https://csp.parkopedia.com/api/csppolicyreport/?apiver=23&cid=avalon_iu4ryufghgjrf 4
default-src 'self' http: https: data: blob: 'unsafe-eval' style-src: 'unsafe-inline' wss://vts.zohopublic.com 4
default-src 'self'  https://*.cms.vwfs.tools https://*.vwfsindia.co.in;  img-src 'self'  data:    https://cms-assets.vwfs.io https://*.cms.vwfs.tools https://*.volkswagenbank.de https://*.omtrdc.net https://*.demdex.net https://img.youtube.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.iadvize.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://cm.everesttech.net  https://*.scene7.com https://*.userzoom.com https://smetrics.www.vwfs.de https://*.adform.net https://www.facebook.com https://*.linkedin.com https://t23.intelliad.de https://c.imedia.cz https://dev.day.com https://t.co https://www.google.com https://www.google.de;    script-src 'self'  'unsafe-inline' https://*.volkswagenbank.de https://*.iadvize.com https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.googleapis.com https://storagewebcalcweud.blob.core.windows.net https://www.volkswagenbank-cloud.de https://t23.intelliad.de https://t13.intelliad.de https://assets.adobedtm.com https://*.omtrdc.net https://*.omniture.com https://*.adobe.com https://*.demdex.net https://cm.everesttech.net https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://www.googletagmanager.com https://c.imedia.cz https://www.seznam.cz https://*.thunderhead.com https://*.twitter.com https://*.fls.doubleclick.net https://static.ads-twitter.com https://www.googleadservices.com https://*.vwfsindia.co.in https://cc.cdn.civiccomputing.com https://*.advsearch.vwfs.io;  style-src 'self' 'unsafe-inline' https://*.iadvize.com https://fonts.googleapis.com https://*.userzoom.com https://*.vwfsindia.co.in;  connect-src 'self' https://vimeo.com    https://calculator.volkswagenbank.de https://*.iadvize.com wss://*.iadvize.com https://*.youtube.com https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.demdex.net https://cm.everesttech.net https://*.tt.omtrdc.net https://*.omtrdc.net *.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io;  frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com;  object-src 'none';  font-src 'self' https://fonts.gstatic.com ;  frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://*.adform.net https://*.iadvize.com https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://vwfms.com https://online.flowpaper.com https://jobs.careerpage.fr https://faleconosco.bancovw.com.br https://atendimento-eletronico.bancovw.com.br https://www.vwfstools.co.uk; 4
frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 4
default-src 'self' https://www-cdn01.avisonyoung.com; style-src 'self' 'unsafe-inline' https://www-cdn01.avisonyoung.com https://fonts.googleapis.com https://proxy.ay.prod.3whst.com https://platform.twitter.com https://ton.twimg.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://tagmanager.google.com https://fast.fonts.net https://cdn.foleon.com https://s3.eu-west-2.amazonaws.com; font-src 'self' data: https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://fonts.gstatic.com https://s3.eu-west-2.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www-cdn01.avisonyoung.com https://proxy.ay.prod.3whst.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://pi.pardot.com https://go.avisonyoung.com https://buildout.com https://platform.twitter.com https://www-cdn01.avisonyoung.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://ceros.com https://static.cloudflareinsights.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://widget.usersnap.com https://resources.usersnap.com https://ajax.googleapis.com https://s3.eu-west-2.amazonaws.com https://cdn.analytics.foleon.com https://previewer.foleon.com; img-src https: data: blob:; frame-src 'self' https://buildout.com https://platform.twitter.com https://syndication.twitter.com https://youtu.be https://www.youtube.com https://avison-young.foleon.com https://avison-young.preview.foleon.com https://www.google.com https://go.avisonyoung.com https://vimeo.com https://player.vimeo.com https://public.tableau.com https://forms.office.com *.youtube-nocookie.com https://dev.gvadob.ie https://experience.arcgis.com https://infogram.com; connect-src 'self' https://www.google-analytics.com https://widget.usersnap.com https://api.analytics.foleon.com https://api.foleon.com; media-src 'self' blob: https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; object-src 'self' https://www-cdn01.avisonyoung.com *.youtube-nocookie.com; worker-src 'self' blob: 4
connect-src *; default-src 'self'; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
default-src 'self' wss://www.reasedoper.pw wss://www.nathetsof.com https://pagead2.googlesyndication.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self' blob: ;img-src * data:;media-src *;font-src *;script-src 'self' http://sdnats.com http://zstat.org/ http://www.sparnove.com/ https://www.sparnove.com/ http://sparnove.com/ https://sparnove.com/ http://sparnove.com https://sparnove.com http://www.sparnove.com https://www.sparnove.com http://igropoisk.com http://www.igropoisk.com http://rigaletto.info/ http://listat.org https://listat.org https://static.reasedoper.pw https://nathetsof.com https://www.nathetsof.com http://nathetsof.com http://www.nathetsof.com http://static.reasedoper.pw https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://sparnove.com https://api.push.world/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 4
frame-ancestors 'self' https://booking2.centerparcs.fr https://booking2.centerparcs.nl https://booking2.centerparcs.de https://booking2.centerparcs.com https://booking2.centerparcs.eu https://booking2.centerparcs.ch https://booking2.centerparcs.be 4
frame-ancestors 'self' https://cvonline.lt https://www.cvonline.lt; 4
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com 4
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: 4
frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com *.pricespider.com 4
frame-src *.2checkout.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com *.adobe.com *.outgrow.us 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 4
default-src: https: 'unsafe-inline' 4
frame-ancestors *.benq.com *.benq.eu 4
frame-ancestors 'self' learn.arcgis.com *.esri.com 4
frame-src 'self' *.jiathis.com *.baidu.com 4
frame-ancestors 'self' *.epublishmerck.com facebook.com; 4
frame-ancestors 'self' https://shopproxy.p-s-s.de 4
default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ;  report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 4
object-src 'self'; 4
upgrade-insecure-requests; report-uri /__csp-collector/index 4
default-src 'self' * 'unsafe-inline' data:; 4
default-src 'self' wss://www.mataharirama.xyz wss://mataharirama.xyz http://www.mataharirama.xyz https://www.mataharirama.xyz http://www.mataharirama.xyz http://www.mataharirama.xyz wss://www.reasedoper.pw wss://nathetsof.com wss://www.nathetsof.com http://nathetsof.com https://nathetsof.com http://reasedoper.pw https://reasedoper.pw wss://sparnove.com wss://www.sparnove.com https://sparnove.com http://sparnove.com https://pagead2.googlesyndication.com https://api.push.world/ http://banners.mlgame.org https://*.pozvonim.com/ http://api.pozvonim.com/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;child-src * 'self'  blob: ;img-src * data:;media-src *;font-src *;script-src http://sdnats.com http://vuryua.ru/ https://adservice.google.de/ http://sparnove.com https://sparnove.com http://zstat.org https://zstat.org https://gridiogrid.com/ https://www.gridiogrid.com/ http://www.gridiogrid.com/ https://wwwgridiogrid.com/ http://bstat.org/  http://igrid.org/ http://ogrid.org/ http://code.moviead55.ru http://mataharirama.xyz http://rigaletto.info/ https://cdnjs.cloudflare.com/ http://syndication.exdynsrv.com https://syndication.exdynsrv.com http://vogozaw.ru http://cdn.jsdelivr.net https://cdn.jsdelivr.net http://adcentr.info https://adcentr.info http://listat.org https://listat.org https://static.reasedoper.pw http://nathetsof.com https://nathetsof.com http://www.nathetsof.com https://www.nathetsof.com http://static.reasedoper.pw http://polldaddy.com/ https://relap.io/ http://*.poll.fm/ https://relboxru.push.world http://vogorana.ru/ http://vogozaq.ru/ http://videopotok.pro/ http://youtuibes.com http://t.insigit.com/ http://front.facetz.net http://kitbit.net/ http://*.pluso.ru http://*.pinterest.com 'self' http://m.addthis.com/ http://wqogrp.yjgmmpkot.xyz/ http://m.addthisedge.com/ http://myhit.cc http://zdravv.ru/ http://zebroid.tv/ http://*.linkedin.com/ http://api.pinterest.com/ http://feeds.delicious.com/ https://dl.metabar.ru/ http://azbns.com/  http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ https://*.pozvonim.com/ http://*.pozvonim.com/ http://rt.intarget.ru/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru  https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' https://gridiogrid.com/ wss://gridiogrid.com/ https://ogrid.org wss://www.igrid.org wss://www.mataharirama.xyz https://mataharirama.xyz https://www.mataharirama.xyz wss://mataharirama.xyz http://api.pozvonim.com/ https://api.push.world/ https://static.reasedoper.pw/ http://nathetsof.com https://nathetsof.com wss://nathetsof.com wss://www.nathetsof.com wss://www.reasedoper.pw/ wss://sparnove.com wss://www.sparnove.com http://sparnove.com https://sparnove.com http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com https://stats.lptracker.ru 4
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 4
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 4
base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none' 3
frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com www.google.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 3
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 3
frame-ancestors 'self' *.cnbc.com *.acorns.com; 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com *.googleapis.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net *.adtng.com *.adglare.net *.bngpt.com bngpt.com *.trafficjunky.net *.ohmybutt.com *.flirt4free.com *.xlovecam.com *.wlresources.com *.medleyads.com *.cams.com *.acdn5165543.com *.protoawe.com *.google-analytics.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com *.promo-bc.com *.bongacams.com *.bongacash.com *.gammae.com *.servingmillions.com *.super-route.com cdn01.flashmediaportal.com engine.asf4f.us *.htdvt.com *.jerkmate.com *.vfgtb.com *.hytxg2.com *.awemdia.com *.cfgr3.com *.ajxx98.online *.sf4f.us *.adworldmedia.com as.air2s.com bngpst.com cretgate.com mysexchatroom.com trknex.com medleyads.com ajxx98.online gamesfromheaven.com go.hpyjmp.com r.trwl2.com bongacams.com clickserve.dartsearch.net afrtrk.com track.cam4tracking.com creative.smljmp.com sffsdvc.com www.sffsdvc.com bmedia.justservingfiles.net blkditsup.com vast.bimbim.com promo.cameraprive.com bngprl.com *.bngprl.com *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com *.vscdns.com *.doubleclick.net *.google.fr *.google.com *.exoclick.com *.exosrv.com *.realsrv.com *.exdynsrv.com *.ackcdn.net bmedia.justservingfiles.net; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.recaptcha.net https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://*.ads-twitter.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://px-cdn.net https://*.px-cloud.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://p2a.co https://public.profitwell.com https://code.jquery.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com https://*.voteamerica.com https://*.jotform.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://*.px-client.net https://*.px-cloud.net https://pxchk.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.profitwell.com https://api.stripe.com https://api.soundcloud.com https://api.airbrake.io https://www.voteamerica.com; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; img-src * blob: data:; form-action 'self'; 3
frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net survey-d.dynata.com 3
default-src * data: blob: about:;script-src 'self' https://*.vk.com https://static.vk.me https://*.mail.ru https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yandex.ru https://*.google-analytics.com https://*.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://*.google.com https://google.com https://*.vkpartner.ru https://*.moatads.com https://*.adlooxtracking.com https://*.gstatic.com https://*.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://*.vk-cdn.net https://*.hit.gemius.pl https://yastatic.net 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.com https://static.vk.me https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline' 3
frame-ancestors 'self' *.bbb.org bbb.org *.bluebbb.org bluebbb.org *.myfloridacfo.com myfloridacfo.com jsfiddle.net fiddle.jshell.net 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data:; 3
frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 3
frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 3
default-src 'self' blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://players.brightcove.net https://vjs.zencdn.net https://w3.siemens.com https://prod.ste.dc.siemens.com https://tools.adlytics.net; style-src 'report-sample' 'self' 'unsafe-inline' https://tools.adlytics.net; object-src 'none' https://players.brightcove.net https://w3.siemens.com; base-uri 'self'; connect-src 'self' https://*.execute-api.eu-west-1.amazonaws.com https://edge.api.brightcove.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://metrics.brightcove.com https://new.siemens.com https://assets.new.siemens.com https://api.dc.siemens.com https://w3.siemens.com https://searchapi.new.siemens.com https://privacyportal-eu.onetrust.com https://siemens.sc.omtrdc.net https://siemens.tt.omtrdc.net https://*.demdex.net https://tools.adlytics.net blob:; font-src 'self' https://www.siemens.com https://tools.adlytics.net data:; frame-src 'self'; img-src 'self' https://assets.new.siemens.com https://cf-images.eu-west-1.prod.boltdns.net https://metrics.brightcove.com https://siemens.sc.omtrdc.net https://siemens.tt.omtrdc.net https://*.demdex.net https://tools.adlytics.net https://new.siemens.com https://w3.siemens.com data:; manifest-src 'self'; media-src 'self' https://manifest.prod.boltdns.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com blob:; worker-src blob:; report-uri https://report-uri.dc.siemens.com/ 3
report-uri /v1/csplog; block-all-mixed-content 3
default-src 'self' https://static.garmin.com https://static.garmincdn.com https://www.garmin.com; style-src https://my.tealiumiq.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://static.garmin.com https://static.garmincdn.com https://sso.garmin.com https://www.garmin.com; connect-src 'self' https://static.garmincdn.com https://www.garmin.com *; script-src * 'unsafe-inline' 'unsafe-eval' https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; font-src 'self' data: https://static.garmin.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.garmin.com; img-src *; frame-src https://sso.garmin.com https://sso.garmin.cn https://www.garmin.com https://my.tealiumiq.com https://static.garmincdn.com https://support.garmin.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.youku.com https://consent.trustarc.com https://consent-pref.trustarc.com https://consent-st.trustarc.com https://tracker-api.trustarc.com https://consent.truste.com https://consent-pref.truste.com https://consent-st.trustecom https://tracker-api.truste.com https://prefmgr-cookie.truste-svc.net; object-src 'none'; upgrade-insecure-requests 3
frame-ancestors 'self' *.shutterfly.com *.tinyprints.com *.onehippo.io; 3
default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://builds.coreos.fedoraproject.org;  3
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 3
default-src 'self' http: https: 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https:; report-uri https://o378271.ingest.sentry.io/api/5201427/security/?sentry_key=b97b30d6fd6244419f1e761e6f6f319a 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 3
frame-ancestors 'self' *.coe.int 3
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com  https://servicenow.highspot.com 3
default-src * data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 3
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com *.atdmt.com www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com *.youtube.com *.ytimg.com;style-src data: blob: 'unsafe-inline' * *.oculus.com *.facebook.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.facebook.net *.fbthirdpartypixel.com *.akamaihd.net *.oculuscdn.com *.atdmt.com data: blob: www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com *.ytimg.com alb.reddit.com;frame-src *.oculus.com *.fbthirdpartypixel.com *.facebook.com *.youtube.com; 3
default-src *; object-src *; script-src 'unsafe-eval' * 'unsafe-inline' *; connect-src *; img-src * data:; style-src 'unsafe-inline' *; font-src * data:; frame-src * 3
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; object-src 'self' 3
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 3
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 3
frame-ancestors 'self' sharepoint.com *.sharepoint.com https://ukom.uk.net eloqua.com *.eloqua.com; 3
connect-src 'self'; default-src 'none'; media-src 'self'; font-src 'self' https://brave.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://blog.batcommunity.org; frame-src 'self' https://www.brave.com https://player.vimeo.com https://boards.greenhouse.io https://www.surveymonkey.com https://public.tableau.com https://www.slideshare.net https://docs.google.com https://www.youtube-nocookie.com https://js.driftt.com; img-src 'self' data: https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://secure.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://brave.com https://djtflbt20bdde.cloudfront.net https://analytics.brave.com https://boards.greenhouse.io https://js.driftt.com; style-src 'self' 'unsafe-inline' https://brave.com https://fonts.googleapis.com; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests 3
default-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com snap.licdn.com px.ads.linkedin.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com data: maps.googleapis.com http://rum-collector-2.pingdom.net ;      style-src 'self' assets.piraeusbankgroup.com  assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com;      script-src 'self' cdn.rawgit.com https://developers.google.com https://snap.licdn.com assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ;      font-src   data: 'self' fonts.gstatic.com;     img-src 'self' data: https://developers.google.com asset.piraeusbank.gr 'unsafe-inline'  assets.piraeusbank.gr   px.ads.linkedin.com https://maps.google.com assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com 'unsafe-inline' www.google.com  syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com http://rum-collector.pingdom.net ;      frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js 3
block-all-mixed-content;frame-ancestors *.mail.com 3
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://www.google.com https://www.youtube.com https://fonts.gstatic.com https://*.ul.com data: blob:; connect-src 'self' https://*.lift.acquia.com https://*.wistia.com http://*.wistia.com https://*.ul.com https://*.solosegment.com https://www.google-analytics.com https://spreadsheets.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://bam.nr-data.net https://sheets-proxy.knightlab.com; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://fonts.gstatic.com https://script.hotjar.com data:; frame-src 'self' https://*.marketo.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://quote.ul.com https://quote.ul.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.wistia.com https://*.wistia.net https://*.solosegment.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://www.ul.com https://legacy-uploads.ul.com data:; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acquia.com http://*.acquia.com https://*.wistia.com http://*.wistia.net https://*.wistia.net https://app.wistia.com https://www.youtube.com http://www.youtube.com https://*.vimeo.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://cdnjs.cloudflare.com https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net blob:  https://app-ab11.marketo.com https://app-sj08.marketo.com https://cdn.cookielaw.org https://cdn.knightlab.com https://code.jquery.com https://embed.solosegment.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://cdn.cookielaw.org https://static.addtoany.com https://*.acquia.com https://cdn.knightlab.com maxcdn.bootstrapcdn.com; frame-ancestors 'self'; report-uri https://ulcsp.report-uri.com/r/t/csp/reportOnly 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob: 3
frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 3
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com api-js.datadome.co s.ytimg.com www-widgetapi.js googlesyndication.com youtube.com teads.tv; 3
font-src 'self' code.freent.de oauth.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 3
frame-ancestors 'self' https://studio.first.sandbox.ua.coremedia.cloud https://public-studio.first.sandbox.ua.coremedia.cloud https://preview.uat.ua.coremedia.cloud https://studio.uat.ua.coremedia.cloud https://first.sandbox.ua.coremedia.cloud https://studio.production.ua.coremedia.cloud https://preview.production.ua.coremedia.cloud 3
default-src * data: blob: ;script-src * 'self' 'unsafe-inline' 'unsafe-eval' ;worker-src * blob: ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' static-s.aa-cdn.net *.appannie.com *.appannie.com.cn *.appannie.org;img-src * data: blob: ;font-src * data: ;media-src * data: blob: ;base-uri 'self' d6tizftlrpuof.cloudfront.net manifest.prod.boltdns.net secure.brightcove.com ;connect-src * data: blob: wss://api.appcues.net;report-uri https://sentry.smart-sense.org/api/96/csp-report/?sentry_key=28d56c139d1542a19730a3eb84757027; 3
default-src 'self' *.adsrvr.org *.vmmpxl.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com fast.fonts.net *.abtasty.com *.hotjar.com *.cloudflare.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com *.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: static.lobbytools.com *.boldchat.com code.jquery.com www.healow.com js-agent.newrelic.com congress.api.sunlightfoundation.com maps.googleapis.com tagmanager.google.com sp.analytics.yahoo.com analytics.twitter.com static.ads-twitter.com s.yimg.com cdnjs.cloudflare.com t.sharethis.com www.googletagmanager.com *.google-analytics.com ws.sharethis.com www.youtube.com www.googleadservices.com secure.quantserve.com bat.bing.com *.e.akamai.net *.rfihub.com s.ytimg.com fast.fonts.net connect.facebook.net ppactionvoterguide.org *.ppactionvoterguide.org cdn.optimizely.com *.openlayers.org *.newtonsoftware.com bs.serving-sys.com *.quora.com i.simpli.fi secure.adnxs.com e.issuu.com d10lpsik1i8c69.cloudfront.net *.luckyorange.net *.luckyorange.com storify.com *.userzoom.com nextpatient.co *.nr-data.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish bbox.blackbaudhosting.com *.adroll.com *.optimizely.com widget.surveymonkey.com www.google.com www.gstatic.com *.instagram.com ajax.googleapis.com *.yelp.com *.yelpcdn.com ajax.cloudflare.com *.doubleclick.net optimizely.s3.amazonaws.com *.ad.gt tags.srv.stackadapt.com *.hotjar.com *.civicengine.com *.abtasty.com c1.rfihub.net *.quantcount.com www.tintup.com *.twitter.com *.tintup.com *.twimg.com *.ngpvan.com d3js.org *.gstatic.com *.sitomobile.com *.simpli.fi *.quantcount.com *.adsrvr.org *.vmmpxl.com *.d3js.org *.rezync.com sc-static.net *.adnxs.com *.crwdcntrl.net *.google.com *.cloudfront.net *.hotjar.io *.callrail.com *.callrail.com *.tiqcdn.com *.yimg.com *.tealiumiq.com *.iqm.com *.civicengine.com openlayers.org; connect-src 'self' *.openlayers.org *.google-analytics.com secure.ppaction.org www.ppaction.org l.sharethis.com logx.optimizely.com e.issuu.com pingback.issuu.com nextpatient.co *.luckyorange.com *.luckyorange.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish *.tealiumiq.com *.abtasty.com *.hotjar.com api.ppsne.net *.salesforce.com *.optimizely.com *.everyaction.com *.myngp.com *.hotjar.io *.callrail.com databridge.tdbtrk.com *.yimg.com; img-src 'self' 'unsafe-inline' data: *.quora.com *.ib5k.com *.boldchat.com insight.adsrvr.org www.plannedparenthood.org i.ytimg.com *.gstatic.com maps.googleapis.com t.co www.googleadservices.com sb.scorecardresearch.com l.sharethis.com *.google-analytics.com www.googletagmanager.com www.google.com ping.chartbeat.net pixel.quantserve.com bat.bing.com bat.r.msn.com img.youtube.com *.vimeo.com *.facebook.com www.healow.com vmap0.tiles.osgeo.org *.doubleclick.net image.isu.pub bbox.blackbaudhosting.com *.googleusercontent.com *.simpli.fi *.adroll.com *.paypalobjects.com *.phreesia.com openlayers.org *.openstreetmap.org tags.srv.stackadapt.com sync.search.spotxchange.com *.hotjar.com *.w55c.net *.adxcel-ec2.com *.userzoom.com acuityplatform.com *.twitter.com *.twimg.com *.myngp.com *.everyaction.com *.sitomobile.com *.adsrvr.org *.vmmpxl.com *.cloudfront.net *.google.com *.crwdcntrl.net *.adnxs.com sc-static.net gwmtracking.com *.hotjar.io; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com nextpatient.co tagmanager.google.com fonts.googleapis.com fast.fonts.net ws.sharethis.com *.phreesia.com bbox.blackbaudhosting.com *.civicengine.com *.abtasty.com optimize.google.com *.userzoom.com *.twitter.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com openlayers.org; frame-src 'self' *.boldchat.com www.healow.com docasap.com www.google.com maps.googleapis.com maps.google.com external.ppsne.org e.issuu.com www.tintup.com tagmanager.google.com fonts.googleapis.com t.sharethis.com *.70n7.com secure.ppaction.org seg.sharethis.com ws.sharethis.com www.youtube.com player.vimeo.com www.ppaction.org register2.rockthevote.com connect.facebook.net *.facebook.com *.rfihub.com docs.google.com *.newtonsoftware.com *.doubleclick.net mapsengine.google.com storify.com *.meltwater.com bbox.blackbaudhosting.com surveymonkey.com *.surveymonkey.com *.nomotraplaws.com *.yelp.com *.yelpcdn.com feed.meltwater.com/gyda feed.meltwater.com *.ppaction.org *.optimizely.com cdn.hypemarks.com ww2.matchinggifts.com optimize.google.com *.hotjar.com *.vote.org *.civicengine.com *.everyaction.com *.userzoom.com *.twitter.com *.71n7.com *.nextgen.com register.vote.org myrvplist.com *.adsrvr.org *.vmmpxl.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.snapchat.com *.actblue.com javamatch.matchinggifts.com www.flipcause.com secure.everyaction.com *.hotjar.io; frame-ancestors 'self' *.twitter.com www.healow.com *.ppaction.org *.adsrvr.org *.vmmpxl.com; 3
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 3
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' recruitics.com eprotect.vantivcnp.com *.vimeo.com *.recruitics.com soundcloud.com vimeo.com *.soundcloud.com *.adspeed.net sterlingcheck.com *.sterlingcheck.com vimeocdn.com jquery.com *.jquery.com *.vimeocdn.com *.vantivcnp.com worldpay.com *.paypal.com *.worldpay.com paypal.com paypalobjects.com *.paypalobjects.com *.greenhouse.io greenhouse.io *.braintree-api.com adspeed.net adsymptotic.com *.adsymptotic.com linkedin.com *.linkedin.com ads.linkedin.com googleapis.com licdn.com google.ca *.licdn.com iterable.com *.hexagon-analytics.com *.siftscience.com *.iterable.com *.googleapis.com google.com hsforms.com hsadspixel.net hsleadflows.net hs-scripts.com hs-analytics.net hubspot.com *.google.com *.amplitude.com amplitude.com *.getsentry.com hubapi.com hsforms.net *.hscta.net hscta.net *.hsforms.net *.hubapi.com *.hsforms.com *.hsadspixel.net *.hsleadflows.net *.hs-scripts.com *.hs-analytics.net *.hubspot.com getsentry.com akamaihd.net google-analytics.com *.google-analytics.com fls.doubleclick.net googleadservices.com *.googleadservices.com wss://*.care.com *.googletagmanager.com *.care.com *.cdn-care.com g.doubleclick.net *.facebook.net *.akamaihd.net cloudfront.net *.cloudfront.net btttag.com *.btttag.com googletagmanager.com facebook.com facebook.net *.facebook.com care.com cdn-care.com *.gstatic.com siftscience.com *.pinimg.com *.google.ca *.tiqcdn.com pinimg.com pinterest.com *.pinterest.com gstatic.com *.monetate.net monetate.net hexagon-analytics.com tiqcdn.com *.googlesyndication.com *.google.de shareasale.com pmmapads.com *.shareasale.com pmqzads.com *.pmmapads.com *.pmqzads.com *.google.ie *.google.ch *.google.es *.google.nl ieframe.dll *.google.fr *.google.se *.google.fi kis.v2.scr.kaspersky-labs.com *.google.it *.snapchat.com *.ieframe.dll getletterpress.com *.getletterpress.com *.flaticon.com svc.bronze.dom.omni.carezen.net wss://*.tokbox.com talentwise.com *.talentwise.com abtasty.com *.abtasty.com tokbox.com *.tokbox.com opentok.com *.stripe.com *.indeed.com indeed.com snapchat.com sc-static.net *.sc-static.net dropbox.com *.dropbox.com ziprecruiter.com *.ziprecruiter.com *.liveperson.net stripe.com *.opentok.com google.co.in google.com.mx *.youtube.com ytimg.com youtube.com xx.fbcdn.net *.cloudinary.com cloudinary.com *.twitter.com twitter.com google.co.jp emjcd.com *.emjcd.com amazonaws.com google.co.uk google.es google.nl google.fr google.de google.ie google.ch googlesyndication.com google.com.tr *.amazonaws.com google.it google.com.sg google.com.ph liveperson.net *.bing.com bing.com google.co.za s3.amazonaws.com google.se google.fi agkn.com lpsnmedia.net *.lpsnmedia.net v.liveperson.net *.agkn.com *.ytimg.com google.com.jm google.co.nz trendmicro.com *.hsappstatic.net *.trendmicro.com hubspot.net *.usemessages.com *.hscollectedforms.net *.google.tt google.at google.ae google.com.co google.com.sa hsappstatic.net *.hubspot.net alocdn.com *.alocdn.com va.us.criteo.net *.doubleclick.net kinsights.com *.kinsights.com *.criteo.net *.criteo.com da.us.criteo.net sv.us.criteo.net us.criteo.com criteo.net criteo.com *.amazon-adsystem.com *.monetate.org monetate.org ivaws.com *.ivaws.com narrative.io *.narrative.io *.honey.io honey.io mplxtms.com quora.com *.adsrvr.org adsrvr.org amazon-adsystem.com usemessages.com google.al *.google.lt *.google.cz *.google.rs *.google.sk *.google.bg *.google.al google.tt google.com.do google.co.cr cloudflare.com google.sk google.com.au google.hu *.google.hr *.google.bs *.google.hu google.ee google.com.np *.google.ae google.bg *.google.at *.google.cl google.rs *.google.dk *.google.gr *.google.no google.cz google.lt google.hr google.bs google.com.pa google.pl google.com.ar chrome-extension jwpltx.com p.jwpcdn.com google.com.ua google.no google.pt google.com.pr google.com.tw google.co.vi ms-browser-extension google.com.hk yahoo.com *.google.pl thrtle.com *.thrtle.com google.gr google.dk hscollectedforms.net data: blob:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://static.addtoany.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com *.ytimg.com *.qualtrics.com, frame-ancestors 'self' 3
frame-ancestors 'self' http://*.bbt.com https://*.bbt.com; 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com cdn.cookielaw.org www.google-analytics.com platform.twitter.com www.youtube.com agent.nuance-va.com *.nuance-va.com cocacolaco.tt.omtrdc.net *.doubleclick.net *.coca-colacompany.com www.google.com www.gstatic.com *.coke.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-social.janrain.com cdn.cookielaw.org geolocation.onetrust.com www.googletagmanager.com www.google-analytics.com platform.twitter.com www.instagram.com *.amazonaws.com www.google.com www.youtube.com s.ytimg.com www.gstatic.com stackpath.bootstrapcdn.com *.coke.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net p.typekit.net cdn-social.janrain.com cdn.cookielaw.org stackpath.bootstrapcdn.com *.coke.com; font-src 'self' use.typekit.net *.coke.com; frame-src 'self' * 3
frame-ancestors 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se http://*.dm.sr.se https://*.dm.sr.se; report-uri /csp-error; 3
frame-ancestors 'self' https://*.rightmessage.com; 3
frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://www.paypalobjects.com https://insights.algolia.io; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com https://scontent.xx.fbcdn.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://bam-cell.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com https://s.yimg.com https://sp.analytics.yahoo.com/; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://bam-cell.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://web.delighted.com https://www.facebook.com https://ct.pinterest.com https://insights.algolia.io https://graph.instagram.com https://*.algolianet.com https://*.algolia.net https://s.yimg.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 3
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru http://webvisor.com 3
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com connect.facebook.net www.facebook.com player.youku.com mc.yandex.ru https://c.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com pagead2.googlesyndication.com www.googletagservices.com adservice.google.com.cy adservice.google.com tpc.googlesyndication.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com www.tradays.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com www.mql5.com content.mql5.com download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru www.tradays.com trade.mql5.com blob: data: *.tile.openstreetmap.org connect.facebook.net www.facebook.com mc.yandex.ru https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com pagead2.googlesyndication.com; media-src 'self' msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com; connect-src 'self' content.mql5.com trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com connect.facebook.net www.facebook.com mc.yandex.ru https://cdn.chatbot.com https://www.google-analytics.com pagead2.googlesyndication.com; frame-src 'self' c.mql5.com www.tradays.com trade.mql5.com content.mql5.com player.youku.com www.youtube.com www.facebook.com https://c.paypal.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net googleads.g.doubleclick.net tpc.googlesyndication.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com www.tradays.com trade.mql5.com player.youku.com www.youtube.com blob:; worker-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; 3
connect-src * 'self' 3
frame-ancestors  https://*.propellerads.com; 3
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 3
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; img-src 'self' https: data: blob:; object-src https://*.engadget.com https://s.yimg.com; worker-src 'self'; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://www.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 3
base-uri 'none'; default-src 'self'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com https://*.facebook.com https://*.google.com; connect-src 'self' https://*.mopinion.com https://*.addthis.com; font-src 'self' https://use.fontawesome.com https://*.mopinion.com https://fonts.gstatic.com data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://* * blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://www.google-analytics.com https://cdn.jsdelivr.net https://unpkg.com https://*.mopinion.com https://connect.facebook.net https://*.addthis.com https://z.moatads.com https://*.addthisedge.com https://*.facebook.com https://*.google.com https://www.gstatic.com https://www.googletagmanager.com https://pagination.js.org https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://unpkg.com https://cdn.jsdelivr.net https://*.mopinion.com https://use.fontawesome.com https://*.addthis.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName; upgrade-insecure-requests 3
img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com dxkdvuv3hanyu.cloudfront.net *.clover.com cloverstatic.com images.contentful.com mver.agkn.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net www.google-analytics.com lh3.googleusercontent.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.ie www.google.co.uk www.google.co.in www.google.co.id www.googletagmanager.com *.gstatic.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.intercomcdn.com uploads.intercomusercontent.com *.online-metrix.net *.perka.com *.rfihub.com api.swiftype.com pixel.quantserve.com apintego.com app.nav.com t.powerreviews.com *.t.eloqua.com track.hubspot.com play.vidyard.com cdn.vidyard.com px.ads.linkedin.com p.adsymptotic.com amplify.outbrain.com amplifypixel.outbrain.com tr.outbrain.com data.pendo.io recaptcha.net www.linkedin.com s.amazon-adsystem.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com data.adxcel-ec2.com s.yimg.com *.mydisputemanager.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com cloverstatic.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com accounts.google.com docs.google.com optimize.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com *.ytimg.com play.vidyard.com *.lendingfront.com s.amazon-adsystem.com *.walkme.com mainstreetinsights.firstdata.com *.mydisputemanager.com; connect-src 'self' bat.bing.com *.clover.com cloverstatic.com wss://*.clover.com *.contentful.com stats.g.doubleclick.net secure.geonames.org www.facebook.com www.google-analytics.com apis.google.com storage.googleapis.com *.greenhouse.io heapanalytics.com in.hotjar.com vc.hotjar.io uploads.intercomcdn.com uploads.intercomusercontent.com *.intercom.io wss://*.intercom.io h.online-metrix.net *.optimizely.com *.perka.com sentry.io api.swiftype.com d8a92f8280d84184bb69a3a4b74b61d1.app-search.us-west-2.aws.found.io *.powerreviews.com collection.bgalytics.com *.tt.omtrdc.net oamportal.fdvs.com *.donorschoose.org collection.sperse.io data.pendo.io recaptcha.net *.walkme.com s.yimg.com *.mydisputemanager.com; default-src 'self' *.clover.com cloverstatic.com; font-src 'self' maxcdn.bootstrapcdn.com *.clover.com cloverstatic.com fonts.gstatic.com heapanalytics.com js.intercomcdn.com use.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com *.clover.com cloverstatic.com nifegwy.neustar.biz googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com apis.google.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com *.greenhouse.io www.gstatic.com heapanalytics.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com www.youtube.com secure.quantserve.com *.ytimg.com ui.powerreviews.com *.t.eloqua.com play.vidyard.com apps.mypurecloud.com secure.adnxs.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com img.en25.com snap.licdn.com amplify.outbrain.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com recaptcha.net *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com s.yimg.com sp.analytics.yahoo.com *.mydisputemanager.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.clover.com cloverstatic.com fonts.googleapis.com tagmanager.google.com optimize.google.com heapanalytics.com *.natwest-tyl.com *.usetyl.com ui.powerreviews.com *.walkme.com d3sbxpiag177w8.cloudfront.net s3.walkmeusercontent.com *.mydisputemanager.com; media-src 'self' *.clover.com cloverstatic.com videos.ctfassets.net js.intercomcdn.com cdn.vidyard.com gateway.zscloud.net; object-src 'self' *.clover.com cloverstatic.com h.online-metrix.net vd.vidoplay.com; frame-ancestors *.clover.com cloverstatic.com *.natwest-tyl.com *.usetyl.com *.perka.com; child-src intercom-sheets.com player.vimeo.com www.youtube.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 3
frame-ancestors 'self'  http://*.impress.ly  http://*.dragndropbuilder.com  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com 3
upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 3
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.yoast.com data: 'unsafe-inline' 'unsafe-eval' code.jquery.com *.gravatar.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com; 3
frame-ancestors www.red-gate.com; 3
default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 3
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 3
default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https: mailto: tel:; font-src 'self' data: https:; connect-src 'self' https: wss://*.hotjar.com; frame-ancestors 'self' https://vshow.on24.com https://login-staging.qlik.com/ https://login.qlik.com/; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 3
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://unpkg.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://njoel9cc11.execute-api.us-east-1.amazonaws.com https://d2ey44ppm6i0sm.cloudfront.net https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://d1wrq3tu9qy8md.cloudfront.net https://ci-pixel-ephemeral.s3.amazonaws.com https://ci-pixel-persistent.s3.amazonaws.com https://cicloud.s3.amazonaws.com/ https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://script.crazyegg.com https://ci-public.s3.amazonaws.com https://conservation.org.s3.amazonaws.com https://dvm5qo6r5pdyf.cloudfront.net https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com data: blob: ; media-src civideos.ciapps.org 'self' data: blob:; child-src 'self' https://forms.microsoft.com https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 3
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 3
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 3
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https: 3
frame-ancestors 'self' connectappypie.com; 3
frame-ancestors https://*.ionos.co.uk https://ionos.co.uk; 3
frame-ancestors self googletagmanager.com cerebro.alibaba.ir 3
default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.demandbase.com *.callrail.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com calendly.com apisandbox.zuora.com *.artefactscloud.com www.facebook.com www.youtube-nocookie.com *.juicer.io *.linksynergy.com *.whiteboard.is marketo.net *.marketo.net marketo.com *.marketo.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com powerbi.com *.powerbi.com fliphtml5.com *.fliphtml5.com *.google.com airtable.com *.amelia.com *.webflow.io *.msgctrl.com *.whiteboard.is; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.io *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com use.edgefonts.net *.rakuten.com fullstory.com *.fullstory.com *.demandbase.com *.callrail.com *.linksynergy.com *.bing.com *.cloudfront.net *.calendly.com jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com unpkg.com rtb123.com *.rtb123.com *.cybba.solutions *.cybba.us storage.googleapis.com rmtag.com *.rmtag.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com jotform.com *.jotform.com microsoft.github.io *.omtrdc.net *.bizible.com *.moatads.com *.gstatic.com *.adnxs.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com use.edgefonts.net *.calendly.com *.cloudfront.net jquery.com *.jquery.com marketo.net *.marketo.net marketo.com *.marketo.com; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io use.edgefonts.net *.cloudfront.net; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com *.demandbase.com *.callrail.com *.s3.amazonaws.com s3.amazonaws.com api.company-target.com *.fullstory.com *.mktoresp.com *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com stats.g.doubleclick.net *.whiteboard.is; 3
frame-ancestors 'self'; base-uri 'none'; form-action 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; font-src https: data:; media-src https:; style-src 'unsafe-inline' https:; worker-src https:; img-src https: data: 3
frame-ancestors 'self' ' *.ampproject.org .zdbb.net 3
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 3
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.naladhu.com *.oakshotels.com *.telerain.com:* 3
frame-ancestors 'self' https://*.designcrowd.com; 3
default-src 'self' vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.googleapis.com *.youtube.com *.ytimg.com *.twimg.com *.coinbase.com *.zdassets.com cdn.sift.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.stripe.com www.google.com *.coinbase.com object-detection.now.sh serverless-vrs.now.sh github.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' stream.mux.com *.fastly.net *.stackpathdns.com *.hwcdn.net blob: vercel.com *.vercel.com zeit.co *.zeit.co *.zeit.sh *.stripe.com twitter.com *.twitter.com *.github.com *.intercom.io *.intercomcdn.com https://*.googletagmanager.com:* wss://*.zeit.co wss://*.vercel.com localhost:* chrome-extension://*;connect-src *;font-src *.zeit.co *.vercel.com *.gstatic.com *.intercomcdn.com;worker-src blob: 3
frame-ancestors 'self' https://webvisor.com 3
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.gymboree.com *.childrensplace.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com search.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com match.prod.bidr.io *.adsrvr.org *.pegacloud.net *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com *.wufoo.com search-dr.unbxd.io; worker-src 'self' blob: 3
frame-ancestors 'self' *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 3
default-src 'self' hawaiianairlinesinc.marketing.adobe.com data: blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.facebook.net *.google-analytics.com *.addthisedge.com *.marketo.com *.googletagmanager.com *.mookie1.com *.serving-sys.com *.marketo.net *.calltrk.com *.tiqcdn.com *.jwpcdn.com *.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com *.facebook.com *.pinterest.com *.googleapis.com *.typekit.net *.northwell.edu *.limelight.com *.delvenetworks.com *.addtoany.com *.github.io *.aspnetcdn.com s.gravatar.com *.wp.com *.amazonaws.com *.googleadservices.com *.microsoft.com *.jquery.com *.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com *.nr-data.net tagmanager.google.com *.surveymonkey.com *.brightwhistle.com *.callrail.com *.healthwise.net *.merklesearch.com *.rkdms.com *.rawgit.com *.cloudflare.com ethn.io e.infogram.com *.gigya.com *.influencehealth.com *.bing.com *.visto1.net *.linkedin.com *.hotjar.com *.doubleclick.net *.creative-serving.com *.invocacdn.com *.invoca.net *.adsrvr.org *.acquia.com *.segment.com *.rdcdn.com *.msecnd.net *.mymarketingreports.com *.optimizely.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.salesforceliveagent.com *.sanzone.io api.dpx.northwell.io *.yimg.com *.yahoo.com tags.srv.stackadapt.com pagecdn.io; object-src 'self' video.limelight.com assets.delvenetworks.com *.gigya.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.vm *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com  *.cloudfront.net *.surveymonkey.com *.marketo.com *.rkdms.com tagmanager.google.com *.acquia.com *.syllable.ai *.force.com *.salesforce.com api.dpx.northwell.io *.yimg.com *.srv.stackadapt.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.rkdms.com i.ytimg.com *.gigya.com *.bing.com *.googletagmanager.com *.doubleclick.net *.google.com *.gstatic.com *.tilehosting.com *.hotjar.com *.maptiler.com *.rdcdn.com https://rdcdn.com clickserv.pixel.ad *.syllablecdn.com *.syllable.ai *.conveythis.com *.force.com *.salesforce.com *.sanzone.dev *.northwell.io api.dpx.northwell.io *.yimg.com *.googleusercontent.com; media-src 'self' blob: *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' blob: cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do ethn.io e.infogram.com *.gigya.com w.soundcloud.com view.knowledgevision.com 8065684-gigya.northwell.edu intakeforms.sequencehealth.com mednews.hofstra.edu app.stitcher.com vars.hotjar.com *.googletagmanager.com www.facebook.com insight.adsrvr.org *.acquia.com *.segment.com *.optimizely.com *.force.com *.salesforce.com *.pledgeling.com *.adsrvr.org *.healthgrades.com *.podbean.com *.libsyn.com *.simplecast.com; child-src 'self' blob:; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com static.hotjar.com api.dpx.northwell.io *.hotjar.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com *.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com *.northwell.edu content.healthwise.net *.cloudflare.com *.rkdms.com *.callrail.com *.serving-sys.com api.dpx.northwell.io *.gigya.com *.llnw.net *.hotjar.com wss://*.hotjar.com *.doubleclick.net *.hotjar.io www.facebook.com *.cloudfront.net *.acquia.com *.segment.com *.visualstudio.com *.bugsnag.com *.mktoresp.com *.nr-data.net *.optimizely.com *.syllable.ai *.locationiq.com *.conveythis.com *.force.com *.sanzone.io *.sanzone.dev *.northwell.io *.yimg.com *.srv.stackadapt.com; report-uri https://northwell.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.zoeasher.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com *.zoeasher.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.zoeasher.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src   av.estdosc.com  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  3
frame-ancestors 'self' http://*.iframely.com 3
default-src 'none'; connect-src https:; font-src https: data:; frame-src https://www.youtube.com/ https://*.siemens.com https://diswlogintest.siemens.com https://*.sw.siemens.com https://*.sw.siemens-test.com https://*.sw.siemens-dev.com https://*.mentor.com https://*.mentor-test.com https://*.mentor-dev.com https://*.mentorvlab.com https://video.mentor.com https://*.mentor.com https://*.ias.plm.automation.siemens.com https://*.pads.com https://www.pads.com https://*.auth0.com https://s7.addthis.com https://www.linkedin.com; img-src https: data:; media-src https://videos.mentor-cdn.com; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; manifest-src 'self';  report-uri https://csp.mentor-apis.com/Prod/report 3
frame-ancestors * 'self'; 3
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com  *.amazonaws.com  *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net  *.forcepoint.com *.google.com *.facebook.com  bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net  *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com  dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com *.redditstatic.com rules.quantcount.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com *.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 3
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl *.firebaseio.com *.youtube.com *.facebook.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com  *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws  *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 3
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com vicetv.nl vicetv.be vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com *.viceops.net 3
frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors *.straumann.com  3
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 3
default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com *.ratatu.pl https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.facebook.com https://pixel.wp.pl https://cm.g.doubleclick.net https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net *.ratatu.pl www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://ib.adnxs.com https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com clients1.google.com https://tbl.tradedoubler.com https://ad.doubleclick.net www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com *.ratatu.pl https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://pixel.wp.pl https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net *.ratatu.pl www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://www.bnpparibas.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com *.ratatu.pl 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.ratatu.pl *.googleads.g.doubleclick.net wss://ws9.hotjar.com https://vc.hotjar.io bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 3
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-src 'self' data: https: blob:; connect-src 'self' data: https:; media-src 'self' data: https: blob: 3
frame-ancestors 'self' https://www.growingio.com 3
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com *.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com maxcdn.bootstrapcdn.com snap.licdn.com ajax.googleapis.com js.createsend1.com *.bing.com https://captcha.gecirtnotification.com *.cloudfront.net https://staging-bakerhughs-event.netlify.app https://bakerhughes-subsea-connect-event.netlify.app plausible.io *.cookielaw.org *.onetrust.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net; frame-src 'self' bhge.acquiadam.com *.webdamdb.com  *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com  https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/ https://player.vimeo.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com themes.googleusercontent.com *.hotjar.com; report-uri /report-csp-violation 3
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 3
frame-src 'self' https://www.terminland.de *.novomind.com *.datev.de *.datev.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 3
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
frame-ancestors *.motor1.com 3
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 3
default-src 'self'; form-action 'self'; object-src 'self';             connect-src 'self' https://api.github.com;             media-src 'self';             style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com;             font-src 'self' data: https://fonts.gstatic.com;             img-src 'self' data: https://matomo.riot.im/matomo.php;             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js;             child-src 'self' 3
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org 3
frame-ancestors 'self' cms.golfadvisor.com *.golfgenius.com golfgenius.com  ggstest.com ggstest2.com 3
frame-ancestors 'self' https://print.hitched.co.uk 3
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3
upgrade-insecure-requests; block-all-mixed-content; disown-opener 3
img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 3
frame-ancestors 'self' http://*.intranet http://*.uolinc.com https://*.intranet https://*.uolinc.com; 3
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 3
default-src blob: data: https:; script-src blob: https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 3
frame-ancestors 'self' *.lovecrafts.com 3
default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://pf-marketing.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com;script-src-elem 'self' 'unsafe-inline' https://microapps.pf-labs.net https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com;script-src 'self' 'unsafe-inline' https://microapps.pf-labs.net https://cdn.inspectlet.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://stats.g.doubleclick.net 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 3
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 3
default-src https: data: 'unsafe-inline' 3
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.traderstation-international.com; 3
default-src 'self' https://tramitesanonimos.cnmc.es;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://translate.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com;  child-src 'self' https://www.google.com/recaptcha/ https://docs.google.com https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://www.youtube.com; img-src 'self' data: https://translate.google.com https://getbootstrap.com https://www.jsdelivr.com https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.google-analytics.com https://blog.cnmc.es;  media-src 'self';  style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://translate.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com  https://www.gstatic.com/recaptcha/;  font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://www.gstatic.com/recaptcha/;  object-src 'self';  connect-src 'self' https://bootswatch.com https://translate.googleapis.com https://www.google-analytics.com;  3
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl 3
frame-ancestors 'self' *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us cmsp; report-uri https://888protech.report-uri.com/r/d/csp/reportOnly 3
frame-ancestors 'self' *.randstadservices.com 3
script-src *.midphase.com *.uk2group.com *.dwin1.com *.hsforms.com *.hsforms.net *.puzzel.com *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com *.hotjar.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.google.com apis.google.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com connect.facebook.net app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; default-src 'self' *.midphase.com *.puzzel.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.midphase.com *.puzzel.com fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' *.midphase.com *.uk2group.com *.puzzel.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk stats.g.doubleclick.net data:; style-src 'self' *.midphase.com *.twitter.com *.puzzel.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net 'unsafe-inline'; frame-src 'self' *.midphase.com *.uk2group.com *.puzzel.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com *.hotjar.com *.twitter.com *.websitealive.com staticxx.facebook.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com accounts.google.com apis.google.com www.facebook.com; connect-src 'self' *.midphase.com m.addthis.com *.puzzel.com *.trustpilot.com *.pingdom.net *.twitter.com *.hotjar.com ws://127.0.0.1:35729 wss://ws2.hotjar.com wss://ws4.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com; frame-ancestors 'self'; 3
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 3
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.parp.gov.pl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://stats.g.doubleclick.net; 3
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 3
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 3
frame-ancestors whitelabel.camspower.com wlbackoffice3.xcams.com 3
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 3
upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 3
frame-ancestors 'self' *.betssongroupaffiliates.com 3
frame-ancestors https://www.cwtanalytiqs.com https://int.cwtanalytiqs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://cdn.cookielaw.org https://cdnjs.cloudflare.com service.maxymiser.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://img04.en25.com https://connect.facebook.net https://fonts.googleapis.com https://s.ytimg.com https://content.mycwt.com https://content-d.mycwt.com https://www.google-analytics.com https://geolocation.onetrust.com https://www.youtube.com img04.en25.com/i/elqCfg.min.js https://s.go-mpulse.net siteimproveanalytics.com *.contentsquare.com *.contentsquare.net *.turtl.co https://cwt-sdk-sandbox.joinsherpa.io https://cwt-sdk.joinsherpa.io https://snap.licdn.com https://s2068514591.t.eloqua.com; object-src 'self'; 3
require-sri-for script style 3
frame-ancestors 'self' https://*.jumpseller.com https://app.jivosite.com 3
style-src https: 'unsafe-inline' 3
img-src 'self' data: https://cdn-web.cemex.com https://cdn-web-qa.cemex.com https://assets.cemex.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://px.ads.linkedin.com https://c.contentsquare.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://c.seznam.cz https://s916025651.t.eloqua.com https://service.maxymiser.net 3
frame-ancestors 'self' http://www.dove.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 3
frame-ancestors account.vogelbescherming.nl vbn-sso.aanzee.online www.tuinvogeltelling.nl www.vogelbescherming.nl www.vogelweek.nl; 3
frame-ancestors 'self' https://commerceinsights.ibmcloud.com 3
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 3
frame-ancestors self *.haagendazs.us; report-uri /report-csp-violation 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.exposebox.com *.windows.net *.googletagmanager.com *.google-analytics.com *.jquery.com *.us4.list-manage.com yoast.com unpkg.com *.cookiepro.com *.facebook.net *.cloudflare.com static.cloudflareinsights.com fast.wistia.com;style-src 'self' 'unsafe-inline' *.windows.net *.googleapis.com unpkg.com *.fontawesome.com *.cookiepro.com yoast.com;img-src 'self' 'unsafe-inline' data: blob: *;child-src 'self' facebook.com instagram.com twitter.com *.exposebox.com yoast.com *.vimeo.com;connect-src 'self' yoast.com *.joomunited.com *.arcgis.com *.mapbox.com stats.g.doubleclick.net *.google-analytics.com;font-src 'self' 'unsafe-inline' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com yoast.com;frame-src 'self' *.exposebox.com *.vimeo.com *.facebook.com *.cdnx.co.uk;worker-src 'self' blob:;upgrade-insecure-requests;report-to default; 3
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 3
default-src 'none';connect-src 'self' https://*.salemove.com wss://pubsub.salemove.com wss://kluster.salemove.com https://*.twilio.com wss://chunderw-vpc-gll.twilio.com https://*.secumd.org https://*.bethpagefcu.com https://*.bellco.org https://js.callrail.com https://n2.mouseflow.com https://s.yimg.com wss://mpsnare.iesnare.com wss://ci-mpsnare.iovation.com https://*.google.com https://stats.g.doubleclick.net https://files.bethpagefcu.com https://api.datatrac.net https://*/api/fraudforce/FraudForce/Post https://siteintercept.qualtrics.com https://*.nanorep.co https://*.nanorep.com https://performance.typekit.net https://bat.bing.com https://secure-ds.serving-sys.com https://www.google-analytics.com https://*.jotform.com https://app.textrecruit.com https://app1.textrecruit.com https://*.segmint.net https://s3.amazonaws.com/cdn.segmint.net/ https://*.fontawesome.com;font-src 'self' data: https://*.gstatic.com https://use.typekit.net https://insight.adsrvr.org https://*.fontawesome.com https://apps.pcdgroup.com https://*.cloudflare.com https://*.formstack.com;frame-src 'self' https://*.doubleclick.net https://pixel-a.basis.net https://www.youtube.com https://pixel.sitescout.com https://*.locatorsearch.com https://pixel.mathtag.com https://insight.adsrvr.org https://*.cloudfront.net https://*.google.com https://www2.iraservicecenter.com https://*.bethpagefcu.com https://*.secumd.org https://*.bellco.org https://*.orb.alkamitech.com https://www.agentinsure.com https://fliphtml5.com https://vizi.vizirecruiter.com https://secumd.satmetrix.com https://www.youtube-nocookie.com https://secure.checkout.visa.com https://assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://a.pgtb.me https://*.formstack.com https://*.jotform.io https://*.jotform.us https://*.jotform.com https://www.facebook.com https://connect.segmint.net;frame-ancestors 'self';img-src 'self' data: https://*.google.com https://bat.bing.com https://bs.serving-sys.com https://pixel-a.basis.net https://p.typekit.net https://*.siteimproveanalytics.io https://detectca.easysol.net https://www.facebook.com https://pixel.sitescout.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://ssiteid.t.eloqua.com https://*.salemove.com https://images.locatorsearch.com https://www.pages03.net https://pixel.mathtag.com https://track.hubspot.com https://insight.adsrvr.org https://cs.choozle.com https://idsync.rlcdn.com https://s3.amazonaws.com/provelo.bold360demo.com/ https://images.printable.com https://mpp.specificclick.net https://cx.atdmt.com https://dpm.demdex.net https://pixel.rubiconproject.com https://pixel.advertising.com https://tags.bluekai.com https://pixel.tapad.com https://idpix.media6degrees.com https://aa.agkn.com https://dsum-sec.casalemedia.com https://loadm.exelator.com https://odr.mookie1.com https://cache.vindicosuite.com https://uipglob.semasio.net https://eb2.3lift.com https://e.nexac.com https://dmp.truoptik.com https://mid.rkdms.com https://ml314.com https://cw.addthis.com https://cache.vindicosuite.com https://www.glassdoor.com https://*.oflows.net https://www.navyfederal.org https://match.adsrvr.org https://online.citi.com https://www2.bac-assets.com https://ib.adnxs.com http://img.en25.com/EloquaImages/clients/BellcoCreditUnion/ https://*.facebook.net https://*.simpli.fi https://*.jotfor.ms https://*.jotform.com https://*.formstack.com https://ups.analytics.yahoo.com https://simplifi.partners.tremorhub.com https://sync.intentiq.com https://image2.pubmatic.com https://ads.stickyadstv.com https://fei.pro-market.net https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://ce.lijit.com https://load77.exelator.com https://sync.search.spotxchange.com https://bh.contextweb.com https://us-u.openx.net https://pippio.com https://sync1.intentiq.com https://in.xspadvertising.com https://usermatch.krxd.net https://beacon.krxd.net https://su.addthis.com https://d.agkn.com https://match.sharethrough.com https://simage2.pubmatic.com https://io.narrative.io https://i.liadm.com https://x.bidswitch.net https://s.thebrighttag.com https://t.mookie1.com https://login.dotomi.com https://*.googleusercontent.com https://*.gstatic.com https://app.textrecruit.com https://app1.textrecruit.com https://jelly.mdhv.io https://www.yext-pixel.com;media-src 'self' data: https://mpsnare.iesnare.com https://ci-mpsnare.iovation.com https://libs.salemove.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.callrail.com https://*.salemove.com https://bat.bing.com https://cdn.mouseflow.com https://*.facebook.net https://detectca.easysol.net https://googleads.g.doubleclick.net https://s.btstatic.com/tag.js https://s.yimg.com/wi/ytc.js https://siteimproveanalytics.com https://www.google-analytics.com https://*.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com/iframe_api https://*.bethpagefcu.com https://mpsnare.iesnare.com https://use.typekit.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://script.crazyegg.com https://sp.analytics.yahoo.com https://code.getmdl.io/1.3.0/material.min.js https://www.googleadservices.com https://img.en25.com/i/elqCfg.min.js https://s.thebrighttag.com https://s.ytimg.com https://ci-mpsnare.iovation.com https://js.callrail.com https://js.locatorsearch.com https://*.cloudflare.com https://*.cloudfront.net https://www.sc.pages03.net https://*.siteintercept.qualtrics.com https://pixel.mathtag.com https://browser.sentry-cdn.com https://*.nanorep.co https://*.nanorep.com https://*.gstatic.com https://s3.amazonaws.com/data.vizirecruiter.com/ https://*.fontawesome.com https://*.cudlautosmart.com https://nexus.ensighten.com https://ssl.geoplugin.net https://secure.checkout.visa.com http://*.serving-sys.com https://*.serving-sys.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.simpli.fi https://bethpagefederalcreditunion.formstack.com https://*.jotform.com https://*.jotform.us https://*.jotformpro.com https://*.jotfor.ms https://*.jotform.io https://*.formstack.com https://sandbox.secure.checkout.visa.com https://knowledgetags.yextpages.net https://app.textrecruit.com https://app1.textrecruit.com https://action.dstillery.com https://cdn.segmint.net https://analytics.yext-static.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.salemove.com https://code.getmdl.io/1.3.0/ https://cloud.typography.com https://*.fontawesome.com https://*.cloudflare.com https://cdn.rawgit.com/noelboss/featherlight/ https://schedule.lobbycentral.com https://*.jotfor.ms https://*.formstack.com https://*.google.com; 3
frame-ancestors 'self' *.adiglobaldistribution.us; 3
frame-ancestors 'self' https://*.myshopify.com https://*.teemill.com teemill.com 3
upgrade-insecure-requests; frame-ancestors 'none' 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://script.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://cloud.webtype.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://*.wistia.com https://cloud.webtype.com https://static.hotjar.com https://fonts.gstatic.com; img-src 'self' https://pls.webtype.com https://insights.hotjar.com https://static.hotjar.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data:; connect-src 'self' https://*.hotjar.com:* wss://*.hotjar.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com; child-src 'self' https://vars.hotjar.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 3
default-src * 'unsafe-inline' 'unsafe-eval' data:; media-src * blob:; child-src * blob:; report-uri /report-csp-violation 3
base-uri ' ' 3
frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se; 3
frame-ancestors *.ia.ca *.inalco.com *.ia.iafg.net 3
frame-ancestors 'self' https://*.ci360.sas.com; 3
frame-ancestors https://*.lifecell.com.ua https://*.lifecell.ua 3
frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 3
frame-ancestors 'self' analytics.pt-dlr.de 3
frame-ancestors 'self' *.facebook.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://stats.g.doubleclick.net https://*.iis.se https://*.readspeaker.com https://tagmanager.google.com https://www.googletagmanager.com https://*.bugsnag.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.amazonaws.com https://secure.gravatar.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://yoa.st https://html5-player.libsyn.com 3
frame-ancestors 'self' blank;object-src 'self' blank; 3
frame-ancestors 'self' https://www.bosoy-online.com 3
frame-ancestors https://accounts.cft.ru 3
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * blob: data:; media-src *; object-src *; child-src blob:;worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 3
default-src 'self' http: https:  cdnjs.cloudflare.com use.typekit.net www.google-analytics.com fonts.googleapis.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://fonts.googleapis.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: polaris.brighterir.com sirius.brighterir.com www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 3
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 3
default-src 'self'; frame-src 'self' data: fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.postcodeanywhere.co.uk https://*.visa.com	https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com	https://www.paypalobjects.com; 3
frame-ancestors 'self';upgrade-insecure-requests 3
default-src 'self' https://*.ean.com https://*.google.ie https://*.facebook.com https://*.facebook.net https://*.expediapartnersolutions.com https://*.leadspace.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 3
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.t-systems-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net; connect-src 'self' https: *.t-systems-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 3
default-src 'self' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://www.google-analytics.com *.doubleclick.net https://staticxx.facebook.com https://platform.twitter.com http://i.vimeocdn.com https://player.vimeo.com *.youtube-nocookie.com https://www.youtube.com/iframe_api *.linkedin.com *.mktoresp.com http://stats.sa-as.com https://www.facebook.com https://www.google.com https://tracking.leadlander.com *.siteimproveanalytics.io https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com *.fullstory.com https://api.company-target.com https://static.smartrecruiters.com https://www.smartrecruiters.com https://subscriptions.smartrecruiters.com/ https://cdn.jsdelivr.net https://scripts.demandbase.com https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://bam.nr-data.net/events/1/f277460712 https://public.tableau.com/ https://api.ceros.com https://google.com; img-src 'self' data: https://public.tableau.com/static/images/cy/cybersecurity_tool/Story1/1.png https://cdn.bizible.com/ https://cdn.bizibly.com https://www.facebook.com https://stats.g.doubleclick.net https://tracking.leadlander.com https://*.global.siteimproveanalytics.io https://px.ads.linkedin.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://s.ytimg.com http://siteimproveanalytics.com https://www.google-analytics.com https://sjs.bizographics.com *.linkedin.com http://connect.facebook.net https://apis.google.com http://platform.twitter.com http://*.marketo.net https://*.marketo.net http://*.marketo.com https://*.marketo.com http://t.sf14g.com http://stats.sa-as.com https://d6digital.atlassian.net https://player.vimeo.com http://i.vimeocdn.com *.youtube-nocookie.com https://www.youtube.com/iframe_api https://8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://optiv.postclickmarketing.com https://html5-player.libsyn.com http://html5-player.libsyn.com http://widget.surveymonkey.com https://widget.surveymonkey.com https://www.surveymonkey.com https://consent.cookiebot.com https://fullstory.com/s/fs.js https://tag.demandbase.com https://scripts.demandbase.com https://static.smartrecruiters.com/job-widget/1.4.2/script/smart_widget.js https://static.smartrecruiters.com/job-widget/1.4.2/script/jquery.min.js https://use.fontawesome.com/releases/v5.8.2/js/all.js https://use.fontawesome.com/releases/v5.8.2/js/v4-shims.js https://www.smartrecruiters.com https://trk.techtarget.com/tracking.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.1.min.js https://subscriptions.smartrecruiters.com/widget/v1/sr-job-alerts.js https://cdn.jsdelivr.net https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://public.tableau.com/javascripts/api/viz_v1.js https://cdn.bizible.com https://munchkin.marketo.net/159/munchkin.js https://api.ceros.com https://js-agent.newrelic.com/nr-1184.min.js https://google.com app-sj21.marketo.com https://www.youtube.com pagecdn.io; style-src 'self' 'unsafe-inline' *.ceros.com go.optiv.com *.codepen.io optiv.showpad.com optivstorage.blob.core.windows.net *.marketo.com https://tagmanager.google.com https://fonts.googleapis.com https://static.smartrecruiters.com/job-widget/1.4.2/css/smart_widget.css https://scripts.demandbase.com https://cdn.jsdelivr.net https://themes.googleusercontent.com https://consentcdn.cookiebot.com/ https://cdn.cookielaw.org/ https://google.com 3
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 3
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 3
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi stat.viestintavirasto.fi 10.250.193.20 'nonce-31915a8f-10ec-4e68-9070-589cbae2f41f'; img-src 'self' data: *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi 'nonce-31915a8f-10ec-4e68-9070-589cbae2f41f'; font-src 'self' occhat.elisa.fi; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi www.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi; form-action 'self' 3
frame-ancestors self; upgrade-insecure-requests 3
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js http://projects.elitechnology.com/jsprojects/eneco-client/ https://projects.elitechnology.com/jsprojects/eneco/api/ https://eneco-eneco.digitalcx.com https://cdn.conversationalsdevelopment.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdn.nanigans.com https://api.nanigans.com https://d3or5d0jdz94or.cloudfront.net/MExDH9iB5LdtMi44LjE.js https://cdn.greenhousegroup.com/eneco-nl/slb/conversion.js https://connect.facebook.net/signals/plugins/inferredEvents.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/435765806865268 https://www.linkedin.com/px/li_sync https://px.ads.linkedin.com/collect/ https://snap.licdn.com/li.lms-analytics/ https://d2qmp7jjpd79k7.cloudfront.net/smartpixel-1.js https://d2qmp7jjpd79k7.cloudfront.net/smartpixel/3-3227/product.js https://d2qmp7jjpd79k7.cloudfront.net/pixel/3/1572447345163/script.js https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/adsct https://bat.bing.com/bat.js https://acdn.adnxs.com/dmp/up/pixie.js https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.4.4/lottie.min.js https://tdn.r42tag.com https://admin.relay42.com https://t.svtrd.com/t-1295/ https://static.hotjar.com/c/hotjar-215132.js https://script.hotjar.com https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://mijn.enecozakelijk.nl/cookie/xdomain/xdomain_cookie.min.js https://www.youtube.com/iframe_api https://img03.en25.com/i/elqCfg.min.js https://static2.creative-serving.com/pixel_loader.js https://api.salesfeed.com https://script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://tagmanager.google.com/debug/css.css https://api.tiles.mapbox.com/mapbox-gl-js/v0.50.0/mapbox-gl.css;img-src 'self' * data: blob: secure.adnxs.com collect.kosi-analytics.io/i https://t.co/i/adsct googleads.g.doubleclick.net www.googleadservices.com https://script.hotjar.com;media-src 'self' data: https://eneco.bbvms.com https://cdn.bluebillywig.com/apps/player/ https://d3ehotfhpgor0k.cloudfront.net;frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.youtube-nocookie.com https://t.svtrd.com https://ib.adnxs.com https://s3.eu-central-1.amazonaws.com/snowplow-appnexus-mapper/id.html https://6361111.fls.doubleclick.net https://9108254.fls.doubleclick.net https://bid.g.doubleclick.net https://player.vimeo.com https://eneco.bbvms.com https://mijn.enecozakelijk.nl https://vars.hotjar.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://d6tizftlrpuof.cloudfront.net https://d3ehotfhpgor0k.cloudfront.net https://script.hotjar.com https://cdn.bluebillywig.com/fonts/;connect-src 'self' *.eneco.nl https://www.google-analytics.com *.services.visualstudio.com https://api.usabilla.com https://eneco.bbvms.com https://collect.kosi-analytics.io https://d.lemonpi.io/scrapes https://ct.pinterest.com https://eneco-eneco.digitalcx.com https://conversationals-connector-live-assist-production.azurewebsites.net wss://api.seamly.ai https://api.seamly.ai https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com/events/v2 https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://api.adcalls.nl https://api.enecogroup.com https://api-digital.enecogroup.com;child-src 'self' blob: https://vars.hotjar.com;frame-ancestors 'self' https://inloggen.eneco.nl 3
upgrade-insecure-requests;block-all-mixed-content; 3
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 3
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; 3
upgrade-insecure-requests; report-uri /api/csp-report; base-uri 'none'; object-src 'none'; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' sdk.listenlive.co players.brightcove.net *.krxd.net js-agent.newrelic.com bam.nr-data.net vjs.zencdn.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.googletagservices.com adservice.google.com storage.googleapis.com www.google.com *.2mdn.net optimize.google.com adservice.google.com adservice.google.ca googleads.g.doubleclick.net securepubads.g.doubleclick.net *.googlesyndication.com cdn.ampproject.org stats.g.doubleclick.net tagmanager.google.com imasdk.googleapis.com www.gstatic.com connect.facebook.net www.instagram.com cdn.syndication.twimg.com platform.twitter.com www1.journaldemontreal.com ping.chartbeat.com static.chartbeat.com static2.chartbeat.com *.hotjar.com *.hotjar.io cdn.jwplayer.com ssl.p.jwpcdn.com *.qub.ca imasdk.googleapis.com s0.2mdn.net/instream/video/client.js 3
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 3
object-src 'unsafe-inline' 3
frame-ancestors 'self'; default-src 'self'; base-uri 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src 'self' *.gstatic.com *.embedly.com data:;connect-src 'self' *.reddit.com *.akamaihd.net unite.spoe.at www.google-analytics.com www.facebook.com; media-src * blob: data: 'self'; object-src 'self'; frame-src * ; manifest-src 'self'; worker-src 'self' blob: data: ; form-action *; upgrade-insecure-requests; block-all-mixed-content; 3
frame-ancestors 'self' ; report-uri /error/csp/ 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' wss: *.mouseflow.com *.hotjar.com roundpic.io http://roundpic.io/ *.cinema.com.hk *.googleadservices.com placehold.it remote.captcha.com https://www.transported.co/ *.tekcent.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.twitch.tv *.youtube.com *.themiddlehousehotel.com cdnjs.cloudflare.com api.userinfo.io *.google.com *.sinaimg.cn *.doubleclick.net *.typekit.net data: *.cdninstagram.com *.typography.com browser-update.org *.swireproperties.com *.linkedin.com www.irasia.com *.addthis.com *.addthisedge.com aspen.refineryclub.com *.msecnd.net *.corporateshowcase.com *.windows.net maps.gstatic.cn jsonip.com *.google.cn freegeoip.net *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com placehold.it code.createjs.com *.tekcent.com *.azure.net *.addthisedge.com *.msecnd.net *.baidu.com *.windows.net http://*.sinaimg.cn https://j02.optimix.asia https://s3-ap-southeast-1.amazonaws.com http://swireproperties.blob.core.windows.net https://e02.optimix.asia https://www.tripadvisor.com https://www.jscache.com https://www.tripadvisor.com https://en.tripadvisor.com.hk https://www.jscache.com *.tekcent.com https://static.tacdn.com https://p.travelsmarter.net https://tag.yieldoptimizer.com https://pixel.sojern.com https://ib.adnxs.com http://spl.blob.core.windows.net *.map.bdimg.com j02.optimix.asia e02.optimix.asia tag.adaraanalytics.com dsum-sec.casalemedia.com us-u.openx.net sd.turn.com pixel.advertising.com ad.yieldlab.net i.liadm.com idsync.rlcdn.com tag.yieldoptimizer.com tapestry.tapad.com ib.adnxs.com pixel.rubiconproject.com dsum.casalemedia.com rtb.gumgum.com www.google.com.vn dpm.demdex.net beacon.krxd.net *.triptease.io addtocalendar.com *.tripadvisor.co.uk *.tripadvisor.com *.tripadvisor.com.hk theta360.com http://api.map.baidu.com api.stathat.com  blob: z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.io api.ipstack.com s3.amazonaws.com www.pacificplace.com.hk https://sitecore-xp-cms-cd.azurewebsites.net *.cloudfront.net *.adsrvr.org *.google.com.hk *.moatads.com *.bidswitch.net *.pubmatic.com *.yahoo.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3
default-src *;     frame-src 'self' *.google.com *.youtube.com https://staticxx.facebook.com https://dw408jcu6cqwk.cloudfront.net https://accounts.livechatinc.com https://secure.livechatinc.com http://4511566.fls.doubleclick.net/ http://tags.tiqcdn.com/ https://bid.g.doubleclick.net/;     font-src * 'self' data: fwd-chatbot-tools.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com fonts.gstatic.com fonts.googleapis.com;     img-src * 'self' data: chatbot-ph.s3-ap-southeast-1.amazonaws.com cdn.livechatinc.com livechat.s3.amazonaws.com;     style-src * 'self' 'unsafe-inline' cdnjs.cloudflare.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fwd.com.hk cdnjs.cloudflare.com execution-apn.ci360.sas.com browser-update.org cdn.mouseflow.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://fwd.api.useinsider.com *.useinsider.com https://search.fwd.com.hk http://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph https://connect.fwd.co.th https://line.fwd.co.th https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com tagmanager.google.com *.googleapis.com www.googletagmanager.com *.livechatinc.com connect.facebook.net *.turn.com *.zopim.com *.zopim.io cdn-akamai.mookie1.com tags.tiqcdn.com t.mookie1.com b3.mookie1.com *.zopim.com api.map.baidu.com *.maxmind.com *.map.bdimg.com *.bdstatic.com wss://*.zopim.com https://*.zopim.io *.googleadservices.com *.adnxs.com *.doubleclick.net *.cloudfront.net *.mimecast.com *.adsrvr.org *.facebook.com *.youtube.com *.bing.com *.ytimg.com *.visualwebsiteoptimizer.com *.yahoo.com bs.serving-sys.com https://*.analytics.yahoo.com *.yimg.com *.taboola.com *.innity.net *.innity.com *.zdassets.com wss://chatbot.fwd.com.hk https://portal.fwd.com.vn https://dw408jcu6cqwk.cloudfront.net;     connect-src 'self' *.fwd.com.hk geoip-js.com execution-apn.ci360.sas.com https://api.fwd.co.th https://kkbv2.api.sociaplus.com https://api.useinsider.com https://location.api.useinsider.com https://hit.api.useinsider.com https://fwd.api.useinsider.com https://category-collector.api.useinsider.com http://dev.surfer.seasonalife.com https://surfer.seasonalife.com *.surfer.seasonalife.com *.seasonalife.com https://image.useinsider.com https://*.api.useinsider.com wss://directline.botframework.com https://search.fwd.com.hk https://search.fwd.com.ph http://search.fwd.com.ph http://search.fwd.com.hk https://connect.fwd.co.th https://line.fwd.co.th https://portal.fwd.com.vn wss://*.zopim.com *.maxmind.com api.map.baidu.com *.adnxs.com *.turn.com *.adsrvr.org *.botframework.com *.facebook.com *.vimeo.com *.youtube.com *.taboola.com *.yimg.com *.innity.net *.innity.com wss://*.fwd.com.hk *.yahoo.com *.mouseflow.com wss://chatbot.fwd.com.hk trc.taboola.com cdn.taboola.com *.zdassets.com *.doubleclick.net *.tigcdn.com www.google-analytics.com wss://api.livechatinc.com https://api.livechatinc.com https://h49u5ppoz9.execute-api.ap-southeast-1.amazonaws.com https://1z4ebxptw1.execute-api.ap-southeast-1.amazonaws.com https://hooks.slack.com;     object-src 'none';     form-action 'self' *.fwd.com.hk;  3
frame-ancestors *.officiallondontheatre.com uktheatre.org *.theatretokens.com *.solt.co.uk *.theatreartists.fund *.theatrehelpline.org *.theatremeansbusiness.info; default-src https: data: 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' *.infinity-tracking.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.hotjar.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.krollontrack.com *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.kldiscovery.com *.krollontrack.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp; media-src 'self' data: blob: *.krollontrack.com *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.hotjar.com *.doubleclick.net *.krollontrack.com *.hsforms.com *.typeform.com *.avrotros.nl; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.hsforms.com blob:; connect-src 'self' *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com *.hotjar.com *.infinity-tracking.net google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net; 3
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com;block-all-mixed-content;upgrade-insecure-requests; 3
default-src https: data:; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline' 3
default-src 'self' data: 'unsafe-inline' https: *; 3
upgrade-insecure-requests; default-src https: data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' 3
: frame-ancestors "none" 3
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src *; 3
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 3
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 3
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 3
frame-ancestors 'self' https://*.facebook.com 3
frame-ancestors 'self' https://*.blueconic.net 3
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 3
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
form-action https:; upgrade-insecure-requests 3
frame-ancestors *.entertainmentcruises.com *.odysseycruises.com *.spiritcruises.com *.mysticbluecruises.com *.seadogcruises.com *.bateauxnewyork.com reservations.entertainmentcruises.com; 3
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 3
default-src https: data: 'unsafe-eval' 'unsafe-inline' 3
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 3
frame-ancestors https://www.facebook.com/ 3
default-src 'self' static.mycity.travel static.j3l.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
frame-ancestors 'self'; form-action 'self' 3
default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://bam.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://www.facebook.com https://*.kampyle.com https://static.zdassets.com https://www.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com; connect-src *; 3
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 3
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 3
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 3
default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net *.criteo.net *.criteo.com; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com *.criteo.com *.criteo.net; child-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com *.criteo.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.efix.local; report-uri https://content.webapi-services.net/csp-reports; 3
object-src 'none'; form-action 'self' 3
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.devplayground.com.br *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com; connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.devplayground.com.br *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' data: *.youtube.com *.ytimg.com *.devplayground.com.br *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.devplayground.com.br *.googleapis.com *.google.com *.shopback.net; font-src 'self' data: *.devplayground.com.br *.gstatic.com script.hotjar.com; worker-src https: blob: 3
font-src * ; media-src * ; 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 3
default-src 'none'; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zorgvoorbeter.nl https://*.kennispleingehandicaptensector.nl https://apps.elfsight.com https://*.vo.msecnd.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://*.blueconic.net https://*.hotjar.com https://*.hotjar.io https://extend.vimeocdn.com https://www.google-analytics.com https://js.driftt.com https://connect.facebook.net https://www.youtube.com https://*.ytimg.com https://*.bizographics.com https://*.linkedin.com https://*.licdn.com; connect-src 'self' https://dc.services.visualstudio.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.blueconic.net https://api.ipify.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.vilans.nl https://*.blueconic.net https://*.linkedin.com data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net; frame-src 'self' https://w.soundcloud.com https://www.youtube.com https://player.vimeo.com https://www.google.com https://www.facebook.com https://js.driftt.com https://*.hotjar.com https://www.veiligheid.nl; frame-ancestors 'self'; object-src 'self'; 3
default-src 'self';   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 3
frame-ancestors 'self' brita360.fairflexx.de http://93.90.201.51:8090 3
frame-ancestors 'self' *.authorize.net 3
default-src 'self' static.mycity.travel static.www.villars-diablerets.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; connect-src *; font-src 'self' https: data:; media-src 'self' https:; frame-ancestors 'self' https:; object-src 'self' https:; frame-src 'self' https: 3
default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com; child-src 'self' blob:; script-src https://*.mm.dm.at 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src https://*.mm.dm.at 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://coupon-aktionen.dm.de https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://cart.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://login.dm.at https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src https://*.mm.dm.at 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://media.dm-static.com https://*.services.dmtech.com https://ssl.hurra.com  https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://d3s22jwy77sx9i.cloudfront.net; frame-ancestors 'self' https://*.dm.at https://app.datadoghq.eu https://*.lxprod.ka.de.dm-drogeriemarkt.com; frame-src 'self' https://ssl.hurra.com https://*.dm.at https://*.services.dmtech.com https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/ https://hey-familie.podigee.io https://cdn.podigee.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://login.dm.at https://checkout.dm.at https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 3
script-src 'self' https://partner.googleadservices.com https://maps.googleapis.com https://www.google.com 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://pagead2.googlesyndication.com https://adservice.google.es https://adservice.google.com https://www.googletagservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com 3
media-src 'self' *.ebaystatic.com; font-src 'self' *.ebaystatic.com 3
default-src 'self' cdn-vsh.prague.eu;font-src 'self' cdn-vsh.prague.eu data: fonts.gstatic.com *.cachefly.net *.platnosci.pl;connect-src 'self' cdn-vsh.prague.eu analytics.monkeytracker.cz maps.googleapis.com *.hotjar.com *.googlesyndication.com www3-prague-eu-test.fg.cz *.prague.eu *.google.com *.google.cz *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-vsh.prague.eu maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.google.com *.googleadservices.com *.facebook.net *.imedia.cz *.hotjar.com *.adform.net *.doubleclick.net *.google.cz s.yimg.jp *.yahoo.co.jp *.cachefly.net *.payu.com *.platnosci.pl *.facebook.com *.cloudflare.com cdn.tiny.cloud;form-action 'self' cdn-vsh.prague.eu *.facebook.com *.gpwebpay.com *.payu.com *.facebook.net *.platnosci.pl *.google-analytics.com;frame-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;child-src 'self' cdn-vsh.prague.eu www.youtube.com *.hotjar.com *.doubleclick.net *.adform.net *.booking.com *.facebook.com *.issuu.com *.vimeo.com *.facebook.net *.rozhlas.cz;frame-ancestors 'self' cdn-vsh.prague.eu;img-src 'self' cdn-vsh.prague.eu data: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com analytics.monkeytracker.cz *.doubleclick.net *.ggpht.com *.google.com *.imedia.cz *.facebook.com *.google.cz *.googlesyndication.com *.yahoo.co.jp www3-prague-eu-test.fg.cz *.prague.eu *.cachefly.net *.payu.com *.platnosci.pl *.tinymce.com;style-src 'self' 'unsafe-inline' cdn-vsh.prague.eu fonts.googleapis.com analytics.monkeytracker.cz *.google.com *.hotjar.com *.cachefly.net *.payu.com *.platnosci.pl cdn.tiny.cloud;object-src 'self' cdn-vsh.prague.eu 3
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 3
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; frame-ancestors 'self' nvidia.lookbookhq.com nvidia.pathfactory.com resources.nvidia.com www.nvidia.com; report-uri https://nvidia.report-uri.com/r/d/csp/wizard 3
frame-ancestors 'self' *.swoogo.com 3
default-src 'self' 'unsafe-eval' https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://player.vimeo.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://www.instagram.com https://www.google.com https://player.vimeo.com; font-src 'self' https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabiblob:; connect-src 'self' https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https:; 3
script-src 'self' *.seksualiteit.nl *.seksindepraktijk.nl *.seksuelevorming.nl *.rutgers.international *.rutgers.nl *.weekvandelentekriebels.nl *.rutgers.ug *.rutgers.id *.anticonceptievoorjou.nl *.hotjar.com *.adform.net *.addthisedge.com *.addthis.com *.facebook.com *.newrelic.com *.nr-data.net *.cdn77.org *.ckeditor.com *.smartsupp-widget-161959.c.cdn77.org *.smartsuppchat.com *.adscience.nl *.bugherd.com *.googletagmanager.com *.googleapis.com *.pinterest.com *.readspeaker.com 'unsafe-inline' connect.facebook.net 'unsafe-eval' dev.visualwebsiteoptimizer.com *.google-analytics.com *.bootstrapcdn.com *.google.com *.gstatic.com *.typekit.net *.vimeocdn.com *.youtube.com *.ytimg.com *.fbcdn.net; style-src 'self' 'unsafe-inline' *.fonts.googleapis.com *.googleapis.com *.cdn77.org *.bootstrapcdn.com *.myfonts.net *.readspeaker.com *.youtube.com; font-src 'self' *.cdn77.org *.fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.fonts.googleapis.com *.googleapis.com *.ckeditor.com *.newrelic.com; media-src * 'self' data: 3
form-action 'self' 3
connect-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.ru *.google-analytics.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.mapbox.com *.ipqualityscore.com ipqualityscore.com *.googlesyndication.com *.getsitecontrol.com trainbusferry.com *.trainbusferry.com api.alternativepayments.com *.logs.datadoghq.com api-js.datadome.co cdn.ampproject.org; default-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com fonts.gstatic.com maxcdn.bootstrapcdn.com blob:; font-src 'self' * data: *.onetwogo.com maxcdn.bootstrapcdn.com; frame-src 'self' * *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com mc.yandex.md *.youtube.com *.doubleclick.net *.facebook.com *.omise.co *.paypal.com *.google.com *.stripe.com paymentpage.ecommpay.com s2.mailorsoon.net *.googletagmanager.com; img-src * blob: * data:; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.bing.com mc.yandex.ru *.ads-twitter.com analytics.twitter.com connect.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.omise.co *.paypalobjects.com *.paypal.com ipqualityscore.com *.getsitecontrol.com *.googleapis.com pagead2.googlesyndication.com googletagservices.com *.stripe.com trainbusferry.com *.trainbusferry.com paymentpage.ecommpay.com s7.addthis.com cdn.ampproject.org www.datadoghq-browser-agent.com js.datadome.co blob:; style-src 'self' * 'unsafe-inline' *.12go.co 12go.co *.12go.asia 12go.asia *.onetwogo.com onetwogo.com *.googleapis.com paymentpage.ecommpay.com maxcdn.bootstrapcdn.com; 3
default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net *.google.com *.gstatic.com; 3
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 3
frame-ancestors 'self' *.cms.foreninglet.dk 3
default-src https: data: wss: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.facebook.com *.googletagmanager.com *.demdex.net *.trustarc.com; 3
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 3
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src *     ;report-uri /xp/CSPReport.ashx     ;script-src * 'unsafe-inline' 'unsafe-eval' data: about:     ;style-src * 'unsafe-inline'     ;connect-src * blob:     ;font-src * data:     ;object-src *     ;img-src * data: blob:     ;media-src * blob:     ;frame-src * data: gsa: ajaxhandler:     ;child-src * blob:     ;worker-src * blob:     ;form-action * javascript:     ;frame-ancestors 'self' 3
frame-ancestors 'self' https://kuleuven.be https://*.kuleuven.be ; 3
frame-ancestors 'self' https://control.studentpad.com https://control.pad-group.com https://control.localpad.co.uk https://control.lettingspad.co.uk https://sandbox.studentpad.co.uk; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net  wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.googletagmanager.com ; img-src * data:; font-src * data: 3
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 3
frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: https://api.exponea.com https://www.googletagmanager.com https://www.google-analytics.com https://libs.de.coremetrics.com https://tmscdn.de.coremetrics.com https://20779843p.rfihub.com https://analytics-static.ugc.bazaarvoice.com https://api.sovendus.com https://api.trustedshops.com https://apps-stg.nexus.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://appsapi.veinteractive.com https://ariane.abtasty.com https://bat.bing.com https://benefits.sovendus.com https://config1.veinteractive.com https://cookiee1.veinteractive.com https://datacollect6.abtasty.com https://dcinfos-cache.abtasty.com https://dcinfos.abtasty.com https://display-stg.ugc.bazaarvoice.com https://display.ugc.bazaarvoice.com https://drs2.veinteractive.com https://elk.vhwrz.net https://googleads.g.doubleclick.net https://images.baby-walz.at https://images.baby-walz.ch https://images.baby-walz.de https://insitez.blob.core.windows.net https://live.adyen.com https://magpie-static.ugc.bazaarvoice.com https://maps.googleapis.com https://maps.gstatic.com https://meya.ai https://network-eu-stg.bazaarvoice.com https://network.bazaarvoice.com https://rum.vhwrz.net https://s.kelkoogroup.net https://s.kk-resources.com https://s.ytimg.com https://s3.amazonaws.com https://sessionapi.veinteractive.com https://shops-si.trustedshops.com https://stg.api.bazaarvoice.com https://t13.intelliad.de https://t23.intelliad.de https://test.adyen.com https://trustbadge.api.etrusted.com https://try.abtasty.com https://widgets.trustedshops.com https://www.awin1.com https://www.billiger.de https://www.dwin1.com https://www.econda-monitor.de https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.sovendus.com; report-uri /walz-webservices/csp-report-collector 3
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 3
default-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; script-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; font-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; img-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; child-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline' 3
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 3
connect-src 'self' wss: https://www.google-analytics.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://api.trustedshops.com https://hexagon-analytics.com http://bat.bing.com https://bat.bing.com http://*.taboola.com https://ctx-nsp-sell-watches-dev.s3.eu-west-1.amazonaws.com https://ctx-nsp-sell-watches.s3.eu-central-1.amazonaws.com https://*.g.doubleclick.net https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.hotjar.com/ https://*.hotjar.io/ https://static.zipmoney.com.au https://static.zdassets.com https://kreditrechner-long-test.creditplus.de https://kess.creditplus.de https://j4s6cgablv-dsn.algolia.net https://cdn.contentful.com https://connect.facebook.net https://*.sift.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.emarsys.net https://*.scarabresearch.com https://*.execute-api.eu-central-1.amazonaws.com https://ful-pricing-tool-backend.chronext.com; default-src 'self'; font-src 'self' data: * https://fonts.gstatic.com http://fonts.gstatic.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; frame-src 'self' https: https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ http://widget.trustpilot.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://connect.facebook.net https://*.sift.com; img-src 'self' data: * blob: * https://ssl.gstatic.com/ https://hexagon-analytics.com http://cdn.taboola.com https://cdn.taboola.com http://bat.bing.com https://bat.bing.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com tag.manager.google.com tagmanager.google.com/ https://www.youtube.com https://wpp-test.wirecard.com https://wpp.wirecard.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://*.sift.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://maps.googleapis.com https://widget.trustpilot.com https://hexagon-analytics.com http://bat.bing.com http://*.taboola.com https://test.dekopay.com https://secure.dekopay.com https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com https://*.youtube.com http://*.youtube.com https://s.ytimg.com https://static.doubleclick.net https://connect.facebook.net https://www.dwin1.com https://*.scarabresearch.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://tagmanager.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://test.oppwa.com https://oppwa.com https://test.ppipe.net/ https://ppipe.net/ https://sis.redsys.es/ https://mc-id-check.firstdata.de/ https://*.hotjar.com/ https://static.zipmoney.com.au https://static.zdassets.com 3
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' junchae.com linkharu.com 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce 3
frame-ancestors https: 3
frame-ancestors 'self' apac.marketing.adobe.com 3
connect-src 'self' 'unsafe-inline' www.google-analytics.com; script-src 'self' 'unsafe-inline' tags.tiqcdn.com www.youtube.com img6.wsimg.com img1.wsimg.com www.google-analytics.com s.ytimg.com; object-src 'none'; default-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; style-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; img-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com www.google-analytics.com 3
frame-ancestors 'self' facebook.com *.facebook.com 3
default-src 'self' bongacams.com *.bongacams.com ymetrica1.com mc.yandex.ru cam.bet *.cam.bet cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://151.80.33.131 http://176.9.86.142 http://176.9.142.103 http://144.76.24.149 http://136.243.73.233 http://148.251.0.18 http://144.76.218.27 http://148.251.136.187; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bongacams.com *.bongacams.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bongacams.com *.bongacams.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 3
default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com handelsbanken.easycruit.com handelsbankendk.easycruit.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com; font-src 'self' 3
script-src 'self'; object-src 'self' 3
default-src 'self'; script-src 'self' https://ajax.googleapis.com https://adservice.google.co.uk https://adservice.google.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://survey.g.doubleclick.net https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.mouseflow.com https://sharecdn.social9.com https://share.social9.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://sharecdn.social9.com https://sharec.social9.com; font-src 'self' https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://bid.g.doubleclick.net https://platform.twitter.com https://syndication.twitter.com; connect-src 'self' https://www.google.com https://www.google.co.uk https://www.google-analytics.com 3
block-all-mixed-content; report-uri /v1/csplog 3
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com *.livechatinc.com; 3
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https:; connect-src https: wss: 'self'; 3
default-src 'self' *.hotetec.com; connect-src 'self' *.hotetec.com *.hotelinking.com  *.sendpulse.com *.reviewpro.com backend.fideltour.com stats.g.doubleclick.net www.google-analytics.com in.hotjar.com www.123compare.me cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com www.googleadservices.com www.google.es www.facebook.com dev-traffic.attby.io vc.hotjar.io *.parthenon.io *.triptease.io api.rollbar.com www.thehotelsnetwork.com; frame-src *; ; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity-a.akamaihd.net/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net/; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; 3
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 3
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 3
frame-ancestors 'self' https://saint-gobain.wmh-demos.com/; 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 3
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 3
frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com 3
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us https://d17o6on0vd932d.cloudfront.net blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://d2b9h3rz4xo53c.cloudfront.net https://d24cgw3uvb9a9h.cloudfront.net https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://static.zoom.com.cn https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/* https://optimize.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.cn/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://www.recaptcha.net https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://d17o6on0vd932d.cloudfront.net https://www.gstatic.com https://www.gstatic.cn https://fonts.googleapis.com https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.us https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.us https://apis.google.com https://gstatic.zoom.com.cn 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none'; 2
default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 2
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coubsecure-s.akamaihd.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=19.11.20; 2
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://football.sportmail.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://gum.criteo.com https://football.sportmail.ru;  worker-src blob: 'self';  connect-src * wss: blob:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 2
default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca an.yandex.ru yandex.st mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.yandex.net verify.yandex.ru *.verify.yandex.ru 'self'; frame-src http: https: awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; font-src http: https: data: an.yandex.ru yastatic.net yastat.net 'self'; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru static-mon.yandex.net 'self'; media-src http: https: data: *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net report-uri https://livejournal.com/csp_reports 2
frame-ancestors 'none'; upgrade-insecure-requests 2
frame-ancestors *.mediafire.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 2
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity-a.akamaihd.net/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ *.google-analytics.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/; 2
base-uri 'self'; connect-src *; default-src 'self' *.meetup.com *.dev.meetup.com:8001; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: ;script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://stats.g.doubleclick.net https://storage.googleapis.com https://sc-kharon.appspot.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com https://*.firebaseio.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com https://tremolossl-a.akamaihd.net https://*.firebaseio.com; connect-src 'self' https://snapchat-web.storage.googleapis.com https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://www.google-analytics.com wss://*.firebaseio.com https://www.googleapis.com https://securetoken.googleapis.com https://storage.googleapis.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 2
frame-src 'self' share.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com;connect-src 'self' appcenter.ms install.appcenter.ms https://secure.gravatar.com *.intercom.io *.optimizely.com uploads.intercomcdn.com uploads.intercomusercontent.com *.cloudfront.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.visualstudio.com *.documents.azure.com *.hockeyapp.net *.blob.core.windows.net https://*.ingest.sentry.io https://graph.microsoft.com appcenter.ms install.appcenter.ms *.xamarin.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://api-prod-east-us2.prod.avalanch.es:8088 https://file.appcenter.ms wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://upload.appcenter.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;default-src 'self' *.msecnd.net data:;font-src 'self' data: js.intercomcdn.com fonts.gstatic.com assets.onestore.ms c.s-microsoft.com;img-src * data:;media-src js.intercomcdn.com xtc-staging-artifacts.s3-eu-west-1.amazonaws.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net app.intercom.io widget.intercom.io js.intercomcdn.com monaco-cdn-int.azureedge.net accessibility-bookmarklets.org uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;style-src 'self' 'unsafe-inline' monaco-cdn-int.azureedge.net accessibility-bookmarklets.org/ uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;worker-src 'self' blob: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
frame-ancestors https://ads.idntimes.com https://fyi.idntimes.com 2
block-all-mixed-content; report-uri /csp-report?p=; base-uri 'none'; default-src 'none'; style-src 'unsafe-inline' 'self' https://*.stripecdn.com; connect-src 'self' https://errors.stripe.com https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ga.clearbit.com; font-src 'self' https://*.stripecdn.com; frame-src 'self' https://*.stripecdn.com https://www.googletagmanager.com; img-src 'self' https://*.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com data:; media-src 'self' https://*.stripecdn.com https://videos.ctfassets.net; script-src 'self' 'sha256-6hCrKkhcyMhhMFEfSpCTaBOu2I3bF+wiEjLQdI7s+jQ=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-Dl4kDTvi3IPO83pu8XmRKoIW4XAR53R9h9gRPskUbdc=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://*.stripecdn.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net 'sha256-ELZBkO1eLwWs6QKigj+FQzktzusJRQek0e2CLudl4N8=' https://www.googletagmanager.com https://ga.clearbit.com 'report-sample' 2
upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: http: *.images.express.co.uk *.images.dailyexpress.co.uk; media-src https: data: blob:; font-src https: data:; frame-src https: data: blob:; connect-src https: wss: blob:; object-src https:; 2
frame-ancestors 'self' *.shopeemobile.com *.shopee.tw *.shopee.cn *.facebook.com;  2
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 2
frame-src 'self' https: https://optimize.google.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; font-src 'self' data: https: https://fonts.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com; upgrade-insecure-requests; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; media-src 'self' https:; img-src 'self' data: https: https://g.foolcdn.com http://px.moatads.com https://optimize.google.com https://www.google-analytics.com 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net cdn.curator.io eisi-ext.azurewebsites.net *.aparat.com *.tableau.com *.wufoo.com s.pinimg.com ct.pinterest.com analytics.tiktok.com; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org cdn.curator.io *.twimg.com; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com  *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com *.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com *.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com *.tableau.com; media-src 'self' *.cdninstagram.com video.twimg.com; frame-src 'self' *.facebook.com www.google.com *.twitter.com e.infogram.com infogram-download-us2.s3.eu-west-1.amazonaws.com infogram-download-eu.s3.eu-west-1.amazonaws.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com *.doubleclick.net player.vimeo.com forms.office.com *.aparat.com *.tableau.com oms.gameloft.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org cdn.curator.io; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org api.curator.io bam.nr-data.net rpapigatewaytest.azurewebsites.net i2e.azurewebsites.net; report-uri /report-csp-violation 2
frame-ancestors 'self' www.lgechat.com; 2
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://analytics.pgncs.notion.so https://checkout.stripe.com https://embed.typeform.com https://admin.typeform.com https://platform.twitter.com https://cdn.syndication.twimg.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https: http: https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://api.segment.io https://api.pgncs.notion.so https://checkout.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://api.unsplash.com https://boards-api.greenhouse.io; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 2
default-src 'self' ; img-src 'self' https://cdn.lmiutil.com/  https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com https://*.go-mpulse.net https://*.akstat.io/ data: https://*.g2.com  https://*.akstat.io/ https://*.go-mpulse.net https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com  https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.akstat.io/ https://*.go-mpulse.net https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self' https://*.akstat.io/ https://*.go-mpulse.net https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com  https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.lmiutil.com/  https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.lmiutil.com/ https://*.go-mpulse.net https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2 https://*.cybersource.com/  https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval'  https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ; frame-src 'self' https://www.tfaforms.com/ https://cdn.lmiutil.com/ https://b.company-target.com https://*.cybersource.com https://*.lastpass.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com  https://b.company-target.com/ect.html https://*.g2.com https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com;frame-ancestors 'self'  https://*.lookbookhq.com https://*.pathfactory.com https://*.logmein.com https://*.lastpass.com;worker-src https://*.lastpass.com blob: 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net cuantrix.mx cuantrix.gilasw.com code.org studio.code.org curriculum.code.org codecurricula.com 2
frame-ancestors 'self' https://*.justia.com http://*.justia.com 2
frame-ancestors 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self' https://blockchair.com; 2
default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com *.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://*.decibelinsight.net *.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 2
frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk; report-uri https://o105906.ingest.sentry.io/api/5404623/security/?sentry_key=69c1c2ca19c04107ae9b1d00d235e0b5&sentry_environment=production; 2
default-src 'self' wss: data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.wolframcloud.com localhost:* *.adroll.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wolfram.com *.wolframalpha.com *.wolframcdn.com connect.facebook.net ajax.googleapis.com *.adroll.com *.wolframalpha.tw *.cloudflare.com; img-src 'self' http://*.wolframcdn.com *.wolframcdn.com data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.adroll.com www.facebook.com; font-src * data:; style-src 'unsafe-inline' 'self' data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com fonts.googleapis.com; 2
default-src https: wss:; script-src about: 'unsafe-inline' 'unsafe-eval' https: wss:; img-src data: blob: https: wss:; style-src 'unsafe-inline' https: wss: blob:; font-src https: data: wss: 'self'; report-uri https://idcqaenforce.report-uri.com/r/d/csp/enforce; 2
frame-ancestors 'self' app.optimizely.com cdn.optimizely.com *.fourseasons.com; report-uri https://vmkkmcabbh.execute-api.ca-central-1.amazonaws.com/CspReportsApi 2
frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 2
default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2
frame-ancestors https://*.udacity.com 2
frame-ancestors 'self' *.benzinga.com 2
http://localhost:* file: *.labanquepostale.fr 2
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru www.cdn-tinkoff.ru www.google.com www.google.ru www.facebook.com google-analytics.bi.owox.com analytics.tiktok.com api.advcake.com 'self' *.tinkoff.ru *.tcsbank.ru wss://*.tinkoff.ru platform-sentry.tcsbank.ru sentry.tinkoff.ru www.tinkoff.ru cfg.tinkoff.ru acdn.tinkoff.ru business.tinkoff.ru; script-src sync.datamind.ru www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.g.doubleclick.net assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.google-analytics.com googleads.g.doubleclick.net www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com connect.facebook.net *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru ad.doubleclick.net analytics.tiktok.com 'self' 'unsafe-eval' 'unsafe-inline'; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru googletagmanager.com www.facebook.com/tr/ *.g.doubleclick.net www.googleadservices.com www.cdn-tinkoff.ru *.tinkoff.ru manalyticshub.com p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru hit.acstat.com 'self' data: *.tcsbank.ru *.cdn-tinkoff.ru; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru www.cdn-tinkoff.ru 'self' blob: *.tinkoff.ru *.tcsbank.ru; report-uri https://www.tinkoff.ru/api/front/log/csp-error?appName=pfphome&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' www.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru 2
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com data:; connect-src 'self' https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com; frame-src https://www.googletagmanager.com https://optimize.google.com; object-src 'self' 2
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com 2
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 2
object-src 'self' https://marketing-cdn.hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://marketing-cdn.hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://player.vimeo.com/* data https://marketing-cdn.hightail.com/; frame-ancestors 'self' https://marketing-cdn.hightail.com; 2
img-src 'self' https: data: i.vimeocdn.com 2
default-src https:; child-src blob: https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net https://tags.bkrtx.com flex.atdmt.com https://s.yimg.com; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com *.demdex.net *.bluekai.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://s.yimg.com http://www.oracle.com; media-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://ci-mpsnare.iovation.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://s3.amazonaws.com https://app.curalate.com https://*.clearpay.co.uk https://polyfill.io https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://*.googleapis.com https://p.dlx.addthis.com https://px0.pbbl.co https://*.google.com https://images.contentful.com https://images.ctfassets.net https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.akstat.io https://www.google.co.uk https://*.perimeterx.net https://rtb-csync.smartadserver.com https://ads.yahoo.com http://images.anthropologie.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com https://cdn.dashhudson.com https://*.ra.linksynergy.com https://cx.atdmt.com https://pixel.tapad.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://ct.pinterest.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://sentry.io https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.g.doubleclick.net https://gum.criteo.com https://images.anthropologie.com https://api.bazaarvoice.com https://static.criteo.net https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://core.conversant.mgr.consensu.org https://www.babylist.com https://*.scene7.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com https://*.dotomi.com https://mpsnare.iesnare.com https://*.adsymptotic.com https://*.attentivemobile.com https://*.attn.tv https://*.attentivemobile.com https://cdn.honey.io https://cdn.contentful.com https://open.spotify.com https://*.myunidays.com https://*.murdoog.com https://g.3gl.net https://r.3gl.net.cn https://r.3gl.net https://trustbadge.api.etrusted.com https://*.tealiumiq.com https://*.salesforce.com https://*.px-cloud.net https://sdk.iad-01.braze.com https://idsync.rlcdn.com https://*.force.com https://*.crazyegg.com https://d38xvr37kwwhcm.cloudfront.net https://trail.grin.co https://downloads.contentful.com https://cf.adxcel.com https://data.adxcel-ec2.com https://*.8x8.com/ https://*.btttag.com https://www.cloudflare.com/cdn-cgi/trace https://*.krxd.net;frame-ancestors 'none'; 2
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://b-code.liadm.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.paypal.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://d.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://pixel.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://sp.analytics.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://x.skimresources.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://www.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 2
frame-ancestors 'self' http://127.0.0.1:13688 https://webhare.utwente.nl https://employees.utwente.nl 2
frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2
frame-ancestors 'self' btprt.dj snip.ly 2
default-src 'self'  https://analytics.govinfo.gov https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self'   https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; object-src 'unsafe-inline' 'self' ; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com   https://stackpath.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com  https://analytics.govinfo.gov data:; font-src 'unsafe-inline' 'self'  https://stackpath.bootstrapcdn.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self'  https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 2
font-src 'self' data: *.consumerfinance.gov fast.fonts.net fonts.google.com fonts.gstatic.com; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com api.iperceptions.com *.qualtrics.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov fast.fonts.net tagmanager.google.com optimize.google.com api.mapbox.com fonts.googleapis.com; img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com www.gstatic.com ssl.gstatic.com stats.g.doubleclick.net img.youtube.com *.google-analytics.com trk.cetrk.com searchstats.usa.gov gtrk.s3.amazonaws.com *.googletagmanager.com tagmanager.google.com maps.googleapis.com optimize.google.com api.mapbox.com *.tiles.mapbox.com stats.search.usa.gov blob: data: www.facebook.com www.gravatar.com *.qualtrics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov *.google-analytics.com *.googletagmanager.com tagmanager.google.com optimize.google.com ajax.googleapis.com search.usa.gov api.mapbox.com js-agent.newrelic.com dnn506yrbagrg.cloudfront.net bam.nr-data.net *.youtube.com *.ytimg.com trk.cetrk.com universal.iperceptions.com cdn.mouseflow.com n2.mouseflow.com us.mouseflow.com geocoding.geo.census.gov tigerweb.geo.census.gov about: connect.facebook.net www.federalregister.gov storage.googleapis.com *.qualtrics.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com optimize.google.com www.youtube.com *.doubleclick.net universal.iperceptions.com www.facebook.com staticxx.facebook.com mediasite.yorkcast.com *.qualtrics.com; default-src 'self'; media-src 'self' *.consumerfinance.gov 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com/beacon.min.js https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org https://*.runescape.wiki https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://unpkg.com https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://soundcloud.com https://*.weirdgloop.org https://*.runescape.wiki https://*.googleapis.com https://www.google-analytics.com; frame-src https://w.soundcloud.com www.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; base-uri 'self' 2
frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com agent.bold360.com *.cox-ondemand.com *.yext-cdn.com *.yextpages.net 2
frame-ancestors https://*.optimizely.com; upgrade-insecure-requests; default-src data: https: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.brightspace.com; 2
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com *.appdynamics.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellfit.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; style-src * 'unsafe-inline' 'unsafe-eval' data: blob: 2
frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co match.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net; media-src 'self' data: blob: www.youtube.com; frame-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com; connect-src 'self' polo.feathr.co; 2
default-src 'self'; connect-src *; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ioam.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.bunchbox.co; img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com *.argosdata.io *.bunchbox.co; media-src * mediastream: blob:; frame-src 'self' localhost:* *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net *.ioam.de *.bunchbox.co; worker-src 'self' blob: 2
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://gab.com; img-src 'self' https: data: blob: https://gab.com; style-src 'self' 'unsafe-inline' https://gab.com; media-src 'self' https: data: https://gab.com; frame-src 'self' https:; manifest-src 'self' https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com; script-src 'self' https://gab.com https://*.gab.com 2
style-src 'self' 'unsafe-inline'; 2
frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas bddf.biapi.pro bddf-ppd.biapi.pro  prisme.facil-iti.net *.parrainage.bnpparibas *.bnpparibas 2
default-src https://www.nic.ir https://static.nic.ir 'unsafe-inline'; img-src *.nic.ir https://webchat.nic.ir:8080 https://trustseal.enamad.ir/ http://trustseal.enamad.ir/; font-src *.nic.ir 2
frame-ancestors 'self' http://*.stumbleupon.com https://*.stumbleupon.com http://*.medpagetoday.com https://*.medpagetoday.com; 2
frame-src https://*.doubleclick.net:* https://*.facebook.com:* https://*.google.com:* https://*.soundcloud.com:* https://*.spotify.com:* https://*.twitter.com:* https://*.vimeo.com:* https://*.youtube.com:*; frame-ancestors 'self'; 2
value 2
frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 2
default-src 'self'; media-src 'self' https://storage.googleapis.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.snapchat.com/ https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/; connect-src 'self' https://www.snapchat.com/ https://sentry.sc-prod.net; script-src 'self' https://www.google-analytics.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://images.bitmoji.com; report-uri https://csp-central.appspot.com/report_csp; 2
default-src 'self' data: https://*.commerce.gov https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://www.youtube-nocookie.com https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests;  2
font-src https://cdnjs.cloudflare.com data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://staging-static-eu.christianlouboutin.com https://staging-eu.christianlouboutin.com https://staging-admin-eu.christianlouboutin.com https://static-eu.christianlouboutin.com https://prod-eu.christianlouboutin.com https://eu.christianlouboutin.com https://admin-eu.christianlouboutin.com *.iadvize.com *.iadvize.net wss://xmpp-sd-alb.iadvize.com/websocket https://s3-eu-central-1.amazonaws.com wss://cobrowsing.iadvize.com/socket.io 'self' 'unsafe-inline'; form-action https://www.facebook.com https://idcheck.acs.touchtechpayments.com/v1/payerAuthentication https: https://cs22.salesforce.com/ https://webto.salesforce.com/ https://*/* 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://player.freecaster.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://checkoutshopper-live-au.adyen.com https://www.facebook.com https://www.youtube.com https://vimeo.com https://s7.addthis.com https: 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://www.facebook.com https://www.facebook.com/tr/* https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.google.fr https://www.google.at https://maps.gstatic.com https://maps.googleapis.com https://chart.googleapis.com https://staging-static-eu.christianlouboutin.com https://staging-eu.christianlouboutin.com https://staging-admin-eu.christianlouboutin.com https://static-eu.christianlouboutin.com https://prod-eu.christianlouboutin.com https://eu.christianlouboutin.com https://admin-eu.christianlouboutin.com *.gstatic.com https://lh3.googleusercontent.com *.iadvize.com *.iadvize.net wss://xmpp-sd-alb.iadvize.com/websocket https://s3-eu-central-1.amazonaws.com wss://cobrowsing.iadvize.com/socket.io https://googleads.g.doubleclick.net 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://cdnjs.cloudflare.com https://staging-static-eu.christianlouboutin.com https://staging-eu.christianlouboutin.com https://staging-admin-eu.christianlouboutin.com https://static-eu.christianlouboutin.com https://prod-eu.christianlouboutin.com https://eu.christianlouboutin.com https://admin-eu.christianlouboutin.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com *.iadvize.com *.iadvize.net https://cdn.mxpnl.com wss://xmpp-sd-alb.iadvize.com/websocket https://s3-eu-central-1.amazonaws.com wss://cobrowsing.iadvize.com/socket.io data: *.google.com *.googletagmanager.com https://polyfill.io https://vimeo.com https://www.youtube.com www.gstatic.com https://bat.bing.com https://maps.googleapis.com https://c.la1-c2-ord.salesforceliveagent.com https://www.google.com https://www.gstatic.com https://bat.bing.com/bat.js https://*.facebook.net https://connect.facebook.net https://s7.addthis.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://assets.pinterest.com https://widgets.pinterest.com https://graph.facebook.com https://d.line-scdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com data: https://maxcdn.bootstrapcdn.com https://staging-static-eu.christianlouboutin.com https://staging-eu.christianlouboutin.com https://staging-admin-eu.christianlouboutin.com https://static-eu.christianlouboutin.com https://prod-eu.christianlouboutin.com https://eu.christianlouboutin.com https://admin-eu.christianlouboutin.com https://tagmanager.google.com *.iadvize.com *.iadvize.net wss://xmpp-sd-alb.iadvize.com/websocket https://s3-eu-central-1.amazonaws.com wss://cobrowsing.iadvize.com/socket.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://player.vimeo.com https://vod-progressive.akamaized.net https://www.vimeo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://us-central1-data-hal-9000.cloudfunctions.net *.algolia.net https://www.google-analytics.com https://stats.g.doubleclick.net https://bat.bing.com https://staging-static-eu.christianlouboutin.com https://staging-eu.christianlouboutin.com https://staging-admin-eu.christianlouboutin.com https://static-eu.christianlouboutin.com https://prod-eu.christianlouboutin.com https://eu.christianlouboutin.com https://admin-eu.christianlouboutin.com https://s7.addthis.com https://api-js.mixpanel.com *.iadvize.com *.iadvize.net https://www.facebook.com https://www.facebook.com/tr/* https://pinterest.com https://google.com wss://xmpp-sd-alb.iadvize.com/websocket https://s3-eu-central-1.amazonaws.com wss://cobrowsing.iadvize.com/socket.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
connect-src 'self' https://*.clicktale.net https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kaspersky.d3.sc.omtrdc.net https://kasperskycontenthub.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com https://tpc.googlesyndication.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com https://tpc.googlesyndication.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://infogram.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://assets.threatpost.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com http://media.threatpost.com https://*.addthis.com https://*.cdninstagram.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://assets.threatpost.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://media.threatpost.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://tagmanager.google.com https://threatpost.com https://tpc.googlesyndication.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://polldaddy.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com http://assets.threatpost.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sekindo.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://assets.threatpost.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com https://tagmanager.google.com https://tpc.googlesyndication.com 2
style-src 'unsafe-inline' 'self' *.yximgs.com https://captcha.gtimg.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js https://captcha.guard.qcloud.com https://captcha.gtimg.com; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 2
frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2
frame-ancestors vanderbilt.edu/AEA 'self' 2
frame-ancestors 'self' libertystreeteconomics.newyorkfed.org; 2
default-src wss://ws.ttsep.com/ accounts.google.com 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 2
frame-ancestors 'self' https://www.a2hosting.com 2
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src blob: js.driftt.com *.youtube-nocookie.com app-sj17.marketo.com; connect-src 'self' secure.adnxs.com *.6sense.com *.6sc.co *.company-target.com api.lever.co distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net *.litix.io embed-ssl.wistia.com hackerone.com *.mktoresp.com *.mktoutil.com checkout.stripe.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.twitter.com; frame-ancestors 'self'; frame-src fast.wistia.com js.driftt.com *.youtube.com *.youtube-nocookie.com app-sj17.marketo.com *.twitter.com my.pima.app; object-src 'self'; img-src 'self' data: via.placeholder.com t.co stats.g.doubleclick.net *.google.com *.6sc.co *.bidr.io *.techtarget.com *.company-target.com *.adsymptotic.com *.linkedin.com cdn.ttgtmedia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.google-analytics.com *.twitter.com *.twimg.com cdn.bizible.com; media-src 'self' blob: data: embed-fastly.wistia.com embedwistia-a.akamaihd.net fast.wistia.com; script-src 'self' 'sha256-XrP50Mq6s78GLH2Vyt4BfKhn8rx4OdU6FYqQGbxRuZc=' 'sha256-chw1FVji+ddLlO/RrcP3fhKOLsJUUh+FaKbjsOC2BiQ=' 'sha256-D6d37gZGDMRuNu3bDdYkGuOfCaaNGdTrB3eF5d5IU/Y=' *.ads-twitter.com analytics.twitter.com *.cloudflare.com *.techtarget.com *.demandbase.com *.6sc.co *.linkedin.com snap.licdn.com fast.wistia.com js.driftt.com *.google-analytics.com app-sj17.marketo.com munchkin.marketo.net *.twitter.com cdn.syndication.twimg.com cdn.bizible.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.wistia.com app-sj17.marketo.com *.twitter.com; report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=61c1e2f50d21487c97a071737701f598 2
frame-ancestors 'self' *.oui.sncf; report-uri /report-csp-violation 2
frame-ancestors https://docs.google.com https://*.googleusercontent.com; 2
default-src * data: blob:;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net www.google-analytics.com;style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* ws://localhost:* blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com *.workplace.tools;block-all-mixed-content;upgrade-insecure-requests; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.brides.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com/ https://tajs.qq.com https://www.zblogcn.com https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js; style-src 'self' 'unsafe-inline' https://*.zblogcn.com; img-src 'self' https://* data: 2
frame-ancestors 'self' *.qnap.com *.qnap.com.tw 2
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.salesforceliveagent.com https://*.force.com https://opswat--backup.my.salesforce.com https://code.jquery.com https://www.gstatic.com https://analytics.twitter.com https://forms.hsforms.com js.hsforms.net https://s.ytimg.com https://snap.licdn.com https://js.hs-banner.com https://js.hs-analytics.net https://connect.facebook.net www.youtube.com https://*.wistia.com https://*.wistia.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com http://js.hs-scripts.com www.googleadservices.com https://www.google.com https://www.google.com.vn https://static.ads-twitter.com; img-src 'self' data: https://www.linkedin.com https://storage.googleapis.com https://*.opswat.com https://forms.hsforms.com https://track.hubspot.com https://embed-fastly.wistia.com https://perf.hsforms.com https://p.adsymptotic.com https://px.ads.linkedin.com https://t.co http://t.co https://www.google.com.vn https://www.facebook.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com; connect-src 'self' https://backup-opswat.cs46.force.com https://forms.hsforms.com https://www.facebook.com https://oesis-downloads-portal.s3.us-west-1.amazonaws.com https://embedwistia-a.akamaihd.net https://*.litix.io *.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com ; style-src 'unsafe-inline' 'self' https://*.force.com; frame-src 'self' https://service.force.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://forms.hsforms.com https://www.facebook.com https://www.google.com https://www.slideshare.net http://www.slideshare.net; font-src 'self' data: https://fonts.gstatic.com https://*.wistia.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://storage.googleapis.com; worker-src 'self' blob:; object-src 'none'; 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://*.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://*.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com 2
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-us1.cludo.com ajax.googleapis.com customer.cludo.com https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net; style-src 'self' 'unsafe-inline' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net ajax.googleapis.com cloud.typography.com customer.cludo.com https://*.boisestate.edu; img-src data: * ; font-src data: cloud.typography.com 'self' https://*.boisestate.edu; connect-src 'self' api-us1.cludo.com https://*.boisestate.edu *.pusherapp.com *.pusher.com fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/; media-src 'self' https://*.boisestate.edu fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net; object-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; worker-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; frame-src 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net https://*.boisestate.edu; ; frame-ancestors 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; form-action 'self' fs.aws.boisestate.edu fs.boisestate.edu *.libanswers.com *.ebscohost.com clickdeskvisitors.appspot.com sockjs.pusher.com ws.pusherapp.com https://d3dy5gmtp8yhk7.cloudfront.net https://d1gwclp1pmzk26.cloudfront.net *.clickdesk.com *.smartsheet.com https://plugin.3playmedia.com https://client.radiusbycampusmgmtchat.com app.smartsheet.com d1d7fjtb6d4i2m.cloudfront.net livechat.hobsonsradius.com www.googleadservices.com *.google.com *.googleapis.com https://cdn.hypemarks.com *.googletagmanager.com *.vimeo.com *.google-analytics.com boisestate.askadmissions.net https://www.youtube.com *.orgsync.com orgsync.com *.techsmithrelay.com *.youcanbook.me *.soundcloud.com vimeo.com soundcloud.com techsmithrelay.com youcanbook.me public.tableau.com https://www.gstatic.com https://boise.tribe customer.cludo.com.cdn.cloudflare.net https://secure.touchnet.com https://boisestate.givepulse.com https://boxcast.tv https://boisestate.on.worldcat.org https://fh8fe2xb7x.search.serialssolutions.com html5-player.libsyn.com https://boisestate.hosted.panopto.com assets.pxlecdn.com assets.pixlee.com photos.pixlee.co https://snap.licdn.com participant.connect.us-west-2.amazonaws.com https://slate.technolutions.net https://fw.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://admissions-boisestate-edu.cdn.technolutions.net https://fw.cdn.technolutions.net assets.adobedtm.com assets.adobe.com bikeindex.org anchor.fm https://www.wrike.com/ d25vtythmttl3o.cloudfront.net https://*.boisestate.edu ; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors https://*.ionos.fr https://ionos.fr; 2
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'report-sample' 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'report-sample' 'self' https://fonts.gstatic.com https://www.mbank.pl; connect-src 'report-sample' 'self' https://ad.doubleclick.net https://adservice.google.com https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://lp.skp.mbank.pl https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'report-sample' 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'report-sample' 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'report-sample' 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'report-sample' 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'report-sample' 'self' https://www.mbank.pl;  2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 2
frame-ancestors *.2checkout.com *.2co.com *.avangate.com 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' http://img.youtube.com 2
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 2
default-src 'self' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' *.owncloud.com; img-src * data: blob: 'unsafe-inline'; frame-src *; connect-src 'self' *.mktoresp.com *.mktoutil.com *.owncloud.com *.google-analytics.com *.facebook.com *.doubleclick.net *.fontawesome.com; media-src 'self' *.24liveblog.com 'unsafe-inline'; style-src 'self' *.google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.marketo.com *.mktoresp.com *.owncloud.com *.fontawesome.com 'unsafe-inline'; font-src 'self' * data: 2
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 2
frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.casalemedia.com 2
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https: 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob; img-src data: https: android-webview-video-poster: blob:; font-src data: https:; upgrade-insecure-requests; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
frame-ancestors 'self'; report-uri /bin/lexmark/csp-report; report-to lxk-report 2
child-src * blob: 2
frame-ancestors https://*.1stdibs.com; 2
frame-ancestors 'self' https://*.duke-energy.com 2
report-uri https://sportsmole.report-uri.com/r/d/csp/wizard 2
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com https://com-avaya.netmng.com https://nan.netmng.com https://audiences.ignitionone.com https://a.rfihub.com https://c1.rfihub.net https://4529201.fls.doubleclick.net https://sp.analytics.yahoo.com com-avaya.qa.netmng.com https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.adroll.com https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://avaya.greenshootlabs.com https://*.kaltura.com https://*.linkedin.com https://*.serving-sys.com https://*.webengage.co https://*.webengage.com https://*.webtrends.com https://*.webtrendslive.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://*.avaya.com https://*.kaltura.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://www.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.kaltura.com https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://c.webengage.com https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca; frame-ancestors 'self' ; report-uri https://ce4597319c39d6fb9172e9cd9821a217.report-uri.io/r/default/csp/enforce; 2
default-src 'self' data: https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; font-src https: data:; object-src 'none'; 2
img-src https: data: blob:; object-src 'none'; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2
sandbox allow-downloads allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; report-to csp-endpoint; 2
frame-ancestors https: 'self' *.typetastic.com *.typinggames.zone; child-src https: 'self' blob: 'self'; 2
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com *.abtasty.com; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com ; frame-ancestors 'self' https://*.belastingdienst.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com  https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://f1-eu.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://f1-eu.readspeaker.com *.abtasty.com 'unsafe-inline' 2
frame-ancestors 'self' https://app.optimizely.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
frame-ancestors https://*.ionos.es https://ionos.es; 2
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' https://darksky.wufoo.com maps.darksky.net https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' http://storage.googleapis.com https://www.wufoo.com https://maps.googleapis.com https://ajax.googleapis.com https://secure.wufoo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' *.cienradios.com www.clarin.com *.devcr.com.ar *.cienradios-pre.com.ar prepro.int.clarin.com *.prepro.int.clarin.com viapais.com.ar *.viapais.com.ar alpha.viapais.com.ar *.alpha.viapais.com.ar beta.viapais.com.ar *.beta.viapais.com.ar prepro.viapais.com.ar *.prepro.viapais.com.ar cdn.ampproject.org *.cdn.ampproject.org google.com *.google.com google.com.ar *.google.com.ar; 2
frame-ancestors 'self' http://www.kayak.com.au https://checkin.si.amadeus.net https://pdt.checkin.amadeus.net http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae http://global.cheapflights.com http://global.momondo.com http://kayak.de http://momondo.de http://swoodoo.com http://kayak.fr http://momondo.fr http://www-malaysiaairlines-com.cdn.ampproject.org http://cdn.ampproject.org http://www.ampify.ga https://www.kayak.com.au https://www.momondo.com.au https://www.cheapflights.com.au https://www.ca.kayak.com https://www.momondo.ca https://www.cheapflights.ca https://www.cn.kayak.com https://www.momondo.com.cn https://www.kayak.com.hk https://www.momondo.hk https://www.cheapflights.com.hk https://www.kayak.co.in https://www.momondo.in https://www.in.cheapflights.com https://www.kayak.co.id https://www.cheapflights.co.id https://www.kayak.co.jp https://www.kayak.co.kr https://www.kayak.com.my https://www.cheapflights.com.my https://www.nz.kayak.com https://www.momondo.co.nz https://www.cheapflights.co.nz https://www.cheapflights.com.ph https://www.kayak.com.ph https://www.kayak.sg https://www.cheapflights.com.sg https://www.tw.kayak.com https://www.momondo.tw https://www.kayak.co.th https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk https://www.cheapflights.co.uk https://www.kayak.com https://www.momondo.com https://www.cheapflights.com https://www.ae.cheapflights.com https://www.kayak.ae https://global.cheapflights.com https://global.momondo.com https://kayak.de https://momondo.de https://swoodoo.com https://kayak.fr https://momondo.fr https://www-malaysiaairlines-com.cdn.ampproject.org https://cdn.ampproject.org https://www.ampify.ga https://mobile-api.oneworld.com/ https://oneworld.com/ https://digital.malaysiaairlines.com/ https://ma-stage64-01.adobecqms.net/ https://ma-sit64.adobecqms.net/ https://ma-dev64.adobecqms.net/ 2
child-src threatplaybook.fortiguard.com fortiguard.com fortinet.com fgstaging.corp.fortinet.com w.soundcloud.com www.google.com 2
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 2
frame-ancestors 'self' *.ibm.com ; child-src blob: * 2
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com/ https://*.intercomassets.com/ https://static.ads-twitter.com https://analytics.twitter.com https://*.albacross.com https://*.quora.com https://*.googleadservices.com https://*.hs-analytics.net https://snap.licdn.com https://*.hscollectedforms.net https://*.ampproject.org  https://*.hs-scripts.com https://*.onthe.io/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.intercom.io/ https://*.intercomcdn.com/ https://*.lfeeder.com/ https://*.leadfeeder.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ws.zoominfo.com; style-src 'self' 'unsafe-inline'  https://fonts.intercomcdn.com/ https://*.intercomassets.com/ https://*.onthe.io/ https://iotechnologies.com/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com/ https://*.intercomassets.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ws.zoominfo.com; connect-src 'self' https://fonts.intercomcdn.com/  https://*.intercomassets.com/ https://*.albacross.com https://*.hubspot.com https://*.doubleclick.net https://*.onthe.io/ https://news.c8.net.ua/ https://ws.onthe.io/ https://api-iam.intercom.io/ https://*.intercom.io/ wss://*.intercom.io/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://ws.zoominfo.com wss://*.hotjar.com; frame-src 'self' https://*.onthe.io https://www.youtube.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ws.zoominfo.com; media-src 'self' https://*.onthe.io https://*.iotechnologies.com https://*.dropboxusercontent.com/ https://*.dropbox.com/ 2
script-src https: http: 'unsafe-eval' 'unsafe-inline'; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 2
connect-src consumer.krxd.net https://connect.facebook.net edgeapi.ace.teliacompany.net webprovisions-labs.humany.net 'self' telia-se.blueconic.net stats.g.doubleclick.net www.google.se telia-natcenter.humany.net cgchat.callguide.telia.com cdn.blueconic.net pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com; default-src localhost:41680 'self'; font-src https://fonts.gstatic.com webprovisions-labs.humany.net 'self' telia.humany.net data: telia-natcenter.humany.net; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net https://www.facebook.com wds-s.ace.teliacompany.com www.youtube.com wds.ace.teliacompany.com go.pardot.com youtube.com; img-src img.youtube.com https://optimize.google.com webprovisions-labs.humany.net 'self' https://www.facebook.com telia-se.blueconic.net stats.g.doubleclick.net www.google.se telia-natcenter.humany.net beacon.krxd.net d6tizftlrpuof.cloudfront.net cdn.blueconic.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net data: media.krxd.net www.google-analytics.com humany.blob.core.windows.net; report-uri /.api/csp-report/v1/report?teamId=7dfafa39-0cc44b25-8e7c83f0; script-src 'unsafe-inline' https://optimize.google.com webprovisions-labs.humany.net 'self' cdn.krxd.net https://www.facebook.com telia-natcenter.humany.net cdn.blueconic.net www.googletagmanager.com core.dch.got.telia.se wds-s.ace.teliacompany.com portal-hosting.humany.net pi.pardot.com www.google-analytics.com consumer.krxd.net https://connect.facebook.net https://tagmanager.google.com core.dc.teliacompany.net telia-se.blueconic.net wds.ace.teliacompany.com beacon.krxd.net cdn.pardot.com d6tizftlrpuof.cloudfront.net *.usabilla.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net 'unsafe-eval' media.krxd.net; style-src https://tagmanager.google.com 'unsafe-inline' core.dc.teliacompany.net https://optimize.google.com webprovisions-labs.humany.net 'self' telia-se.blueconic.net wds.ace.teliacompany.com telia-natcenter.humany.net d6tizftlrpuof.cloudfront.net cdn.blueconic.net core.dch.got.telia.se wds-s.ace.teliacompany.com telia.humany.net gentle-tor-21016.herokuapp.com plugins.blueconic.net media.krxd.net https://fonts.googleapis.com 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self'; form-action *; reflected-xss block; upgrade-insecure-requests; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' dyklh89h601oh.cloudfront.net code.jquery.com info.iovation.com info.iovation.io go.pardot.com i.pardot.com pi.pardot.com player.vimeo.com vimeo.com www.googletagmanager.com sjs.bizographics.com px.ads.linkedin.com www.linkedin.com snap.licdn.com syndication.twitter.com platform.twitter.com cdn.syndication.twimg.com www.youtube.com w.soundcloud.com stats.g.doubleclick.net www.google-analytics.com js.stripe.com ipinfo.io js.driftt.com api.craftcms.com feed-proxy.craftcms.com; upgrade-insecure-requests; font-src 'self' data: dyklh89h601oh.cloudfront.net; img-src 'self' data: content.iovation.com dyklh89h601oh.cloudfront.net d2zi1uus18i57q.cloudfront.net www.google-analytics.com stats.g.doubleclick.net www.google.com chart.googleapis.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com pluginicons.craft-cdn.com avatars.craft-cdn.com pluginscreenshots.craft-cdn.com syndication.twitter.com platform.twitter.com pbs.twimg.com; 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 2
default-src 'self' 'unsafe-eval' https://*.tgdd.vn https://*.thegioididong.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: https:; frame-src 'self' https://vuivuilocal.firebaseapp.com https://thegioididong.typeform.com https://embed.24liveblog.com https://node.24live.co https://googleads.g.doubleclick.net https://static.apester.com https://*.doubleclick.net https://*.thegioididong.com https://*.facebook.com https://*.google.com https://youtube.com https://*.youtube.com https://twitter.com https://*.twitter.com https://vars.hotjar.com/; media-src 'self' https://*.tgdd.vn https://*.thegioididong.com; connect-src 'self' https://stats.g.doubleclick.net https://vc.hotjar.io https://in.hotjar.com https://sample-api-v2.crazyegg.com https://tracking.crazyegg.com https://www.facebook.com wss://socket.24live.co wss://connect.24liveplus.com https://stats.qmerce.com https://api.mixpanel.com https://*.twitter.com https://renderer.qmerce.com https://*.apester.com https://display.apester.com https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.thegioididong.com wss://*.dienmayxanh.com wss://*.thegioididong.com; object-src 'self'; report-uri /lien-he/ 2
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; frame-ancestors 'none'; 2
frame-ancestors vidiq-marketing-cms.now.sh vidiq-marketing-cms-git-dev.vidiq.now.sh vidiq-marketing-cms-git-staging.vidiq.now.sh vitals.vercel-analytics.com localhost:3333 2
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2
frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 2
frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 2
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https:; upgrade-insecure-requests; 2
child-src *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.facebook.com *.google.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.twitter.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.zmags.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com;    connect-src 'self' wss: *.accmats.com *.bronto.com:* *.brontops.com:* *.coremetrics.com ctiapi.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.livelook.com *.pinterest.com *.rollbar.com *.twitter.com *.paypalobjects.com *.paypal.com *.smartystreets.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.atechmotorsports.com *.zmags.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com *.narvar.com;      font-src 'self' data: *.accmats.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com *.typekit.net *.buttercms.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com;      frame-src 'self' *.cardinalcommerce.com *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.doubleclick.net *.dxengineering.com *.facebook.com *.facebook.net funcaptcha.com *.google.com *.googleadservices.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.summitracing.com *.atechmotorsports.com *.summit.network *.twitter.com *.pinterest.com *.paypalobjects.com *.paypal.com *.zscalerthree.net *.youtube.com *.hotjar.com *.hotjar.io *.zmags.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com;      img-src 'self' data: blob: *.abmr.net *.accmats.com *.amazonaws.com *.atechmotorsports.com *.bazaarvoice.com *.bbb.org *.bing.com *.bronto.com *.bron.to *.caltrend.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.doubleclick.net *.dxengineering.com *.facebook.com *.genuinehotrod.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com jwpltx.com *.mathtag.com *.micpn.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.powersportsplace.com *.upsrow.com *.rnengage.com *.summitracing.com *.atechmotorsports.com *.trickflow.com *.twitter.com *.youtube.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net *.summit.network *.buttercms.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com *.narvar.com *.ctfassets.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accmats.com *.adtag.where.com ajax.googleapis.com *.bing.com *.bronto.com *.caltrend.com *.channeladvisor.com *.cloudflare.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.facebook.net funcaptcha.com *.funcaptcha.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com googleads.g.doubleclick.net *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.iesnare.com *.jquery.com *.jwpcdn.com *.livelook.com *.micpn.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.rightnowtech.com *.rnengage.com *.smartystreets.com *.summit.network *.summitracing.com *.atechmotorsports.com *.twitter.com *.certona.net *.res-x.com *.riskified.com *.certcapture.com *.zscalerthree.net *.hotjar.com *.hotjar.io *.zmags.com *.youtube.com *.ytimg.com *.akamaihd.net *.atgsvcs.com  *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com *.rollbar.com *.vantivprelive.com *.vantivcnp.com;       style-src 'self' 'unsafe-inline' *.accmats.com *.bronto.com *.caltrend.com cdn.materialdesignicons.com ctiapi.com *.custhelp.com *.livelook.com *.oraclecloud.com *.certcapture.com *.gstatic.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net *.typekit.net *.buttercms.com *.atgsvcs.com *.static.atgsvcs.com *.rules.atgsvcs.com *.estara.com *.os.atg.com; 2
frame-ancestors 'self' https://autresiteclientdiframe.com 2
frame-ancestors 'none'; connect-src 'self' *.google-analytics.com *.stripe.com *.braintreegateway.com *.braintree-api.com *.exploretock.com *.fullstory.com *.facebook.com api.rollbar.com *.doubleclick.net www.google.com  *.podium.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.stripe.com *.braintreegateway.com *.chase.com *.exploretock.com connect.facebook.net *.fullstory.com www.googleadservices.com api.rollbar.com optimize.google.com maps.googleapis.com  *.podium.com static.cloudflareinsights.com; img-src 'self' blob: data: *.exploretock.com *.stripe.com *.braintreegateway.com *.facebook.com *.fbsbx.com *.gravatar.com i0.wp.com i1.wp.com *.google.com *.googleapis.com *.googleusercontent.com www.google-analytics.com www.gstatic.com maps.gstatic.com *.doubleclick.net *.googletagmanager.com; child-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com www.facebook.com optimize.google.com; frame-src 'self' *.exploretock.com *.stripe.com *.braintreegateway.com *.chase.com www.facebook.com optimize.google.com connect.facebook.net www.google.com *.kaptcha.com; 2
frame-ancestors 'self' zooniverse.org *.zooniverse.org 2
default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * ; frame-src 'self' * ; object-src 'self' 2
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com; font-src 'self' data: *.kinstacdn.com fonts.gstatic.com *.slidesharecdn.com; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self'; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.marketo.com *.marketo.net *.cookiebot.com html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com px.ads.linkedin.com googleads.g.doubleclick.net www.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net *.cookiebot.com static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com fonts.googleapis.com *.marketo.com *.marketo.net; worker-src 'self' blob:; 2
frame-ancestors 'self' https://*.clio.com https://cliocloudconference.com https://events1.social27.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.utsouthwestern.edu https://tagmanager.google.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.utsouthwestern.edu *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.utsouthwestern.edu https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2
default-src 'self' https:; object-src 'self'; frame-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com disqus.com; child-src 'self' *.kvk.nl channel.me www.youtube.com cloud.reflexappointment.nl iwelcome.sso.eherkenning.nl ehm01.iwelcome.nl opendata.ondernemersplein.nl www.googletagmanager.com *.hotjar.com https://miloo.nl wss://miloo.nl *.mopinion.com *.soundcloud.com *.youtube-nocookie.com *.disqus.com; style-src 'self' 'unsafe-inline' *.kvk.nl s3.amazonaws.com tagmanager.google.com translate.googleapis.com *.mopinion.com https://fonts.googleapis.com *.abtasty.com *.disqus.com *.disquscdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kvk.nl blob: bat.bing.com *.nowinteract.com www.youtube.com s.ytimg.com channel.me cloudstatic.obi4wan.com *.hotjar.com www.google-analytics.com www.googletagmanager.com cdn-assets-prod.s3.amazonaws.com tagmanager.google.com *.mopinion.com https://miloo.nl wss://miloo.nl *.abtasty.com *.disqus.com *.disquscdn.com; img-src 'self' *.kvk.nl blob: data: tr3.onlinesucces.nl www.ondernemersplein.nl bat.bing.com https://www.gstatic.com/images/branding/product/2x/translate_24dp.png www.google-analytics.com www.googletagmanager.com https://miloo.nl wss://miloo.nl *.abtasty.com *.cloudfront.com *.mopinion.com *.disqus.com *.disquscdn.com; font-src 'self' blob: data: *.kvk.nl http://fonts.gstatic.com https://fonts.gstatic.com static.hotjar.com *.mopinion.com *.abtasty.com *.disqus.com; connect-src 'self' *.kvk.nl wss://*.kvk.nl opendata.ondernemersplein.nl *.nowinteract.com translate.googleapis.com bots.obi4wan.com app.obi4wan.ai *.hotjar.com wss://*.hotjar.com www.google-analytics.com script.google.com https://miloo.nl wss://miloo.nl *.mopinion.com col.eum-appdynamics.com *.abtasty.com sentry.io *.disqus.com; frame-ancestors 'self' https://*.kvk.nl transmision.invitado.nl www.kvk-live.nl registratie.kvk-live.nl; base-uri 'self' *.kvk.nl; 2
frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/; 2
frame-ancestors 'self' *.bnc.ca *.nbc.ca; 2
frame-ancestors 'self' *.kanopystreaming.com *.kanopy.com 2
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com; block-all-mixed-content 2
default-src 'self' *.ing.pl ping-prod.ext.e-point.pl *.e-point.pl *.adocean.pl https://optimize.google.com *.ingbank.pl https://ing.pl; font-src 'self' *.googleapis.com *.ingbank.pl data: themes.googleusercontent.com *.gstatic.com tagmanager.google.com *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com https://optimize.google.com *.e-point.pl https://ing.pl; style-src 'self' 'unsafe-inline' code.jquery.com *.googleapis.com *.ingbank.pl https://optimize.google.com *.e-point.pl https://www.gstatic.com s.ytimg.com https://www.ytimg.com *.ing.pl www.google.com ping-prod.ext.e-point.pl https://platform.twitter.com www.googletagmanager.com *.gstatic.com tagmanager.google.com https://syndication.twitter.com https://ton.twimg.com https://ing.pl; img-src 'self' data: *.ggpht.com *.adocean.pl *.e-point.pl traffic.tgdaudience.com www.google.pl https://optimize.google.com https://syndication.twitter.com clients1.google.com tagmanager.google.com *.gstatic.com *.domy.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com www.google.com *.glosdlafirm.pl ping-prod.ext.e-point.pl *.ing.pl apollo-ireland.akamaized.net *.googleusercontent.com https://img.youtube.com https://galeria.domiporta.pl ingbankslaski.d3.sc.omtrdc.net *.twimg.com *.ingbank.pl img01-olxpl.akamaized.net *.hit.gemius.pl *.googleapis.com *.google-analytics.com https://www.i1.ytimg.com *.doubleclick.net ingbankslaski.d2.sc.omtrdc.net *.staticdomy.com.pl *.staticmorizon.com.pl *.staticoferty.net.pl https://adocean-pl.hit.gemius.pl https://ireland.apollo.olxcdn.com https://ing.pl adocean-pl.hit.gemius.pl content.ing.pl https://d-gr.cdngr.pl d-gr.cdngr.pl; frame-src 'self' *.tradedoubler.com https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl *.ing.pl www.googletagmanager.com *.demdex.net https://platform.twitter.com https://www.youtube.com https://optimize.google.com traffic.tgdaudience.com *.e-point.pl *.hit.gemius.pl ferryt-u.pl.ing-ad *.ingbank.pl *.doubleclick.net https://ing.webnotarius.pl https://ing.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hit.gemius.pl *.googleapis.com https://www.fbstatic-a.akamaihd.net *.ingbank.pl *.doubleclick.net code.jquery.com assets.adobedtm.com *.google-analytics.com ingbankslaski.d3.sc.omtrdc.net https://www.oauth.googleusercontent.com cdn.tgdaudience.com https://cdn.syndication.twimg.com *.gstatic.com tagmanager.google.com https://syndication.twitter.com www.google.com ping-prod.ext.e-point.pl https://www.apis.google.com *.ing.pl *.demdex.net www.googletagmanager.com https://platform.twitter.com s.ytimg.com https://www.youtube.com https://optimize.google.com www.googleadservices.com *.e-point.pl https://www.gstatic.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net https://ton.twimg.com https://ireland.apollo.olxcdn.com https://ing.pl; object-src 'self' *.ingbank.pl *.ing.pl ping-prod.ext.e-point.pl www.googletagmanager.com *.e-point.pl https://ing.pl; connect-src 'self' traffic.tgdaudience.com *.e-point.pl *.adocean.pl *.demdex.net www.googletagmanager.com *.ing.pl ping-prod.ext.e-point.pl wss://*.twilio.com https://syndication.twitter.com ingbankslaski.d3.sc.omtrdc.net *.google-analytics.com https://*.twilio.com *.doubleclick.net *.ingbank.pl *.hit.gemius.pl ingbankslaski.d2.sc.omtrdc.net https://ing.pl; frame-ancestors 'self' *.ingbank.pl ping-prod.ext.e-point.pl *.ing.pl *.demdex.net www.googletagmanager.com *.e-point.pl; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://w.soundcloud.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.vimeo.com https://vimeo.com/api/oembed.json https://ajax.cloudflare.com https://player.vimeo.com https://static.oktopost.com/oktrk.js https://okt.to https://crmemails.ogilvy.com https://secure.link5view.com https://tag.demandbase.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://static.addtoany.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://okt.to https://stats.g.doubleclick.net https://www.google.com https://www.google.co.in https://secure.link5view.com https://crmemails.ogilvy.com https://match.prod.bidr.io https://segments.company-target.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://static.addtoany.com; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com https://tagmanager.google.com data:; connect-src 'self' https://www.google-analytics.com https://bam.nr-data.net https://api.company-target.com https://stats.g.doubleclick.net; report-uri /report-csp-violation 2
frame-ancestors 'self' https://*.yandex.ru https://yastatic.net http://*.webvisor.com http://webvisor.com; 2
default-src 'unsafe-inline' https:; img-src data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'self' https://www.20min.ch https://*.unitycms.io; 2
frame-ancestors 'self' https://teams.microsoft.com https://teams.microsoft.us https://local.teams.office.com https://int.teams.microsoft.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms; report-uri /cspreport 2
frame-ancestors https://*.aok.de https://*.dev.queo-group.com https://*.dev.queo.org localhost https://*.ddev.site; 2
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com  www.youtube.com ; style-src 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src https: 'self' data:; img-src https: 'self' data:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.raxcdn.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://flockler.embed.codes/62wAnK *.gstatic.com *.flockler.com *.pinterest.com *.addtoany.com *.paypal.com *.ytimg.com *.youtube.com www.googleadservices.com *.googletagmanager.com *.google.com *.gstatic.com www.snta0034.com *.rnib.org.uk *.paypalobjects.com collector-1065.tvsquared.com app.vwo.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com *.google-analytics.com ajax.googleapis.com *.hotjar.com *.hotjar.io *.bing.com; style-src 'self' 'unsafe-inline' *.rnib.org.uk https://tagmanager.google.com https://fonts.googleapis.com app.vwo.com fonts.googleapis.com *.flockler.com; img-src 'self' data: *.cloudfyprod.com *.rackcdn.com *.cdninstagram.com *.google.co.uk *.google.com *.instagram.com *.pinterest.com *.rnib.org.uk *.paypalobjects.com https://ssl.gstatic.com https://www.gstatic.com *.paypal.com collector-1065.tvsquared.com maps.googleapis.com *.googletagmanager.com maps.gstatic.com csi.gstatic.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net dev.visualwebsiteoptimizer.com *.hotjar.com *.hotjar.io *.bing.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk; font-src 'self' data: app.vwo.com *.rnib.org.uk *.rnib.panlogic.co.uk fonts.gstatic.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.pinterest.com *.addtoany.com google.com *.google.com *.paypal.com app.vwo.com youtube.com *.youtube.com *.hotjar.com *.hotjar.io; upgrade-insecure-requests; report-uri https://report-uri.io/report/37d691f11ddee70a60a651059fdfc1dc; connect-src 'self' www.google-analytics.com *.paypal.com dev.visualwebsiteoptimizer.com bam.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com 2
default-src 'self' http://localhost:* https://*.supercharge-srp.co https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; prefetch-src http://tpc.googlesyndication.com https://tpc.googlesyndication.com http://securepubads.g.doubleclick.net https://securepubads.g.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://web.sol-data.com http://localhost:* https://*.jobsdb.com/ https://*.supercharge-srp.co https://*.hotjar.com/ https://unpkg.com/ https://polyfill.io/ https://cdnjs.cloudflare.com https://cdn.ravenjs.com https://widget.intercom.io http://www.googletagservices.com https://www.googletagservices.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://adservice.google.com https://securepubads.g.doubleclick.net http://tpc.googlesyndication.com https://tpc.googlesyndication.com https://adservice.google.com.au https://adservice.google.com.hk https://adservice.google.com.sg https://js.intercomcdn.com http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.branch.io/ https://app.link/ https://www.google-analytics.com http://tags.tiqcdn.com https://tags.tiqcdn.com https://www.youtube.com https://s.ytimg.com https://*.useinsider.com; style-src 'unsafe-inline' 'self' http://localhost:* https://*.jobsdb.com/ https://*.supercharge-srp.co https://fonts.googleapis.com/ https://tagmanager.google.com https://*.useinsider.com; img-src * data:; font-src 'self' https://*.jobsdb.com https://*.supercharge-srp.co https://fonts.gstatic.com/ https://static.hotjar.com/ https://js.intercomcdn.com data:; connect-src 'self' https://www.seek.com.au/ http://www.seek.com.au.staging/ http://candidate-graphql-api-candy-shared-dev-active.ap-southeast-2.elasticbeanstalk.com/ http://localhost:* ws://localhost:* https://*.sol-data.com https://*.supercharge-srp.co:8080/ https://*.jobsdb.com/ https://*.jobstreet.com/ http://*.supercharge-srp.co https://*.supercharge-srp.co https://*.hotjar.com:*/ https://*.elasticbeanstalk.com:8080/ ws://*.hotjar.com/ wss://*.hotjar.com/ https://*.intercom.io wss://*.intercom.io https://securepubads.g.doubleclick.net https://csi.gstatic.com https://api2.branch.io/ https://app.link/ https://pagead2.googlesyndication.com https://*.useinsider.com; frame-src https://vars.hotjar.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://staticxx.facebook.com https://www.youtube.com https://*.useinsider.com 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src * blob:; connect-src https: wss:; font-src https: data:; frame-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 2
default-src 'self' 'unsafe-inline' *.bzga.de *.creativecommons.org https://www.youtube-nocookie.com data:; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com 2
default-src 'self' data: https://internalgogdemo.terracycle.com https://fonts.gstatic.com/ https://use.typekit.net/ https://d3c39yxulteaif.cloudfront.net/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/js/mcfx/2794 https://cdn.leadmanagerfx.com/phone/js/2794 https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://script.hotjar.com/ https://secure.wufoo.com/scripts/embed/form.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ssl.google-analytics.com/ga.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.google.com/recaptcha/ https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://www.wufoo.com/scripts/embed/form.js https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://syndication.twitter.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://assets.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/; img-src 'self' https://internalgogdemo.terracycle.com https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com/gog-prod/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/maps/vt https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://px.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://t.co/ https://www.facebook.com/tr/ https://www.google-analytics.com/collect https://www.google-analytics.com/r/ https://www.googletagmanager.com www.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://d3c39yxulteaif.cloudfront.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://ipapi.co/json https://maps.googleapis.com/maps/api/geocode/json https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/2794 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information; plugin-types application/pdf application/xml 2
frame-ancestors https://www.enel.it https://enelpremia.enel.it https://*.force.com  https://*.salesforce.com https://*.visualforce.com 2
default-src 'self'; img-src * data:; media-src * blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * data:; frame-src *; connect-src * 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.ldlc.com api.userlike.com *.googleapis.com www.googletagmanager.com *.gstatic.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net *.hotjar.com *.hotjar.io connect.facebook.net www.google-analytics.com www.googlecommerce.com aswpapieu.com aswpsdkeu.com static.doubleclick.net stats.g.doubleclick.net *.groupe-ldlc.com *.google.com *.google.fr www.facebook.com www.gstatic.com *.googleapis.com www.youtube.com mpshare.iesname.com 2
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us https://d17o6on0vd932d.cloudfront.net blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: about: https://ruanshi2.8686c.com https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://d2b9h3rz4xo53c.cloudfront.net https://d24cgw3uvb9a9h.cloudfront.net https://googleads.g.doubleclick.net https://pi.pardot.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://static.zoom.com.cn https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/* https://optimize.google.com https://tagmanager.google.com https://www.gstatic.com/recaptcha/releases/ https://www.gstatic.cn/recaptcha/releases/ https://google.com https://docs.google.com https://cse.google.com https://maps.google.com https://www.google.com https://www.recaptcha.net https://linkedin.com https://platform.linkedin.com https://px.ads.linkedin.com https://ads.linkedin.com https://www.youtube.com https://d17o6on0vd932d.cloudfront.net https://www.gstatic.com https://www.gstatic.cn https://fonts.googleapis.com https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.hotjar.com https://*.zoom.us https://*.zoomcloudpbx.com https://*.zoomus.cn https://*.zopim.com https://adroll.com https://zoom.us https://apis.google.com https://gstatic.zoom.com.cn 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';frame-ancestors 'self' *.zoomcloud.cn; 2
upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' https://iframe.elimparcial.com *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com  *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.indexww.com *.facebook.net *.giphy.com *.memeate.com *.windy.com iframe.enelradar.com *.taboola.com *.liveleak.com *.pinterest.com *.lkqd.net *.wcnc.com; report-uri https://imparcial.report-uri.com/r/d/csp/enforce 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com 2
frame-src 'self' https://www.google.com *.youtube.com https://*.hubspot.com https://www.facebook.com https://s-static.ak.facebook.com https://js.hs-scripts.com https://js.usemessages.com https://js.hscollectedforms.net https://www.snigel.com https://maps.googleapis.com; connect-src 'self' *.snigelweb.com https://*.hubspot.com https://www.google-analytics.com  https://www.google.com https://www.gstatic.com; font-src 'self' *.snigelweb.com https://fonts.gstatic.com https://themes.googleusercontent.com https://snigel.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net  https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://js.hs-banner.com *.snigelweb.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.google-analytics.com https://js.usemessages.com https://ssl.google-analytics.com https://js.hs-scripts.com https://www.googletagmanager.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' * *.google.com *.snigelweb.com https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com https://forms.hsforms.com https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://snigel.com https://www.googletagmanager.com https://*.hubspot.com https://www.google-analytics.com data:; media-src 'self' *.youtube.com *.snigelweb.com; object-src 'self'; form-action 'self' *.snigelweb.com https://*.hubspot.com https://forms.hsforms.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://js.hs-banner.com *.snigelweb.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.google-analytics.com https://js.usemessages.com https://ssl.google-analytics.com https://js.hs-scripts.com https://www.googletagmanager.com https://connect.facebook.net https://maps.gstatic.com https://i.ytimg.com https://forms.hsforms.com https://secure.gravatar.com https://s-static.ak.facebook.com https://snigel.com https://*.hubspot.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com data: 2
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de; img-src 'self' *.zoll.de zoll.de *.itzbund.de sg.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de sg.geodatenzentrum.de *.openstreetmap.de 2
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 2
frame-ancestors secure.livechatinc.com www.youtube.com www.google.com 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.google.com *.bootstrapcdn.com *.facebook.net *.tctm.co *.clickdimensions.com *.googleadservices.com *.doubleclick.net *.trustarc.com globalstar.clarip.com *.addthis.com *.addthisedge.com *.bizographics.com *.linkedin.com unpkg.com rawgit.com *.gstatic.com *.avmws.com *.incontact.com jira.globalstar.com *.licdn.com *.zoominfo.com *.xg4ken.com 2
default-src 'self' www.google-analytics.com; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com florenceva.blob.core.windows.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.epic.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src www.google-analytics.com i.ytimg.com www.epic.com www-dev.epic.com ehrn.org ehrnprd.blob.core.windows.net 'self' data:; frame-src 'self' https://www.youtube.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2
report-uri / 2
frame-ancestors https://metropcs.mobi https://www.metropcs.mobi https://*.metrobyt-mobile.com https://metropcs.mobileposse.com/; 2
frame-ancestors https://la.utexas.edu https://www.la.utexas.edu https://learn.stanford.edu https://idss.mit.edu https://www.mygreatlearning.com https://www.greatlearning.in https://detectify.com 2
frame-ancestors 'self' https://bob.santanderbank.com https://shdwbob.santanderbank.com https://rolb.santanderbank.com https://shdwrolb.santanderbank.com https://einsteincrm.sov.gs.corp https://shdweinsteincrm.sov.gs.corp http://bkoffice.sov.gs.corp http://shdwbkoffice.sov.gs.corp; 2
default-src 'none'; connect-src 'self' data: https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' http://nouw.com *.facebook.com *.facebook.net https://secure.payer.se; frame-ancestors 'self' http://frame.bloglovin.com; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src *; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self'; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com *.facebook.com *.facebook.net https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com activitymap.adobe.com; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de service.force.com activitymap.adobe.com *.omniture.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com 2
frame-ancestors *.ooredoo.qa 2
frame-ancestors self https://*.chaosgroup.com https://secure.avangate.com https://secure.2checkout.com 2
default-src data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 2
frame-ancestors 'self' *.sber.ru 2
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 2
font-src 'self' *.fandangonow.com *.fandango.com data: *.mgo-images.com; object-src *.visa.com data:; script-src 'self' *.fandangonow.com *.fandango.com 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.fandangonow.com *.fandango.com data: 'unsafe-inline' * 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.mohw.gov.tw *.highcharts.com *.googletagmanager.com www.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.com.tw *.facebook.com *.facebook.net *.youtube.com youtu.be;frame-ancestors 'none'; 2
frame-ancestors 'self' admin.truelocal.com.au 2
default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tutanota.com https://api.github.com https://www.reddit.com https://mail.tutanota.com; 2
default-src  'self' ; connect-src    *;  worker-src    * data: blob: *.transparent.com *.transparent.local *.s3.amazonaws.com;  font-src   * data: blob: 'unsafe-inline';  frame-src   'self' *.transparent.com *.transparent.local *.whichisenglish.transparent.com *.testwie.transparent.com *.s3.amazonaws.com *.amazon.com *.google.com *.appcues.com *.apple.com *.byki.com *.rbdigital.com *.rbdigitalstage.com *.vimeo.com *.youtube.com *.fastspring.com *.onfastspring.com *.hubspot.com *.facebook.com *.twitter.com *.taleo.net *.addthis.com *.hsforms.com *.iorad.com *.typeform.com *.wistia.net *.oncehub.com *.wistia.com data: blob: mailto: --bridge-loaded-- bridge-loaded --wvjb-queue-message-- wvjb-queue-message 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  manifest-src   'self' *.transparent.com *.transparent.local *.s3.amazonaws.com 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.91;  img-src    * data: blob:;  media-src    * data: blob:;  object-src    * data: blob:;  script-src    * 'unsafe-inline' 'unsafe-eval';  style-src    * 'unsafe-inline';  2
default-src 'self' https://*.jsdelivr.net https://wp-themes.com https://*.cloudflare.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src  'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'  2
frame-ancestors https://*.uwhealth.org https://*.uwhealthkids.org https://*.med.wisc.edu https://*.uwhealth.wisc.edu 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn okings.jp.airnewzealand.com flightbookings.airnewzealand.co.jp koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com chat-prod-ap-southeast-2.s3.amazonaws.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' ; frame-src 'self' www.google.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz hotels.airnewzealand.co.nz; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz chat-prod-ap-southeast-2.s3.amazonaws.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com muscula.herokuapp.com; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 2
default-src 'self' *.uast.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://www.aparat.com http://info.uast.ac.ir/searchreshte/defaultm.aspx; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://www.aparat.com http://info.uast.ac.ir/searchreshte/defaultm.aspx; frame-ancestors 'self' https://trustseal.enamad.ir 2
frame-ancestors https://www.niagahoster.co.id/ https://panel.niagahoster.co.id/ 2
default-src 'self' blob:; img-src 'self' *.nextiveo.com *.maropost.com platform-api.sharethis.com *.livehelpnow.net *.pcdn.co *.sharethis.com  *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.amazonaws.com *.gstatic.com *.cloudfront.net *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.nstitan.com mecdb.myecheck.com www1.myecheck.com  *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com www.google-analytics.com stats.g.doubleclick.net www.google.com data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com maps.googleapis.com optimize.google.com cdn-dev.flptitan.com blob: *.flptitan.com *.foreverliving.com *.s3.us-east-1.amazonaws.com *.googleapis.com *.ppipe.net *.nextsphere.com *.nstitan.com *.oppwa.com *.flptitanqa.com mecdb.myecheck.com www1.myecheck.com oppwa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com *.google-analytics.com stats.g.doubleclick.net www.google.com *.clicktale.net data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com *.facebook.com *.googletagmanager.com maps.googleapis.com optimize.google.com *.boxcloud.com; script-src 'self' *.nextiveo.com *.userlike.com *.boxcdn.net *.boxcloud.com *.box.com *.cloudfront.net *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com platform-api.sharethis.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io  *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com  *.s3-us-west-2.amazonaws.com mecdb.myecheck.com www1.myecheck.com *.googleapis.com *.flptitanqa.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com  *.s3.amazonaws.com  *.nextsphere.com *.nstitan.com optimize.google.com www.googletagmanager.com *.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com test.oppwa.com maxcdn.bootstrapcdn.com  *.ppipe.net *.facebook.net *.authorize.net www.youtube.com *.oppwa.com *.s3-us-west-2.amazonaws.com mecdb.myecheck.com www1.myecheck.com oppwa.com acaptureservices.com test.oppwa.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.nextiveo.com *.livehelpnow.net *.clicktale.net *.chargebee.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.nstitan.com *.oppwa.com mecdb.myecheck.com *.flptitanqa.com www1.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com optimize.google.com tagmanager.google.com fonts.googleapis.com cdnjs.cloudflare.com oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com *.boxcdn.net 'unsafe-inline'; font-src 'self' *.nextiveo.com *.boxcdn.net *.box.com *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net www1.myecheck.com  flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social mecdb.myecheck.com *.bootstrapcdn.com *.nstitan.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' *.nextiveo.com *.box.com *.boxcloud.com api.ipify.org platform-api.sharethis.com *.livehelpnow.net *.consensu.org *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net *.nextsphere.com  *.ppipe.net vimeo.com *.authorize.net  mecdb.myecheck.com *.oppwa.com www1.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.nstitan.com  s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com *.flptitanqa.com oppwa.com *.google-analytics.com *.google.co.in; media-src 'self' *.nextiveo.com *.flptitan.com *.youtube.com *.youtu.be *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com *.amazonaws.com blob:; frame-src 'self' *.ngenius-payments.com *.facebook.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.nextiveo.com platform-api.sharethis.com  *.sharethis.com *.mgr.consensu.org  walls.io player.vimeo.com *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.nextsphere.com *.worldpay.com *.nextsphere.com  vimeo.com *.oppwa.com mecdb.myecheck.com www1.myecheck.com *.nstitan.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.boxcloud.com *.flpi.com optimize.google.com *.vimeo.com oppwa.com optimize.google.com; frame-ancestors 'self' *.nextiveo.com *.socialsales.io socialsales.io foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com flptitanqa.com *.flptitanqa.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.chargebee.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.uhhospitals.org *.typekit.net *.uhhospitals.org *.siteimproveanalytics.com siteimproveanalytics.com *.bing.com *.youtube.com *.invoca.net s.ytimg.com *.ytimg.com *.facebook.net *.invocacdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.facebook.com *.siteimproveanalytics.io *.doubleclick.net *.gstatic.com *.w3.com *.podbean.com *.ads-twitter.com *.twitter.com *.t.co t.co *.alphonso.tv *.calculatestuff.com calculatestuff.com doubleclick.net *.selfcare.info selfcare.info *.digitalmedia.hhs.gov api.digitalmedia.hhs.gov *.appcatalyst.com appcatalyst.com *.staywellsolutionsonline.com staywellsolutionsonline.com *.hhs.gov *.livestream.com livestream.com *.issuu.com issuu.com *.isu.pub isu.pub *.w3.org w3.org *.quantserve.com quantserve.com *.boxcloud.com boxcloud.com *.box.com box.com 2
frame-ancestors 'self' http://*.gobdigital.gba.gob.ar  https://*.gobdigital.gba.gob.ar; 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org connect.facebook.net *.g.doubleclick.net *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.taboola.com *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.pinterest.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.taboola.com *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
default-src 'self' * 'unsafe-eval' 'unsafe-inline' data: filesystem: blob:; object-src *.cloudfront.net; 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.investis.com *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com *.eqs.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com; connect-src 'self' data: ws: blob: *.googleadservices.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com; 2
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com media.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2
script-src 'unsafe-inline' 'unsafe-eval' * 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' jira.reactos.org www.google.com www.gstatic.com; img-src 'self' data:; 2
default-src c.wgr.de 'self'; script-src c.wgr.de https://track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de https://track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de https://track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://secure.schulbuchzentrum-online.de https://track.westermann.de http://www.econda-monitor.de 'self'; report-uri /backend/csp 2
default-src 'self' blob: data: 'unsafe-inline' *.gstatic.com embedr.flickr.com widgets.flickr.com; img-src 'self' blob: data: 'unsafe-inline' placehold.it *.iscte-iul.pt iscte-iul.pt *.googleapis.com *.gstatic.com *.google-analytics.com www.google.com www.google.pt www.linkedin.com stats.g.doubleclick.net ciencia.iscte-iul.pt px.ads.linkedin.com www.facebook.com live.staticflickr.com *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.clarity.ms *.googleapis.com *.google-analytics.com www.gstatic.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com www.facebook.com embedr.flickr.com widgets.flickr.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; connect-src 'self' *.google-analytics.com *.clarity.ms embedr.flickr.com; frame-src 'self' *.google.com *.soundcloud.com www.youtube.com youtu.be https://sketchfab.com player.vimeo.com https://www.strava.com https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com *.gstatic.com 2
default-src 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; font-src 'self' www.google-analytics.com fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' www.google-analytics.com stats.g.doubleclick.net fonts.googleapis.com fonts.gstatic.com data:; script-src 'self' www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.google-analytics.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' blob:;default-src 'self';object-src 'self';img-src data: https: 'self' *.better.com images.ctfassets.net heapanalytics.com 'unsafe-inline';style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com assets.braintreegateway.com *.better.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com media.better.com data:;media-src media.better.com 'self' chat-assets.frontapp.com https://player.vimeo.com https:;connect-src wss://*.pusher.com *.pusherapp.com https: 'self';frame-ancestors 'self' https://mobile2.accountchek.net https://borrower.accountchek.com https://web.pointserv.com https://flex.twilio.com;frame-src https://*.hellosign.com https://accounts.google.com https://assets.braintreegateway.com https://cdn.plaid.com https://useast1.pcipal.cloud/ bid.g.doubleclick.net dntcl.qualaroo.com insight.adsrvr.org match.adsrvr.org player.vimeo.com www.google.com 'self' https:;report-uri https://bettermg.report-uri.com/r/d/csp/enforce; 2
default-src https: 'unsafe-inline'; frame-ancestors https:; object-src 'none'; script-src https: 'unsafe-inline' 2
frame-ancestors 'self' *.antena3.com *.lasexta.com *.atresmedia.com *.ondacero.es *.europafm.com *.melodia-fm.com 2
script-src 'self' 'unsafe-inline' https://js.stripe.com; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 2
default-src https:; font-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; worker-src blob:; style-src https: 'unsafe-inline'; img-src https: data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dc-mkt-prod.cloud.bosch.tech dc-ncj-portal.qa.dxf.bosch.tech tags.tiqcdn.com www.youtube.com player.vimeo.com s.ytimg.com statse.webtrendslive.com www.google-analytics.com visitor-service-eu-central-1.tealiumiq.com apps.boschrexroth.com *.monetate.net *.livechatinc.com *.qualtrics.com *.hs-scripts.com *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net js.hsforms.net forms.hsforms.com snap.licdn.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net 2
frame-ancestors 'self'; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; report-to https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/enforce; 2
default-src none gosbar.gosuslugi.ru gosmonitor.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' lofficielmode.ru voltajs.org piwik-gosbar.gosuslugi.ru yastatic.net gosmonitor.ru mc.yandex.ru api-maps.yandex.ru gosbar.gosuslugi.ru stat.sputnik.ru piwik.nsign.ru; connect-src 'self' gosbar.gosuslugi.ru mc.yandex.ru stat.sputnik.ru gosmonitor.ru; img-src 'self' data: www.rosmintrud.ru piwik-gosbar.gosuslugi.ru api-maps.yandex.ru *.maps.yandex.net stat.sputnik.ru mc.yandex.ru piwik.nsign.ru cnt.sputnik.ru gosmonitor.ru; style-src 'self' 'unsafe-inline' gosbar.gosuslugi.ru gosmonitor.ru; font-src 'self' gosbar.gosuslugi.ru gosmonitor.ru; media-src 'self' static.rosmintrud.ru gosmonitor.ru; frame-src *; 2
object-src 'self' *; 2
frame-ancestors 'self' https://us-sunset-public.prd.invesco.net; 2
default-src https:; style-src 'self' 'unsafe-inline'; script-src https: 'unsafe-inline'; object-src 'none' 2
script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com https://*.stream.cz https://*.televizeseznam.cz; report-uri /cspreport; 2
default-src 'self';frame-ancestors 'none';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.google.com http://mackeeper.com https://mackeeper.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 2
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; object-src *; frame-ancestors 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://tagmanager.google.com https://cdn1.affirm.com https://fonts.googleaps.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://vjs.zencdn.net http://vjs.zencdn.net https://*.inside-graph.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleaps.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.inside-graph.com data:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.inside-graph.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: 2
upgrade-insecure-requests; connect-src * https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net https://code.jquery.com https://stat.sputnik.ru https://gosmonitor.ru https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://tcr.tynt.com https://sc.tynt.com https://de.tynt.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://api-public.addthis.com https://vk.com https://www.odnoklassniki.ru https://connect.ok.ru; style-src 'self' 'unsafe-inline' https://gosmonitor.ru https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://stat.sputnik.ru https://mc.yandex.ru https://release-datatron.minfin.ru; frame-src 'self' https://gosmonitor.ru https://skad.minfin.ru https://skadapptest.minfin.ru https://historylib.minfin.ru https://api-maps.yandex.ru https://www.youtube.com https://s7.addthis.com https://www.ntv.ru; img-src 'self' data: https://stat.sputnik.ru https://gosmonitor.ru https://www.google-analytics.com https://stats.g.doubleclick.net https://ic.tynt.com https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net; 2
frame-ancestors https://*.zscalertwo.net *.sick.com *.sickcn.net *.sickcn.com; 2
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ 2
frame-ancestors https://*.tigo.com.bo https://www.tigo.com.co https://www.tigo.cr https://residencial.tigo.com.hn https://www.tigo.com.ni; 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' zona: http://install.zonastat.com https://dl.appzona.org http://vk.com https://vk.com https://login.vk.com http://tools.bongacams.com https://cdn-static-secure.liverail.com http://skycdnhost.com https://skycdnhost.com http://tvmir.ru http://out.pladform.ru http://*.24video.com *.24video.net *.24video.cc *.24video.me *.24videos.me *.24video.xxx 24video.ws *.24video.xxx:8080 *.24video.sex;img-src * data:;media-src * blob:;font-src * data:;object-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com http://skycdnhost.com https://skycdnhost.com https://vk.com http://vk.com http://zona.ru js-agent.newrelic.com https://bam.nr-data.net http://bam.nr-data.net c1.onedmp.com tools.runetki.co www.24video.com www.24video.net www.24video.cc www.24video.me www.24videos.me *.24video.xxx https://upload.24v.tv http://upload.24video.adult http://sibvic.ru http://tarkita.ru http://darangi.ru http://ictowaz.ru http://stat.php-d.com http://startstat.ru http://cdn-static.liverail.com livestatisc.com andwronsit.ru cdn7.rocks hgbn.rocks hgbn.rocks cdn7.rocks 2f9ffee6ab81a74.com 580fc2d73fdf67d.com mc.yandex.ru yastatic.net;child-src 'self' blob: 2
frame-ancestors *.dowjones.net *.fnlondon.com *.efinancialnews.com *.onservo.com 2
default-src 'self' https://trillian.cachefly.net https://static.olark.com; script-src 'self' https://trillian.cachefly.net https://*.olark.com https://www.google-analytics.com https://ct.capterra.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-banner.com; style-src 'self' https://trillian.cachefly.net https://static.olark.com 'unsafe-inline'; object-src 'none'; base-uri 'none'; connect-src 'self' https:; media-src 'self' https:; img-src 'self' http: https: data:; 2
default-src 'none'; connect-src https://hqiem7393d.execute-api.us-west-2.amazonaws.com https://myscript.prismic.io https://myscript.cdn.prismic.io; font-src data:; img-src 'self' https://cdn-images-1.medium.com https://cdn.myscript.com data:; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.myscript.com https://cloud.typography.com; media-src 'self'; manifest-src 'self'; object-src 'none' 2
default-src https:; script-src 'unsafe-inline' https: 'unsafe-eval' https://crossway.my.salesforce.com; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
default-src 'self' *.liberbank.es https://www.google.com https://www.facebook.com/tr/ https://api.liberbank.es:80 https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.norbolsa.es https://analytics.twitter.com https://www.liberbank.es https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://storage.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://use.typekit.net/lzp0kbu.js https://maps.googleapis.com https://cse.google.com *.hotjar.com https://www.googleadservices.com https://bat.bing.com https://track.adform.net https://googleads.g.doubleclick.net *.browseranalytic.com browseranalytic.com https://player.vimeo.com/api/player.js https://piwik.lander.net/piwik.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/ https://connect.facebook.net https://service.force.com https://liberbankit.my.salesforce.com https://d.la1-c1-frf.salesforceliveagent.com https://onboardinglbk.secure.force.com https://s2.adform.net https://www.tarjetaplaystation.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://use.typekit.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://p.typekit.net https://www.google.com/cse/static/ https://service.force.com https://onboardinglbk.secure.force.com;img-src 'self' https://t.co https://www.google-analytics.com https://www.google.com https://www.facebook.com https://www.norbolsa.es data: https://p.typekit.net https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.googleapis.com https://clients1.google.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://bat.bing.com https://www.google.es *.browseranalytic.com browseranalytic.com https://googleads.g.doubleclick.net https://clean.tracksacai.com https://tbl.tradedoubler.com https://afinia.uinterbox.com https://openlead.bankimia.com https://atrapacredito.go2cloud.org https://liberbankit--devcc2--c.cs84.visual.force.com https://liberbankit--devcc2.cs84.my.salesforce.com https://www.gstatic.com;connect-src 'self' https://www.facebook.com https://www.liberbank.es https://bat.bing.com https://analytics.google.com https://www.google-analytics.com https://lbk-asistente-pro-principal.appspot.com https://vc.hotjar.io https://api.liberbank.es https://api-glbk.liberbank.es https://lbkapi-pre.vorago.es https://in.hotjar.com https://sentry.hotjar.com/ *.browseranalytic.com browseranalytic.com https://cse.google.com https://stats.g.doubleclick.net https://devcc4-onboardinglbk.cs109.force.com https://onboardinglbk.secure.force.com https://ws1.premiumnumbers.es/C2M/C2M/NLL/pgXrgNiYWTnjRyy03oavuViq1osOt96N/;font-src 'self' https://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.facebook.com/tr/;object-src 'self';media-src 'self';sandbox allow-forms allow-scripts allow-modals allow-popups allow-presentation allow-same-origin allow-popups-to-escape-sandbox allow-top-navigation ;child-src 'self' https://portalprov.liberbank.es https://www.facebook.com https://openbanking.liberbank.es https://bedesa-liberbank.ceca.es https://cse.google.com https://vars.hotjar.com https://www.youtube.com https://track.adform.net https://player.vimeo.com https://*.fls.doubleclick.net https://vimeo.com https://service.force.com;form-action 'self' https://www.facebook.com/tr/;frame-ancestors 'self';plugin-types application/pdf; 2
frame-ancestors about: 'self' https://*.airtransat.com https://*.transat.com 2
frame-ancestors 'self' *.nexxt.com/ https://lensa.com/; 2
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com hm.baidu.com tongji.baidu.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com cdn.lr-ingest.io www.googleadservices.com googleads.g.doubleclick.net; frame-ancestors 'self' *.gaoding.com god-mgr.dancf.com ttxsapp.udesk.cn tongji.baidu.com www.huodongxing.com www.365editor.com https://ytcs.lenovo.net http://ytcs.lenovo.net https://ytcstest.lenovo.net http://pnew.365editor.com http://pwww.365editor.com http://new.365editor.com https://new.365editor.com https://ex.365editor.com http://ex.365editor.com http://www.365editor.com https://cdn.lr-ingest.io https://mp.weixin.qq.com https://testsmb.lenovo.net/ www.wxb.com http://local.wxb.com http://*.gaoding.com https://*.gaoding.com https://www.xmyeditor.com http://xmyplus.jiangniaocloud.top https://xmyplus.jiangniaocloud.top http://editor.chinaso.com http://*.huanleguang.com http://*.huanleguang.cn  https://bj.96weixin.com http://bj.96weixin.com http://*.haoche.cn https://*.haoche.cn http://*.haoche.cn:*/ https://*.shuaishou.com http://*.shuaishou.com http://localhost:* 2
frame-ancestors 'self' *.quattropod.com quattropod.com *.quattropod.com.cn quattropod.com.cn ezcast-pro.com 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';img-src data: https: 'self';connect-src https: 'self' wss://*.hotjar.com; 2
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coop.co.uk https://assets.adobedtm.com cdn.embedly.com *.ensighten.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com *.google.com *.googleadservices.com *.quantserve.com *.ads-twitter.com *.g.doubleclick.net *.fls.doubleclick.net *.adnxs.com *.teads.tv *.demdex.net rules.quantcount.com; style-src * 'unsafe-inline'; img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie *.ensighten.com images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net ads-engagement.presage.io secure.adnxs.com *.google.com pixel.quantserve.com t.co t.teads.tv; font-src 'self' s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk; media-src *; object-src youtube.com vimeo.com; frame-src 'self' https://cooperativegroup.demdex.net https://forms.office.com  https://youtube.com https://www.youtube.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com; connect-src https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.google-analytics.com *.g.doubleclick.net; 2
frame-ancestors https://*.apus.edu https://*.hondros.edu 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: https://app.acquire.io wss://s.acquire.io data:; img-src https: 'self' data: blob:; font-src 'self' data: https://fonts.gstatic.com https://cdn.dynamicyield.com https://cdn.tollbrothers.com https://app.acquire.io https://s.acquire.io; worker-src https: blob: 2
frame-ancestors 'self' https://*.iproperty.com.my https://*.squarefoot.com.hk ; 2
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com https://cdnjs.com/ https://fast.fonts.net/ https://code.jquery.com/ https://api.usersnap.com https://www.googletagmanager.com https://rum-static.pingdom.net https://s7.addthis.com https://sjs.bizographics.com https://snap.licdn.com https://v1.addthisedge.com https://m.addthis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://kendo.cdn.telerik.com https://cookie-cdn.cookiepro.com/ https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://unpkg.com https://downloads.mailchimp.com https://mc.us5.list-manage.com https://secure.adnxs.com https://z.moatads.com https://geolocation.onetrust.com https://stackpath.bootstrapcdn.com https://walls.io https://cse.google.com *.pagestrip.com;   style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net https://cdnjs.cloudflare.com https://emea3.recruitmentplatform.com https://maxcdn.bootstrapcdn.com  https://downloads.mailchimp.com https://cdn-images.mailchimp.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net *.pagestrip.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com;   img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com https://px.ads.linkedin.com data: blob: *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com http://media.corporate-ir.net https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com;   media-src 'self' *.ssl.cf1.rackcdn.com data: blob:;   child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com;   connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://rum-collector-2.pingdom.net https://m.addthis.com https://cookie-cdn.cookiepro.com https://s7.addthis.com https://emea3.recruitmentplatform.com https://emea3.recruitmentplatform.com https://global3.recruitmentplatform.com https://www.google-analytics.com https://privacyportal.cookiepro.com https://pagestrip.com https://*.pagestrip.com; 2
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.quantumdex.io *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; style-src 'unsafe-inline' cdn.welcometothejungle.co tagmanager.google.com fonts.googleapis.com optimize.google.com app.getbeamer.com *.axept.io; script-src 'unsafe-inline' cdn.welcometothejungle.co platform.linkedin.com www.linkedin.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com connect.facebook.net www.facebook.com www.youtube.com *.ytimg.com loader.wisepops.com app.wisepops.com cdn.wisepops.com optimize.google.com app.getbeamer.com realtime.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com static.hotjar.com script.hotjar.com *.batch.com polyfill.io *.axept.io; img-src http: https: blob: data: optimize.google.com www.google-analytics.com script.hotjar.com *.axept.io; media-src cdn.welcometothejungle.co; font-src cdn.welcometothejungle.co cdn.welcometothejungle.com cdn.welcometothejungle.co fonts.gstatic.com data: script.hotjar.com *.axept.io; frame-src 'self' platform.linkedin.com www.linkedin.com api.linkedin.com cdn.iframe.ly www.youtube.com www.dailymotion.com www.facebook.com soundsgood.co play.soundsgood.co app.soundsgood.co playlist.soundsgood.co connect.facebook.net w.soundcloud.com optimize.google.com app.getbeamer.com push.getbeamer.com player.vimeo.com speakerdeck.com www.slideshare.net talks.golang.org docs.google.com slides.com vars.hotjar.com *.axept.io; connect-src https://api.welcometothejungle.com wss://api.welcometothejungle.com sp.welcometothejungle.com https://alerts.welcometothejungle.com wss://realtime.getbeamer.com *.algolianet.com *.algolia.net *.facebook.com sentry.io popup.wisepops.com app.wisepops.com tracking.wisepops.com cdn.wisepops.com backend.getbeamer.com www.google-analytics.com vimeo.com *.hotjar.com wss://*.hotjar.com vc.hotjar.io ip2c.org autocomplete.geocoder.ls.hereapi.com geocoder.ls.hereapi.com reverse.geocoder.ls.hereapi.com *.batch.com *.axept.io http://cypress.preprod.wttj.tech/zafoh2ie/ae3; worker-src 'self' 2
default-src 'self' *.bka.de bka.preview.prod.gsb.bka.zivb.net; base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' *.googleapis.com piwik.itzbund.de;object-src 'self' piwik.itzbund.de; media-src 'self' www.bka.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de bka.preview.prod.gsb.bka.zivb.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors bka.preview.prod.gsb.bka.zivb.net piwik.itzbund.de  *.facebook.com 2
frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 2
frame-src https://riksbanken.solidtango.com https://web103.reachmee.com https://www.riksbank.se https://www.google.com https://www.riksdagen.se https://vars.hotjar.com bankid: 2
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 2
frame-ancestors  *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval' 2
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; 2
default-src https:; connect-src *; font-src https: data:; frame-src https: ; img-src https: data: blob:;  media-src https:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:;  style-src 'unsafe-inline' https:; report-uri /csp_violation_report_endpoint 2
frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 2
frame-ancestors 'self' https://www.messenger.com https://www.facebook.com/; 2
default-src    'self'     'unsafe-inline'     'unsafe-eval'    i.4see.mobi;    script-src  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    https://prd01.launch.banfield.com/    http://*.g.doubleclick.net/    https://*.g.doubleclick.net/    http://*.google.com    https://*.google.com    http://tags.srv.stackadapt.com    https://tags.srv.stackadapt.com    http://*.stackadapt.com    https://*.stackadapt.com    'self'    'unsafe-inline'    'unsafe-eval'    http://code.jquery.com/    https://code.jquery.com/    http://assets.adobedtm.com    https://assets.adobedtm.com    http://cdn.optimizely.com    https://cdn.optimizely.com    http://use.typekit.net    https://use.typekit.net    http://fast.fonts.net/    https://fast.fonts.net/    http://gateway.answerscloud.com/    https://gateway.answerscloud.com/    http://*.foresee.com    https://*.foresee.com    http://cdnjs.cloudflare.com/   https://cdnjs.cloudflare.com/    http://www.googletagmanager.com    https://www.googletagmanager.com    http://www.googleadservices.com    https://www.googleadservices.com    http://ssl.google-analytics.com    https://ssl.google-analytics.com    http://js.clickequations.net    https://js.clickequations.net    http://connect.facebook.net    https://connect.facebook.net    http://az416426.vo.msecnd.net/    https://az416426.vo.msecnd.net/    http://www.google-analytics.com/    https://www.google-analytics.com/    http://localhost https://localhost    http://localhost:*    https://localhost:*    http://*.googleapis.com    https://*.googleapis.com    http://*.inspectlet.com    https://*.inspectlet.com    http://*.openweathermap.org    https://*.openweathermap.org    http://*.sharethis.com    https://*.sharethis.com    http://*.sharethis.com    https://*.sharethis.com    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://*.xg4ken.com    https://*.xg4ken.com    http://*.cloudflare.com    https://*.cloudflare.com    http://*.youtube.com    https://*.youtube.com    http://*.ytimg.com    https://*.ytimg.com    http://*.bing.com    https://*.bing.com    http://*.iatspayments.com    https://*.iatspayments.com    http://*.instagram.com    https://*.instagram.com     http://banfield-assets.azureedge.net    https://banfield-assets.azureedge.net    http://banfield-images.azureedge.net    https://banfield-images.azureedge.net    http://banfield-scripts.azureedge.net    https://banfield-scripts.azureedge.net    https://remote.vroptimal-3dx-assets.com/    https://gateway.foresee.com/    i.4see.mobi    https://cdn.schemaapp.com/    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    connect-src  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    blob:    'self'    'unsafe-inline'    'unsafe-eval' https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   http://logx.optimizely.com/log/event    https://logx.optimizely.com/log/event    http://*.visualstudio.com    https://*.visualstudio.com    http://localhost    https://localhost    http://*.inspectlet.com    https://*.inspectlet.com    http://*.typekit.net    https://*.typekit.net    http://*.googleapis.com    https://*.googleapis.com    http://*.facebook.com    https://*.facebook.com    http://*.sharethis.com    https://*.sharethis.com    http://*.optimizely.com    https://*.optimizely.com    https://analytics.foresee.com    https://brain.foresee.com    https://4seeresults.com    https://foreseeresults.com    https://www.google-analytics.com    https://ssl.google-analytics.com/    i.4see.mobi    https://device.4seeresults.com    https://srv.stackadapt.com/    https://tags.srv.stackadapt.com    https://ssl.google-analytics.com/    https://www.google.com/    https://data.schemaapp.com/    https://c.sharethis.mgr.consensu.org/    http://*.foresee.com    https://*.foresee.com    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    frame-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com     https://use.typekit.net    https://data.schemaapp.com    https://prd01.launch.banfield.com/    https://*.helpshift.com https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://checkout.globalgatewaye4.firstdata.com/payment    'self'    'unsafe-inline'    'unsafe-eval'    http://googleads.g.doubleclick.net    https://googleads.g.doubleclick.net    http://www.google.com/    https://www.google.com/    http://www.youtube.com    https://www.youtube.com    http://gateway.answerscloud.com    https://gateway.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.facebook.com    https://*.facebook.com    http://*.adobedtm.com    https://*.adobedtm.com    http://*.doubleclick.net    https://*.doubleclick.net    http://*.doubleclick.net    https://*.doubleclick.net    http://*.sharethis.com    https://*.sharethis.com    http://*.rallybound.org    https://*.rallybound.org    http://*.cdn.optimizely.com    https://*.cdn.optimizely.com    http://sketchfab.com/    https://sketchfab.com/    http://*.cloudfront.net/    https://*.cloudfront.net/    https://demo.globalgatewaye4.firstdata.com/    https://www.vroptimal-3dx-assets.com/    https://static.vroptimal-3dx-assets.com/    https://connect.facebook.net/    i.4see.mobi https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com;    img-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    https://maps.google.com    'self'    'unsafe-inline'    'unsafe-eval'    http://*.cloudflare.com    https://*.cloudflare.com    blob:    http://*.iatspayments.com    https://*.iatspayments.com    http://*.bidswitch.net    https://*.bidswitch.net    http://*.adnxs.com    https://*.adnxs.com    http://*.stackadapt.com    https://*.stackadapt.com  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css  'self' 'unsafe-inline'    'unsafe-eval' data: https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   http://googleads.g.doubleclick.net    https://googleads.g.doubleclick.net    http://*.google-analytics.com/    https://*.google-analytics.com/    http://centro.pixel.ad    https://centro.pixel.ad    http://beacon.clickequations.net/    https://beacon.clickequations.net/    http://www.google.com    https://www.google.com    http://*.banfield.com    https://*.banfield.com    http://www.facebook.com    https://www.facebook.com    http://maps.googleapis.com    https://maps.googleapis.com    http://*.gstatic.com    https://*.gstatic.com    http://pixel.sitescout.com/    https://pixel.sitescout.com/    http://images.banfield.com    https://images.banfield.com   http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://media.banfield.com    https://media.banfield.com    http://*.doubleclick.net    https://*.doubleclick.net    http://*.typekit.net    https://*.typekit.net    http://*.4seeresults.com    https://*.4seeresults.com    http://*.foreseeresults.com    https://*.foreseeresults.com    http://*.answerscloud.com    https://*.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.truste.com    https://*.truste.com    http://*.googleadservices.com    https://*.googleadservices.com    http://*.xg4ken.com    https://*.xg4ken.com    http://*.sharethis.com    https://*.sharethis.com    http://*.bing.com    https://*.bing.com    http://*.azureedge.net    https://*.azureedge.net    http://sb.scorecardresearch.com/    https://sb.scorecardresearch.com/    https://foresee.mobi    https://static.foresee.com/    https://gateway.foresee.com/    i.4see.mobi  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css  https://i.liadm.com/    https://pixel.rubiconproject.com/    https://pixel.advertising.com/    https://simage2.pubmatic.com/    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    style-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://scontent.cdninstagram.com    https://p.typekit.net   https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net    https://data.schemaapp.com    http://*.fonts.net/    https://*.fonts.net/    'self'    http://*.iatspayments.com    https://*.iatspayments.com    'unsafe-inline'    'unsafe-eval'    http://*.fonts.net    https://*.fonts.net    http://fast.fonts.net    https://fast.fonts.net  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   http://*.banfield.com    https://*.banfield.com    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com   http://*.googleapis.com    https://*.googleapis.com    http://*.jquery.com    https://*.jquery.com    http://*.answerscloud.com    https://*.answerscloud.com    http://*.foresee.com    https://*.foresee.com    http://*.sharethis.com    https://*.sharethis.com    http://cdnjs.cloudflare.com/    https://cdnjs.cloudflare.com/    http://*.fonts.net   https://*.fonts.net    http://*.azureedge.net    https://*.azureedge.net    https://gateway.foresee.com    i.4see.mobi    https://cdn.jsdelivr.net    https://banfield-scripts.azureedge.net/    https://*.helpshift.com    https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;    font-src https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css  https://unpkg.com/  https://scontent.cdninstagram.com    https://p.typekit.net    https://*.juicer.io    https://instafeed.pixlee.com/    https://instafeed.assets.pixlee.com    https://use.typekit.net     https://data.schemaapp.com    'self'    'unsafe-inline'    'unsafe-eval'    http://fast.fonts.net    https://fast.fonts.net    http://*.gstatic.com    https://*.gstatic.com    http://use.typekit.net    https://use.typekit.net    http://images.banfield.com    https://images.banfield.com    http://scripts.banfield.com    https://scripts.banfield.com    http://assets.banfield.com    https://assets.banfield.com    http://*.azureedge.net    https://*.azureedge.net    http://*.optimizely.com    https://*.optimizely.com    i.4see.mobi https://maxcdn.bootstrapcdn.com/  https://unpkg.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://cdnjs.cloudflare.com    http://*.foresee.com    https://*.foresee.com    https://banfield-scripts.azureedge.net/    https://*.helpshift.com  https://maxcdn.bootstrapcdn.com/  https://unpkg.com/gijgo@1.9.13/css/gijgo.min.css   https://home-c14.incontact.com/inContact/ChatClient/js/embed.min.js;   2
default-src https://cx.atdmt.com https://ve1panelsettingssa.blob.core.windows.net https://s.yimg.com/ https://*.windows.net https://ct.pinterest.com https://*.google.de https://c1.adform.net https://prod-druid-api.azurewebsites.net https://life.aegon.ro/ https://cdn-assets-pi3.nxtservers.com https://a.volvelle.tech https://bsw.digitru.st wss://ws12.hotjar.com wss://ws7.hotjar.com https://api.sitesearch360.com https://www.youtube.com/ https://creativecdn.com/ https://panel-settings-cdn-e1.ve.com/ https://www.facebook.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.bancatransilvania.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ blob: data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.veinteractive.com https://*.typekit.net/ https://*.gstatic.com https://*.bt4.druidplatform.com data:; object-src none 2
frame-ancestors 'self' http://carbonblack.lookbookhq.com https://carbonblack.lookbookhq.com http://content.carbonblack.com https://content.carbonblack.com 2
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com 2
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https:; media-src 'self' video.tesa.com *.youtube.com; connect-src 'self' https: wss://*.hotjar.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 2
img-src * data: blob: 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://www.linkedin.com https://maps.googleapis.com https://player.vimeo.com fonts.googleapis.com maps.gstatic.com fonts.gstatic.com 2
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
default-src https: 'unsafe-inline' data: 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'  www.datadoghq-browser-agent.com browser-http-intake.logs.datadoghq.com *.odd.blackspider.com:* *.dev-rd.websense.net:*  *.websense.net:* *.mailcontrol.com:* *.forcepoint.net:*; img-src 'self' data:; 2
frame-ancestors 'self' https://*.ci360.sas.com 2
frame-ancestors 'self' https://*.sageintacct.com https://*.intacct.com https://www.youtube.com https://*.addthis.com https://app-abd.marketo.com https://*.doubleclick.net https://www.google.com/ads https://jobs.jobvite.com https://api.soundcloud.com https://w.soundcloud.com https://www.g2crowd.com https://intacct.lookbookhq.com https://go.intacct.com https://tags.tiqcdn.com https://app.cdn.lookbookhq.com https://resources.xg4ken.com https://www.googletagmanager.com https://d12ulf131zb0yj.cloudfront.net https://d26n74bqaye0ia.cloudfront.net https://rc.sageintacct.com https://www-w28.intacct.com https://www-p02.intacct.com https://www-p03.intacct.com https://www-p04.intacct.com https://beta.intacct.com https://www.intacct-adv.com https://www-w27.intacct.com https://www-p03-w028.intacct.com https://www-p02-w028.intacct.com https://www-p04-w028.intacct.com https://www-dr.intacct.com https://stg-hk.intacct.com https://dev45.intacct.com https://dev31.intacct.com https://dev24.intacct.com https://dev33.intacct.com; 2
script-src *.frb.org *.googleapis.com *.addthis.com *.youtube.com *.google-analytics.com googlemaps.github.io *.google.com *.gstatic.com *.federalreserve.org *.addthisedge.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com s.ytimg.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' https://leidenuniv.libwizard.com https://library-tutorials.leidenuniv.nl https://brightspace.universiteitleiden.nl 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://checkout.stripe.com https://analytics.freedom.press https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run; connect-src 'self' https://checkout.stripe.com https://cdn.jsdelivr.net https://pressfreedomtracker.us; img-src 'self' https://*.stripe.com https://analytics.freedom.press blob: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://pressfreedomtracker.us; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com; object-src 'self'; default-src 'self'; frame-src 'self' blob: https://www.google.com/ https://checkout.stripe.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 2
base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 2
frame-ancestors https://pay.amazon.com 2
frame-ancestors 'self' eon.de *.eon.de 2
base-uri 'self';block-all-mixed-content;connect-src https://website.informer.com 'self';default-src 'none';font-src 'self';form-action 'self';frame-ancestors 'none';img-src data: 'self';manifest-src 'self';media-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self';style-src-attr 'unsafe-inline';worker-src 'none'; 2
default-src 'none'; connect-src 'self'; font-src *.anidb.net; form-action 'self'; img-src * data:; script-src 'self' *.anidb.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' *; child-src kiwiirc.com *.youtube-nocookie.com www.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; manifest-src *.anidb.net; 2
default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.retrip.jp retrip.jp *.gstatic.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.googlesyndication.com *.cloudflare.com *.doubleclick.net *.caprofitx.com *.googleadservices.com *.popin.cc *.treasuredata.com *.amoad.com *.criteo.com *.i-mobile.co.jp *.impact-ad.jp *.yimg.jp *.gmossp-sp.jp *.oct-pass.net *.nend.net *.mtburn.com *.ad-stir.com *.triver.jp *.criteo.net *.adtdp.com *.ca-conv.jp *.rakuten.co.jp *.adjust-net.jp *.gunosy.com *.softbank.jp *.yahoo.co.jp *.openx.net *.socdm.com *.uliza.jp *.genieesspv.jp *.advg.jp *.microad.jp *.rubiconproject.com *.mbww.com *.ampproject.org *.advertising.com *.adroll.com *.mathtag.com *.ladsp.com *.2mdn.net *.gssprt.jp *.zimg.jp *.logly.co.jp *.tapone.jp *.proparm.jp asset: *.appspot.com *.adingo.jp *.zucks.net *.fluct.me *.skyscanner.net *.goldspotmedia.com a248.e.akamai.net *.speee-ad.jp *.adplan-enquete.com *.google.co.jp *.docomo.ne.jp *.cinarra.com *.flashtalking.com *.apvdr.com *.x-lift.jp *.adsafeprotected.com *.ads-twitter.com *.amazon-adsystem.com bs.serving-sys.com *.bs.serving-sys.com *.akamaized.net *.adnxs.com span-smt.jp *.span-smt.jp *.onesdata.com *.report-uri.com *.surveymonkey.com *.form.run sdk.form.run *.typeform.com *.formzu.net tayori.com *.instagram.com/ *.ad-v.jp *.cci.co.jp *.openxmarket.jp *.servedby-openxmarket.jp *.adtechjp.com *.pubmatic.com *.teads.tv *.ad-generation.jp *.zucks.net.zimg.jp *.fluct.jp *.href.asia *.yieldmanager.com *.seesaa.net *.kau.li *.shinobi.jp *.yahoo.com *.adlantis.jp *.gsspcln.jp *.ampproject.net *.cmertv.com flux-cdn.com *.ssl-images-amazon.com *.bidswitch.net cdn.jsdelivr.net trippiece-d.openx.net rtbcdn.doubleverify.com z.moatads.com sin3-ib.adnxs.com cdn.adnxs.com impact-ad.jp webdemo.dac.co.jp cmertv.com tsukiji.iponweb.net ad-generation.jp as.amanad.adtdp.com pubmatic.com aja.vision adingo.jp appnexus.com openx.com rubiconproject.com publishers.logicad.jp microad.co.jp genieesspv.jp adtech.com ads.pubmatic.com 3ppa.jp.cinarra.com uni-corn.net nobid.io indexexchange.com acesovrn.com lijit.com gumgum.com across.com csonobi.com revcontent.com; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; report-uri https://trippiece.report-uri.io/r/default/csp/enforce; 2
frame-ancestors https://*.news.at http://*.news.at; upgrade-insecure-requests; block-all-mixed-content 2
frame-ancestors self fasttech.com *.fasttech.com 2
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' google.com/recaptcha maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com; connect-src https: wss: 'self' www.gov.uk yoast.com *.hotjar.com; img-src https: 'self' data: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com; style-src https: 'self' 'unsafe-inline' djtflbt20bdde.cloudfront.net fonts.googleapis.com; frame-src https: 'self' www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com; font-src https: 'self' data: fonts.gstatic.com; media-src https: 'self' media.nominet.uk; frame-ancestors 'self'; base-uri 'self' *.helpscout.net; form-action 'self' *.theukdomain.uk forms.hsforms.com; object-src 'self' *.cloudfront.net; manifest-src 'self'; 2
frame-ancestors 'self' helioshi.medixmob.com medix-portal.com 2
default-src 'self' *.dukascopy.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.google.com *.dukascopy.com *.dukascopy.jp; script-src-elem 'self' 'unsafe-inline' *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com *.dukascopy.com; style-src 'self' 'unsafe-inline' *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com *.dukascopy.com *.dukascopy.com *.dukascopy.jp; object-src 'none'; frame-ancestors 'self' *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com *.dukascopy.com; form-action 'self' *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com google.co.jp; frame-src 'self' *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com *.dukascopy.com data: blob:; img-src 'self' 'unsafe-inline' *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com *.dukascopy.com data: blob:; font-src 'self' 'unsafe-inline' *.imgur.com *.jwpcdn.com *.gstatic.com *.yadro.ru *.jquery.com *.google.com *.google.ch *.google.ru *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com google.co.jp cdn.jsdelivr.net jwpltx.com *.dukascopy.com data:; media-src *  data: blob:; connect-src 'self' *.google-analytics.com *.g.doubleclick.net *.dukascoin.com *.site.dukascopy.com *.dukascopy.tv *.dukascopy.bank *.dukascopy.ch *.dukascopy.asia *.dukascopy.online *.dukascopy.jp *.dukascopy.com wss://ws.dukascopy.com cf-s3-tv.dukascopy.com 2
font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com http://www.concentrix.com http://concentrix.com data: https://1cfrbv1cz8j13t7nr4n67ss1-wpengine.netdna-ssl.com; frame-ancestors https://cvgdotcomprodprvw.azurewebsites.net/careers https://careers.concentrix.com/ https://careers.concentrix.com/careers? https://cvgdotcomprodprvw.azurewebsites.net https://careers.concentrix.com/careers https://concentrix.my.salesforce.com/ https://careers.concentrix.com/careers/us https://careers.concentrix.com/careers/us/ https://careers.concentrix.com/careers/?country=ca https://careers.concentrix.com/* https://careers.concentrix.com/about/contact-us; 2
frame-ancestors 'self' http://epicor.lookbookhq.com https://epicor.lookbookhq.com; 2
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src https: data:; media-src http: https:; img-src http: https: data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com *.googlesyndication.com adservice.google.co.uk *.hotjar.com *.clicktripz.com ads.adfox.ru ad.mail.ru inv-nets.admixer.net yastatic.net *.yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net *.pixfuture.com pixfuture.com api.payota.net weborama.fr tns-counter.ru static.ads-twitter.com analytics.twitter.com tags.bkrtx.com t.skyscnr.com *.adtech.advertising.com *.casalemedia.com *.openx.net openx.net adriver.ru *.adriver.ru *.contextweb.com contextweb.com *.betweendigital.com betweendigital.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com grkigi.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com fonts.gstatic.com adhigh.net *.adhigh.net *.doubleclick.net doubleclick.net *.adlooxtracking.com *.adnxs.com adnxs.com 2mdn.net *.2mdn.net doubleverify.com *.doubleverify.com *.pubmatic.com pubmatic.com *.livetex.ru ostrovokru003.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com stags.bluekai.com accounts.google.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net enc1wnyb87.execute-api.us-east-1.amazonaws.com www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com st.dynamicyield.com static.dynamicyield.com *.criteo.com *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl  c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com googleads.g.doubleclick.net *.googlesyndication.com  widgets-2-omni-iframe.livetex.ru tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com *.openx.net openx.net *.contextweb.com contextweb.com *.adnxs.com adnxs.com *.pubmatic.com pubmatic.com adhigh.net doubleclick.net www.google.com www.adservice.google.pl *.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com *.ssp.otm-r.com *.otm-r.com otm-r.com vc.hotjar.io clickioadvd.com *.pixfuture.com pixfuture.com www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com *.betweendigital.com vk.com staticxx.facebook.com bid.g.doubleclick.net tag.crsspxl.com accounts.google.com *.bluekai.com *.mail.ru ru.surveymonkey.com; img-src * data:; report-uri /hc/csp 2
default-src 'self' *.nts.live *.ntslive.co.uk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.soundcloud.com *.mixcloud.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://optimize.google.com certify-js.alexametrics.com https://www.youtube.com *.ytimg.com *.list-manage.com https://unpkg.com *.gstatic.com apis.google.com https://js.stripe.com https://www.paypal.com; connect-src *; img-src 'self' data: https:; media-src 'self' https://*.ntslive.net http://*.ntslive.net https://*.ntslive.co.uk; style-src 'unsafe-inline' 'self' hello.myfonts.net https://optimize.google.com https://fonts.googleapis.com; worker-src 'self'; child-src 'self' *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com; font-src 'self' data: fonts.gstatic.com; frame-src *.mixcloud.com https://*.vimeo.com https://*.soundcloud.com https://bandcamp.com https://*.youtube.com https://optimize.google.com *.firebaseapp.com https://js.stripe.com *.paypal.com; 2
default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; connect-src 'self' https://stats.g.doubleclick.net https://segments.company-target.com https://www.google-analytics.com https://connect.facebook.net/ https://vc.hotjar.io https://in.hotjar.com https://*.demdex.net https://api.company-target.com https://smetrics.aveva.com https://cm.everesttech.net https://forms.hsforms.com https://forms.hubspot.com https://forms.hubspot.com https://assets.adobedtm.com https://aveva.tt.omtrdc.net https://m.addthis.com https://api.hubapi.com; img-src 'self' data: https://segments.company-target.com https://t.co https://connect.facebook.net https://forms.hubspot.com https://*.demdex.net https://match.prod.bidr.io https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://avevaenglishdev.112.2o7.net https://forms.hsforms.com https://track.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://view.ceros.com https://okt.to https://analytics.twitter.com https://script.hotjar.com https://tag.demandbase.com https://secure.feed5mown.com https://static.ads-twitter.com http://clientservices.googleapis.com https://static.hotjar.com https://static.oktopost.com https://www.googletagmanager.com http://r2---sn-ci5gup-cvhz.gvt1.com http://r4---sn-qxaeen7e.gvt1.com http://redirector.gvt1.com http://update.googleapis.com http://www.gstatic.com https://js.driftt.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js.hsadspixel.net https://connect.facebook.net https://www.googletagmanager.com https://snap.licdn.com https://noembed.com *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co https://fast.wistia.net http://fast.wistia.com http://vimeo.com https://vimeo.com https://*.vimeo.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.youtube.com https://js.hsforms.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsleadflows.net  https://s.ytimg.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://s7.addthis.com https://v1.addthisedge.com  https://m.addthis.com https://z.moatads.com https://graph.facebook.com; frame-src 'self' https://www.w3.org https://view.ceros.com https://forms.hsforms.com https://vars.hotjar.com https://js.driftt.com https://*.demdex.net https://www.facebook.com https://www.youtube.com https://fast.wistia.net https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://www.slideshare.net; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' i.ytimg.com *.jbnu.ac.kr www.googletagmanager.com *.googleapis.com wcs.naver.net dapi.kakao.com *.daum.net *.daumcdn.net *.kakao.com *.youtube.com; 2
default-src 'self' chat.searchengines.guru d.searchengines.guru; script-src 'self' content.searchengines.guru search.searchengines.guru d.searchengines.guru 'unsafe-inline'; style-src d.searchengines.guru 'unsafe-inline'; img-src 'self' content.searchengines.guru chat.searchengines.guru d.searchengines.guru blob: data:; media-src 'self' chat.searchengines.guru; font-src 'self' d.searchengines.guru; connect-src 'self' content.searchengines.guru https://chat.searchengines.guru wss://chat.searchengines.guru; frame-src 'self' d.searchengines.guru content.searchengines.guru www.youtube.com; frame-ancestors 'self'; object-src 'self' blob:; 2
default-src 'none';                                     connect-src https://sonarsource.cdn.prismic.io https://sonarsource.prismic.io https://www.google-analytics.com https://veh6ryrcr4.execute-api.eu-central-1.amazonaws.com https://stats.g.doubleclick.net;                                     font-src 'self' https://fonts.gstatic.com data:;                                     frame-src https://sonarsource.prismic.io https://www.youtube.com;                                     img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com;                                     media-src 'self';                                     script-src 'self' 'unsafe-inline' https://code.jquery.com https://static.cdn.prismic.io https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com;                                     style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com 2
frame-ancestors 'self' http://www.knorr.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
frame-ancestors 'self' https://*.teamsupport.com/ 2
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 2
default-src 'self' https://admin.df.eu/ https://analytics.aklamio.com https://*.ampproject.org https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.omnitagjs.com https://*.adnxs.com https://*.aklamio.com https://*.doubleclick.net https://java.com https://optimizely.s3.amazonaws.com https://tags.tiqcdn.com https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://*.atdmt.com https://*.zemanta.com https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.eastwood.com *.bronto.com *.resultspage.com *.bazaarvoice.com *.google.com *.affirm.com *.facebook.net *.bing.com *.hotjar.com *.kaptcha.com *.bootstrapcdn.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.murdoog.com *.pingdom.net *.googleapis.com *.googleadservices.com *.bootstrapcdn.com *.bronto.com *.klevu.com *.gstatic.com *.ytimg.com *.doubleclick.net *.ksearchnet.com *.kustomerapp.com *.facebook.com *.hotjar.io *.zdassets.com *.materialdesignicons.com *.youtube.com *.liadm.com *.abtasty.com *.zendesk.com *.zopim.com *.noibu.com *.bm23.com *.criteo.net *.criteo.com *.newrelic.com *.nr-data.com *.nr-data.net *.googletagservices.com *.googleadservices.com *.googlesyndication.com *.paymentech.com *.acsbapp.com *.acsbap.com acsbapp.com acsbap.com *.paypal.com *.paypalobjects.com secure-ecommerce-services.com *.casalemedia.com *.stickyadstv.com *.ivitrack.com *.taboola.com *.e-planning.net *.yieldmo.com *.smaato.net *.adnxs.com *.pubmatic.com *.rlcdn.com *.advertising.com *.yahoo.com *.rubiconproject.com *.postrelease.com *.outbrain.com *.teads.tv *.tremorhub.com *.aralego.com *.360yield.com *.bluekai.com *.online-metrix.net *.emjcd.com *.smartadserver.com *.mediawallahscript.com *.3lift.com *.addthis.com *.clmbtech.com *.revcontent.com *.meba.kr *.tapad.com *.openx.net *.media.net *.turn.com *.krxd.net *.aralego.net *.pusher.com *.pusherapp.com *.cloudinary.com *.mxpnl.com *.mixpanel.com *.countryflags.io *.s3.amazonaws.com *.chatio-static.com *.googleusercontent.com *.maxcdn.com *.launchdarkly.com *.statuspage.io *.bron.to *.bidswitch.net *.agkn.com *.melissadata.net 2
default-src 'self'; child-src 'self' blob: https://content.googleapis.com https://www.googletagmanager.com/ns.html; connect-src 'self' https://siteintercept.qualtrics.com https://atlas.microsoft.com https://www.google-analytics.com https://events.glasgowlife.org.uk https://plus.browsealoud.com https://*.speechstream.net https://stats.g.doubleclick.net https://babm.texthelp.com https://dc.services.visualstudio.com; font-src 'self' 'unsafe-inline' data: https://atlas.microsoft.com https://fonts.gstatic.com https://fonts.googleapis.com https://fast.fonts.net; frame-src 'self' https://player.vimeo.com https://www.youtube.com; img-src 'self' blob: data: https://atlas.microsoft.com https://gl-events.s3.amazonaws.com https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://gl-wip-portal-cache.azureedge.net https://gl-test-portal-cache.azureedge.net https://gl-prod-portal-cache.azureedge.net https://glwipportal.blob.core.windows.net https://gltestportal.blob.core.windows.net https://glwipportal.blob.core.windows.net https://glprodportal.blob.core.windows.net https://glportalprodblob.blob.core.windows.net https://glportalv2qablobfront.blob.core.windows.net https://glportalv2prodblob.blob.core.windows.net https://events.glasgowlife.org.uk https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.gravatar.com https://plus.browsealoud.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' https://qaglportal.azureedge.net https://prodglportal.azureedge.net https://qaglportalv2.azureedge.net https://prodglportalv2.azureedge.net https://*.speechstream.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://apis.google.com https://atlas.microsoft.com https://www.browsealoud.com https://plus.browsealoud.com https://connect.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://fast.fonts.net https://ajax.googleapis.com https://fonts.googleapis.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://atlas.microsoft.com https://fonts.googleapis.com https://fast.fonts.net https://plus.browsealoud.com https://tagmanager.google.com; report-uri https://stormid.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 2
frame-ancestors https://gms.hongleong.com.my https://tags.tiqcdn.com https://survey.hlb.com.my https://uat.hlb.com.my https://aem-preprod.hlb.com.my https://aem-preprod.hlisb.com.my https://aem-uat.hlb.com.my https://www.hlb.com.my https://www.facebook.com https://www.vivocha.com https://www.youtube.com https://staticxx.facebook.com https://www.googletagmanager.com https://gateway.hlb.com.my https://gateway.hlb.com.my:8446 https://www.google.com https://optimize.google.com https://hongleongbank.sc.omtrdc.net https://dpm.demdex.net https://uat.hlb.my:443 http://uat.hlb.my 2
child-src 'self' *.adform.net *.criteo.com *.criteo.net *.optimizely.com *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net  *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de; frame-src 'self' *.adform.net *.criteo.com *.criteo.net *.optimizely.com *.selbstbauprofi.de *.sociomantic.com *.toom.de *.tp-de.net *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de; object-src 'self'; 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri http://main.acsevents.org/site/XFrameViolation 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 2
frame-ancestors 'self' https://reittiopas.hsl.fi https://uusi.reittiopas.hsl.fi https://next-dev.digitransit.fi 2
frame-ancestors https://www.karl.com/ https://www.karl.com/ http://www.optimizely.com https://www.optimizely.com; 2
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 2
script-src 'self' 'unsafe-eval' 'unsafe-inline'  data: https://wapi.nic.fr https://www.google.com http://www.afnic.fr/  http://s7.addthis.com https://s7.addthis.com https://v1.addthisedge.com/live/boost/4e71b845327984d7/_ate.track.config_resp https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://www.gstatic.com/charts/loader.js http://m.addthisedge.com/ https://m.addthisedge.com/ http://m.addthis.com/ https://m.addthis.com/ platform.twitter.com http://www.google-analytics.com https://ssl.google-analytics.com/ https://www.afnic.fr/  https://cdn.syndication.twimg.com/widgets/ ; object-src 'self' https://s7.addthis.com https://www.google.com/jsapi https://cdn.syndication.twimg.com ; form-action 'self'; child-src https://www.openstreetmap.org/ https://platform.twitter.com https://maps.google.fr/ https://www.dailymotion.com https://www.youtube.com/ https://s7.addthis.com https://www.google.com https://www.facebook.com/ http://www.facebook.com/ http://eyedo.tv/ https://eyedo.tv/ ;frame-ancestors https://www.facebook.com/ http://www.facebook.com/ 2
default-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital;base-uri 'self';img-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: localhost stats.g.doubleclick.net via.placeholder.com biglotteryfund-assets.imgix.net i.ytimg.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;font-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital data: use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;style-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-inline' *.typekit.net;script-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;child-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital www.google.com https://vars.hotjar.com;connect-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com;frame-src 'self' *.biglotteryfund.org.uk *.tnlcommunityfund.org.uk *.google.com *.facebook.com *.twitter.com *.gstatic.com *.twimg.com *.youtube.com *.vimeo.com cdn.polyfill.io cdn.syndication.twimg.com ajax.googleapis.com cdnjs.cloudflare.com platform.twitter.com sentry.io syndication.twitter.com www.google-analytics.com use.typekit.net *.bootstrapcdn.com *.soundcloud.com emails-tnlcommunityfund.org.uk cms.blf.digital https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;report-uri https://sentry.io/api/226416/csp-report/?sentry_key=53aa5923a25c43cd9a645d9207ae5b6c 2
default-src 'self'  data: blob:;                                                                     img-src 'self' 'unsafe-inline' data: blob:                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                     http://www.googleadservices.com/pagead/                  https://googleads.g.doubleclick.net/                  https://www.google.com/pagead/                  https://www.bing.com/api/maps/                                                                              https://www.youtube.com/                          https://youtube.com/                  https://www.vimeo.com/                          https://vimeo.com/                  https://*.vimeo.com/external/                  https://vod-progressive.akamaized.net/                  https://*.dynamic.tiles.virtualearth.net/                                                                          https://syndication.twitter.com/                                                                             https://platform.twitter.com/css/                                                                             https://abs.twimg.com/emoji/                                                                             https://pbs.twimg.com/profile_images/                                                                             https://pbs.twimg.com/media/                    https://*.audioeye.com/                                                                             https://*.fitnessintl.com/                                                                             ;                                                                      script-src 'self' 'unsafe-inline' 'unsafe-eval'                                                                              https://www.google.com/recaptcha/                                                                              https://www.gstatic.com/recaptcha/                                                                              https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                     http://www.googleadservices.com/pagead/                  https://googleads.g.doubleclick.net/                  https://www.google.com/pagead/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                           https://youtube.com/                                                    https://www.vimeo.com/                  https://vimeo.com/                  https://*.vimeo.com/external/                  https://vod-progressive.akamaized.net/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                  https://www.bing.com/rp/                  https://*.dynamic.tiles.virtualearth.net/                  https://dev.virtualearth.net/webservices/                  https://platform.twitter.com/widgets.js                                                                             https://platform.twitter.com/js/                                                                             https://cdn.syndication.twimg.com/timeline/                    https://*.audioeye.com/                  ;                                                                     child-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                                                 http://google-analytics.com/                  http://www.googleadservices.com/pagead/                  https://googleads.g.doubleclick.net/                  https://www.google.com/pagead/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.vimeo.com/                          https://vimeo.com/                  https://*.vimeo.com/external/                  https://vod-progressive.akamaized.net/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                  https://www.bing.com/rp/                  https://*.dynamic.tiles.virtualearth.net/                  https://dev.virtualearth.net/webservices/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                     ;                                                                     frame-src 'self' 'unsafe-inline'                                                                              https://www.google.com/recaptcha/                   https://google.com/recaptcha/                  https://www.gstatic.com/recaptcha/                  https://gstatic.com/recaptcha/                     https://ssl.google-analytics.com/                                                                              http://www.google-analytics.com/                   http://www.googleadservices.com/pagead/                  https://googleads.g.doubleclick.net/                  https://www.google.com/pagead/                  http://google-analytics.com/                  https://www.bing.com/api/maps/                                                                              https://www.bing.com/api/maps/mapcontrol/                                                                              https://www.youtube.com/                  https://youtube.com/                  https://www.vimeo.com/                  https://vimeo.com/                  https://*.vimeo.com/external/                  https://vod-progressive.akamaized.net/                  https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                  https://www.bing.com/rp/                  https://*.dynamic.tiles.virtualearth.net/                  https://dev.virtualearth.net/webservices/                                                                             https://www.facebook.com/                                                                             https://platform.twitter.com/                                                                             https://syndication.twitter.com/                       https://*.audioeye.com/                  ;                                                                     style-src 'self' 'unsafe-inline'                                                                              https://www.bing.com/rs/                                                                              https://www.bing.com/rb/                  https://www.bing.com/rp/                  https://platform.twitter.com/css/                    https://*.audioeye.com/                           ;                                                                     connect-src 'self'                                                                             https://www.bing.com/maps/                                                                             https://www.bing.com/fd/ls/                    https://*.audioeye.com/                                                                             ;                                                                     font-src 'self' data: blob:                                                                            https://*.audioeye.com/                                   ;                                                                     media-src 'self'                                                                           https://*.audioeye.com/ 2
frame-ancestors cms.pptvthailand.com *.pptvhd36.com 2
frame-ancestors https://rajaview.id; 2
frame-ancestors *; upgrade-insecure-requests 2
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://stats.g.doubleclick.net https://www.facebook.com https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://maps.gstatic.com https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://bankmozliwosci.santander.pl https://www.googletagmanager.com www.google.com http://www.webankieta.pl www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://optimize.google.com https://ent.activeforms.com http://ent.activeforms.com opinia.santander.pl http://formularze.santander.pl https://www.webankieta.pl https://cloud.webankieta.pl http://datacloud.tealiumiq.com https://formularze.santander.pl https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com *.doubleclick.net https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.script.crazyegg.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://maps.googleapis.com http://www.script.crazyegg.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://code.jquery.com www.google.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com http://script.crazyegg.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://omnibot.santander.pl https://www.google-analytics.com https://my.tealiumiq.com https://stats.g.doubleclick.net https://collect.tealiumiq.com 'self' 2
default-src 'self' 'unsafe-inline' blob: *.disquscdn.com disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.freeagent.com *.fre.ag *.googleapis.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.getdrip.com *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.disqus.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.disquscdn.com disqus.com *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net optimize.google.com js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/ optanon.blob.core.windows.net code.jquery.com *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com geoip-js.com cdn.rollbar.com *.appointedd.com s3-eu-west-1.amazonaws.com *.zdassets.com widget-mediator.zopim.com; img-src data: blob: *; frame-src 'self' *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com disqus.com *.addthis.com embedwistia-a.akamaihd.net www.youtube.com www.youtube-nocookie.com www.google.com *.disquscdn.com widget.trustpilot.com *.googletagmanager.com optimize.google.com widget-prime.rafflecopter.com *.appointedd.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' data: blob: fonts.googleapis.com *.disquscdn.com *.twitter.com *.twimg.com tagmanager.google.com hello.myfonts.net optimize.google.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com *.zdassets.com; connect-src 'self' data: wss: *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com; object-src 'self' embedwistia-a.akamaihd.net; report-uri https://freeagent.report-uri.com/r/d/csp/enforce 2
frame-ancestors https://*.greatcall.com 2
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.co https://manganime.id https://manganime.in 2
default-src photomath.net photomath.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' tcms.photomath.net tpip.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' cms.photomath.net tcms.photomath.net pip.photomath.net; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com assets.prod.leanplum.com d2fi4ri5dhpqd1.cloudfront.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com about: data:; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com; object-src 'self'; 2
frame-ancestors 'self' *.investec.com https://ng.secure.investec.com:8080; 2
script-src 'self' https://dqnp8bdp95f7m.cloudfront.net https://www.google.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com  https://api.userlike.com https://userlike-cdn-client.s3-eu-west-1.amazonaws.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://dq4irj27fs462.cloudfront.net; base-uri 'self'; 2
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tvawcm.com *.tva.gov *.tva.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com code.highcharts.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org e.issuu.com https://cdn.siteimprove.net *.wufoo.com tva.us2.list-manage.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com my2.siteimprove.com code.jquery.com *.cdn.telerik.com https://az416426.vo.msecnd.net polyfill.io static.ctctcdn.com/js/ https://*.brightcove.net https://*.brightcove.com https://vjs.zencdn.net blob: https://cdn.jsdelivr.net https://unpkg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com static.ctctcdn.com https://unpkg.com https://cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com data:; img-src 'self' https://tvawcm.com *.tva.com *.tva.gov *.gstatic.com *.googleapis.com *.google-analytics.com https://play.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com tva-azr-eastus-cdn-ep-tvawcm-acc.azureedge.net tva-azr-eastus-cdn-ep-tvawcm-prd.azureedge.net www.googletagmanager.com static.ctctcdn.com https://*.brightcove.com https://*.brightcove.net https://brightcove.hs.llnwd.net; media-src 'self' data: blob: *.tva.gov *.tva.com tva-azr-eastus-cdn-ep-tvawcm-acc.azureedge.net tva-azr-eastus-cdn-ep-tvawcm-prd.azureedge.net https://*.brightcove.com/; form-action *.tva.gov *.tva.com tva.us2.list-manage.com tvawcm.com https://export.highcharts.com https://caissaps.us20.list-manage.com; frame-src tvawcm.com *.tva.com *.tva.gov platform.twitter.com tvaforms.wufoo.com tva.us2.list-manage.com *.wufoo.com *.youtube.com *.brightcove.net *.brightcove.com *.issuu.com tva.mediaplatform.com www.google.com tva.maps.arcgis.com https://*.siteimprove.com congeo.maps.arcgis.com www.youtube-nocookie.com maps.google.com cdn.knightlab.com; connect-src 'self' https://tvawcm.com *.tva.com *.tva.gov https://dc.services.visualstudio.com *.siteimprove.com *.microsoftonline.com *.msftauth.net https://www.google-analytics.com listgrowth.ctctcdn.com https://*.brightcove.com https://*.brightcove.net; 2
default-src 'self' https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com; script-src 'self' 'unsafe-eval' maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com www.googletagmanager.com www.eiseverywhere.com js-agent.newrelic.com *.nr-data.net www.recaptcha.net www.gstatic.com vjs.zencdn.net https://*.go-mpulse.net https://origin-www.appliedmaterials.com 'unsafe-inline'; object-src 'self' www.eiseverywhere.com; style-src 'self' fonts.googleapis.com www.gstatic.com vjs.zencdn.net https://origin-www.appliedmaterials.com http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com 'unsafe-inline'; img-src 'self' *.googleapis.com www.google-analytics.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.google.com www.google.com.sg www.google.com.tw www.google.co.il www.google.co.in www.google.co.kr www.google.co.uk www.googletagmanager.com ml.globenewswire.com www.globenewswire.com resource.globenewswire.com na.eventscloud.com www.eiseverywhere.com bam.nr-data.net  http://*.prod.acquia-sites.com https://*.prod.acquia-sites.com  http://*.appliedmaterials.com https://*.appliedmaterials.com data:; frame-src 'self' www.google.com www.youtube.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com vjs.zencdn.net http://origin-www.appliedmaterials.com https://origin-www.appliedmaterials.com data:; connect-src 'self' www.google-analytics.com *.nr-data.net stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' data: 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; 2
frame-ancestors https://*.zsxq.com 2
default-src 'self' 'unsafe-inline' *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com data: *.acquia.com *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.acquia.com *.marchex.io *.egain.cloud *.analytics-egain.com *.criteo.net *.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net  *.jsdelivr.net https://optimize.google.com *.jsdelivr.net unpkg.com *.kampyle.com polyfill.io *.b-cdn.net cdn.rawgit.com *.jivox.com c3plp.net; style-src 'self' 'unsafe-inline' *.acquia.com *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com *.jsdelivr.net unpkg.com *.kampyle.com; img-src 'self' data: *.unitedrentals.com bat.bing.com *.marchex.io *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net *.jsdelivr.net *.kampyle.com *.turn.com images.rouseservices.com *.advanseads.com; frame-src 'self' *.acquia.com *.marchex.io *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com c3plp.net *.c3portal.net; child-src 'self' *.acquia.com *.marchex.io *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com *.opmnstr.com *.unitedrentals.com *.kampyle.com blob:; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com *.jsdelivr.net *.kampyle.com; connect-src 'self' *.acquia.com *.web-2-tel.com web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com data: *.acquia.com *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live *.kampyle.com wss://*.visitors.live *.bugsnag.com *.omappapi.com 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src *; media-src *; frame-src 'self' https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.onesignal.com https://onesignal.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.doubleclick.net https://connect.facebook.net https://cdn.seon.io https://mc.yandex.ru/metrika/ https://apis.google.com 2
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: p11.techlab-cdn.com 2
frame-ancestors 'self' viewsonic.com viewsonic.com.tw viewsonic.com.au viewsonic.com.sg viewsoniceurope.com viewsonic.com.cn ap.viewsonic.com hk.viewsonic.com ifppartners.viewsonic.com color.viewsonic.com viewsonicglobal.com; 2
default-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech;connect-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.eazeup.com https://xid.eaze.io https://xid.eazewellness.com https://*.firebaseio.com wss://*.firebaseio.com https://*.googlevideo.com https://api.berbix.com https://api.inoviopay.com https://api.lever.co https://api.segment.io https://auth.split.io https://eaze.pxf.io https://eaze.zendesk.com https://ekr.zdassets.com https://events.split.io https://googleads.g.doubleclick.net https://res.cloudinary.com https://rs.fullstory.com https://sdk.split.io/ https://sentry.io https://spreadsheets.google.com https://streaming.split.io https://skyfire.vimeocdn.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://www.google-analytics.com https://www.youtube.com;font-src 'self' data: https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://fonts.gstatic.com https://s3.lightboxcdn.com https://verify.berbix.com;frame-ancestor 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech;frame-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.firebaseio.com https://player.vimeo.com https://verify.berbix.com https://www.youtube.com https://9619304.fls.doubleclick.net;img-src 'self' data: https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.eazeup.com https://aa.agkn.com https://adadvisor.net https://ads.creative-serving.com https://bh.contextweb.com https://bm.adentifi.com https://ce.lijit.com https://cm.g.doubleclick.net https://col.surfside.io https://dmx.districtm.io https://dpm.demdex.net https://dsum.casalemedia.com https://eb2.3lift.com https://edge.surfside.io https://hexagon-analytics.com https://i.vimdeocdn.com https://i.ytimg.com https://ib.adnxs.com https://id5-sync.com https://inv-nets.admixer.net https://logs-01.loggly.com https://maps.googleapis.com https://maps.gstatic.com https://match.adsrvr.org https://pixel.adswizz.com https://pixel.rubiconproject.com https://pixel.tapad.com https://pixelb.randi.adswizz.com https://q75ihpqk.micpn.com https://res.cloudinary.com https://rs.fullstory.com https://rtb-csync.smartadserver.com https://rtb.gumgum.com https://s.pubmine.com https://s3.lightboxcdn.com https://secure.adnxs.com https://simage2.pubmatic.com https://ssl.gstatic.com https://sync.1rx.io https://sync.outbrain.com https://sync.search.spotxchange.com https://t.co https://us-u.openx.net https://v2uploads.zopim.io https://verify.berbix.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.lightboxcdn.com https://www.youtube.com https://yt3.ggpht.com https://x.bidswitch.net;media-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://static.zdassets.com;object-src 'self' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://*.firebaseio.com https://ads.creative-serving.com https://analytics.twitter.com https://cdn.segment.com https://cdn.siftscience.com https://cm.g.doubleclick.net https://d.impactradius-event.com https://edge.fullstory.com https://f.vimeocdn.com https://lightboxapi.azurewebsites.net https://maps.googleapis.com https://match.adsrvr.org https://pixel.tapad.com https://q75ihpqk.micpn.com https://secure.adnxs.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.zdassets.com https://static2.creative-serving.com https://tagmanager.google.com https://verify.berbix.com https://widget-mediator.zopim.com https://fullstory.com https://www.fullstory.com https://www.google-analytics.com https://www.googletagmanager.com https://www.lightboxcdn.com https://www.youtube.com;style-src 'self' 'unsafe-inline' https://*.eaze.com https://*.eaze.dev https://*.eaze.tech https://fonts.googleapis.com https://s3.lightboxcdn.com https://tagmanager.google.com https://verify.berbix.com https://www.lightboxcdn.com;upgrade-insecure-requests 2
default-src 'self' 'unsafe-inline' *.uhasselt.be enquete.agconsult.com https://prezi.com/* https://cdn.jsdelivr.net/npm/ https://stream.livemedia.net/obfs  *.tawk.to/* www.google-analytics.com *.twitter.com *.twimg.com * fast.fonts.net *.delijn.be *.deburen.tv img.youtube.com *.gstatic.com *.getflowbox.com *.google.com *.tawk.to;script-src 'self'  'unsafe-eval' 'unsafe-inline' enquete.agconsult.com https://prezi.com/* https://cdn.jsdelivr.net/npm/ *.vimeo.com  https://stream.livemedia.net/obfs *.tawk.to/* www.google-analytics.com *.googleapis.com *.twitter.com *.twimg.com *.deburen.tv *.youtube.com  cdn.syndication.twimg.com *.getflowbox.com *.delijn.be fast.fonts.net https://siteimproveanalytics.com *.addthis.com  *.addthisedge.com *.facebook.com *.linkedin.com *.issuu.com *.google.com *.googletagmanager.com *.folders.eu connect.facebook.net *.amcharts.com *.tawk.to;img-src * data:;connect-src *;media-src *;frame-src 'self' *.uhasselt.be https://www3.uhasselt.be* https://prezi.com/ *.google.be https://cdn.jsdelivr.net/npm/ *.addthis.com https://stream.livemedia.net/obfs *.tawk.to/* *.clickdimensions.com https://uhasselt-uf.be/ https://www.surveygizmo.com *.twitter.com *.twimg.com  *.issuu.com *.delijn.be *.deburen.tv https://vimeo.com/ *.youtube.com  *.vimeo.com   https://siteimproveanalytics.com *.google.com *.folders.eu https://script.google.com/macros/s/AKfycbwDa0K00fdLIaHvDQ9i6OFF6RBjz0kBQv4vc9eXHzpxLuVSBs9Z/exec https://hetmeestmemorabele100dagenfeest.be https://demeestmemorabelechrysostomos.be http://xmos.preflight.space/ *.amcharts.com *.tawk.to;frame-ancestors *.uhasselt.be https://cdn.jsdelivr.net/npm/ *.prezi.com/* *.google.com https://stream.livemedia.net/obfs  *.tawk.to/* https://uhasselt-uf.be/ https://www.surveygizmo.com https://siteimproveanalytics.com *.twitter.com  *.twimg.com *.delijn.be http://*.abmtrans.eu http://abmtrans.eu http://*.mobitwist.be http://mobitwist.be  *.tawk.to; 2
script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /cspreport; form-action https:; block-all-mixed-content 2
default-src https: 'unsafe-eval' 'unsafe-inline' data: ; base-uri 'none'; form-action 'self'; img-src https: data: blob: https://static.etracker.com/; frame-ancestors 'self' https://use.fontawesome.com/ https://cdn.jsdelivr.net www.youtube-nocookie.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net/fontawesome/4.7.0/css/font-awesome.min.css https://fonts.googleapis.com/css https://cdnjs.cloudflare.com; 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://grandcentral.beescloud.com https://grandcentral.cloudbees.com 'self' 2
'frame-ancestors' http://localhost:8100 https//*.tn.gov 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src * 2
frame-ancestors 'self' docs.linkresearchtools.com smart.linkresearchtools.com lrtcon.at lrtcon.com app.linkresearchtools.com test2.linkresearchtools.com *.dev.linkresearchtools.com; 2
script-src 'self' https://www.gstatic.cn *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com https://cdn.datatables.net https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com *.mxpnl.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com 'unsafe-inline';style-src 'self' cdn.highimpactpayments.com *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com 'unsafe-inline';connect-src 'self' *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com api.mixpanel.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk https://api-js.mixpanel.com api-js.mixpanel.com api-js.mixpanel.com https://cdn.highimpactpayments.com;font-src 'self' cdn.highimpactpayments.com https://ajax.aspnetcdn.com *.tranedigitalrewards.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com https://cdn.highimpactpayments.com;img-src 'self' cdn.highimpactpayments.com https://cdnjs.cloudflare.com https://www.google-analytics.com *.acceleratoradmin.com data: data: https://cdn.highimpactpayments.com;frame-src 'self' https://www.recaptcha.net/ https://www.google.com *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.youtube.com https://youtu.be https://testcommon.swiftprepaid.com https://common.swiftprepaid.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk https://cdn.highimpactpayments.com 2
default-src *.whatuseek.com 'unsafe-inline'; frame-ancestors 'none'; 2
script-src 'unsafe-inline' 'unsafe-eval' http: https: blob: https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ 2
frame-ancestors 'self' localhost:* *.tason.com 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
default-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: data: ; 2
child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.googleapis.com *.gstatic.com *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.ampproject.org *.bing.com *.doubleclick.net *.dynad.net *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.marketo.com *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.xg4ken.com *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
default-src * data: http: https: wss: 'self' 'unsafe-inline'; font-src  'self'; child-src  'self'; connect-src https://plugins.blueconic.net https://fontys.blueconic.net/ https://in.hotjar.com/ https://*.amazonaws.com/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://api.pushbird.com/ 'self'; frame-src https://content.googleapis.com/ https://*.vimeo.com/ https://open.spotify.com/ https://pushbird.com/ https://*.transistor.fm/ https://www.instagram.com/ https://goto.fontys.nl/ https://*.snapchat.com/ https://*.hotjar.com/ https://*.pushbird.com/ https://*.facebook.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ 'self'; frame-ancestors https://open.spotify.com 'self'; img-src * data: mediastream: blob: filesystem: 'self' data:; media-src https://cdn.flbx.io/ 'self'; object-src  'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://www.gstatic.com/ https://*.fontys.nl/ https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://s.ytimg.com https://script.crazyegg.com https://dnn506yrbagrg.cloudfront.net https://planner-widget.goabout.com https://stats.g.doubleclick.net https://www.gstatic.com https://track.adform.net https://blokks.co https://view.genial.ly https://*.cloudfront.net https://static.hotjar.com https://parking-widget.goabout.com https://script.hotjar.com https://*.lightning.force.com https://www.facebook.com https://snap.licdn.com https://connect.facebook.net https://in.hotjar.com/ https://stats.g.doubleclick.net https://radboudumc.bbvms.com/ https://cdn.bluebillywig.com; style-src 'self' 'unsafe-inline'  https://fast.fonts.net https://*.cloudfront.net https://fonts.googleapis.com https://*.lightning.force.com; img-src 'self'  https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://static.genial.ly https://*.amazonaws.com https://*.lightning.force.com https://px.ads.linkedin.com https://www.facebook.com https://*.bbvms.com/ https://*.bluebillywig.com https://*.cloudfront.net; media-src 'self'  https://static.genial.ly/ https://radboudumc.bbvms.com/; font-src 'self'  data: https://*.cloudfront.net https://fonts.gstatic.com https://*.lightning.force.com https://cdn.bluebillywig.com/*; frame-ancestors 'self' https://bewerk.radboudumc.nl https://radboud.app.connexys.nl; frame-src 'self'  https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://radboudumc-web.ungerboeck.com https://planner-widget.goabout.com https://www.google.com https://docs.google.com https://view.genial.ly https://vars.hotjar.com https://parking-widget.goabout.com/ https://*.bbvms.com/ https://embed.nkr-cijfers.nl https://*.caresharing.eu.  https://*.bluebillywig.com; connect-src 'self'  https://www.google-analytics.com https://view.genial.ly https://*.lightning.force.com https://in.hotjar.com/ https://stats.g.doubleclick.net https://radboudumc.bbvms.com/; object-src 'self';  2
frame-ancestors 'self' https://whisk.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; style-src 'self' 'unsafe-inline' https: ; frame-ancestors 'self' https://masterhost.ru https://*.masterhost.ru http://webvisor.com http://*.mtproxy.yandex.net https://mc.yandex.ru; frame-src 'self' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; font-src 'self' https: ; img-src data: 'self' https: ; connect-src 'self' https://yandex.ru https://*.yandex.ru https://*.yandex.net https://yastatic.net https://*.google.com https://*.google.ru https://*.google-analytics.com https://*.googleadservices.com https://*.googleusercontent.com https://www.gstatic.com https://www.youtube.com https://*.doubleclick.net https://s.ytimg.com https://*.livechatinc.com https://top-fwz1.mail.ru https://www.tns-counter.ru https://vk.com https://cp.masterhost.ru https://connect.facebook.net; 2
frame-ancestors *.firsthorizon.com 2
default-src 'self'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self'; img-src 'self' data:; object-src 'self'; frame-ancestors 'none'; connect-src 'self' https://api.transferwise.com; 2
frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com https://www.acquiaacademy.com https://app.veertly.com; report-uri /report-csp-violation 2
frame-ancestors 'self' *.blacknight.com *.blacknight.ie *.blacknight.blog *.blacknight.tech *.feedpress.me 2
frame-ancestors 'self' https://www.onbase.sharebase.com https://www.hyland.com https://www.communitylive.com https://www.onbase.com https://profiles.onbase.com; 2
default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com foerderrechner.bosch-thermotechnology.com; object-src data: 'self'; img-src http: bott-tc.nautilus bott-fs.nautilus https: bott-tc.nautilus bott-fs.nautilus data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2
img-src * data: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net/ https://*.webvisor.com/ https://*.yandex.ru/  https://*.yandex.com/ https://*.tile.openstreetmap.org/ https://*.adroll.com/  https://*.gartner.com/ https://*.consensu.org/  https://*.google.com/ https://google.com/  https://www.youtube.com/ https://www.gstatic.com/ https://*.facebook.net/ https://*.gstatic.com/ https://*.googleapis.com/  https://www.htbridge.com/ https://portal.htbridge.com/ https://portal.immuniweb.com/ https://www.google-analytics.com/ https://certify-js.alexametrics.com/ https://certify.alexametrics.com/ https://stats.g.doubleclick.net/ https://snap.licdn.com/ https://*.facebook.com/ https://*.linkedin.com/ https://secure.adnxs.com/ https://*.sharethis.com/ https://*.addthis.com/ https://*.addthisedge.com/; block-all-mixed-content; report-uri https://www.immuniweb.com/csp/ 2
default-src 'none'; connect-src 'self' https://lookup.binlist.net https://o73885.ingest.sentry.io/api/ https://*.fastmailusercontent.com; img-src 'self' data: blob: https://user.fm https://*.fastmailusercontent.com; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://api.pin.net.au https://api.stripe.com 'sha256-6A/FIGkEx0lTH46rbTmFIRLMlpjp0rIzYtNVWw/0E5c=' 'sha256-rrDJF2Q5CVEC42w/Hn4hVahrcQpHmN5m3pBRjdoM6Ns=' 'sha256-iCXxsET7zlAWnFxvWhVmmUn/6n3hDwTJxu+JbcI93Uw='; frame-src https://*.fastmailusercontent.com; child-src 'self' https://*.fastmailusercontent.com; worker-src 'self'; object-src 'self'; frame-ancestors 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; object-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com blob: *.snapengage.com; font-src 'self' *.googleapis.com *.gstatic.com data:; connect-src 'self' *; report-uri /report-csp-violation 2
policy-uri /'self' 2
frame-ancestors 'self' https://backend.diario26.com 2
frame-ancestors 'self'  wbpa.wdo.io ru.wotblitz.com eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 2
frame-src https://*; frame-ancestors *.chivas.com; 2
font-src 'self' www.alertlogic.com *.youtube.com *.fontawesome.com  *.intercomcdn.com *.google.com fonts.gstatic.com data: 'unsafe-inline' 'unsafe-eval' data:; 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' *.charlemagneinstitute.org *.chroniclesmagazine.org *.intellectualtakeout.org; frame-ancestors 'self' *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://charlemagne-vid.azureedge.net; img-src 'self' blob: data: * 2
default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 2
default-src 'self'; object-src 'self'; child-src 'self' ujet.co *.ujet.co; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.fuelcdn.com *.exacttarget.com *.adobe.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' kampyle.com *.kampyle.com mobileapi.locatorsearch.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' *.tvsquared.com google-analytics.com *.google-analytics.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline'  *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com; font-src 'self' data: kampyle.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' *.pardot.com ujet.co  *.go2bank.com *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com; 2
frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com; 2
frame-ancestors 'self' *.easymarkets.com 2
upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; 2
frame-ancestors 'self' https://*.metro.de https://*.metrosystems.net https://*.metro-group.com  https://app.optimizely.com https://cdn-assets-prod.s3.amazonaws.com 2
object-src 'self' data: blob: https://*.atende.net https://*.ipm.com.br https://nfs-e.net; block-all-mixed-content; form-action 'self' *.nfs-e.net https://*.ipm.com.br https://*.atende.net https://*.acesso.gov.br; frame-ancestors 'self' https://*.nfs-e.net https://*.ipm.com.br https://*.atende.net; 2
frame-ancestors 'self' https://*.usagym.org http://*.usagym.org http://*.usagymparents.com http://*.usagym.info http://*.gymnasticsfoundation.org https://*.gymnasticsfoundation.org http://*.usagymchamps.com https://*.usagymchamps.com http://usagymfans.us-east-1.elasticbeanstalk.com https://usagymfans.us-east-1.elasticbeanstalk.com http://*.kovendesign.com https://*.kovendesign.com https://wordpress-54524-1231354.cloudwaysapps.com; 2
frame-ancestors 'self' newjira.waterford.org mentor.waterford.org manager.waterford.org upstart.waterford.org teacher.waterford.org wacsportal.waterford.org wacs.waterford.org help.waterford.org 2
upgrade-insecure-requests ; default-src * 'unsafe-inline' 'unsafe-eval' data: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 2
default-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; frame-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com youtube.com *.youtube.com; font-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; img-src 'self' https: data: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google-analytics.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com; connect-src 'self' https: macroplant.com *.macroplant.com getsharepod.com *.getsharepod.com ibrowseapp.com *.ibrowseapp.com www.google.com; report-uri https://sentry.io/api/1438092/security/?sentry_key=c4f9287549384b1ebab3ca38ac17a0d3 2
frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;; report-uri /en-us/report-csp-violation 2
default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 2
default-src 'none'; img-src 'self' data: https://matomo.localethereum.com https://matomo.localcryptos.com https://blog.localcryptos.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.localethereum.com https://matomo.localcryptos.com; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' data: https://api.localethereum.com https://api.localethereumapi.com https://localcryptosapi.com https://api.localcryptosapi.com https://proxy.api.localethereumapi.com https://api.localethereum.dev.michael.pub https://localethereum-user-blobs.s3.amazonaws.com https://mainnet.infura.io wss://bridge.walletconnect.org; font-src 'self' https://fonts.gstatic.com; media-src 'self'; frame-src https://localethereum.com https://localcryptos.com https://cn.localcryptos.com https://www.youtube.com https://widget.portis.io https://x2.fortmatic.com; frame-ancestors https://myethvault.com https://localcryptos.com https://cn.localcryptos.com; manifest-src 'self'; base-uri 'self'; form-action 'self' 2
default-src 'self';img-src * data:;font-src 'self' fonts.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;media-src 'self' *.youtube.com player.vimeo.com;object-src 'self' *.youtube.com;script-src 'self' 'unsafe-inline';frame-src 'self' *.youtube.com player.vimeo.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.static.addtoany.com *.email.healthyeating.org *.surveygizmo.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org tagmanager.google.com use.typekit.net kit.fontawesome.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.email.healthyeating.org *.surveygizmo.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com *.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net kit-free.fontawesome.com script.hotjar.com; img-src 'self' *.email.healthyeating.org *.surveygizmo.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net i1.ytimg.com; media-src 'self' data: blob: https://www.youtube.com/; frame-src 'self' *.email.healthyeating.org *.hotjar.com *.youtube.com *.google.com *.gstatic.com *.arcgis.com *.choosemyplate.gov; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ *.hotjar.com *.gstatic.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; 2
upgrade-insecure-requests; frame-ancestors 'self' https://*.ed.gov; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https:; 2
frame-ancestors https://www.enelx.com https://d3eepfzwqopgtx.cloudfront.net https://d13hhoqz1xnrhs.cloudfront.net https://yourban.enelx.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org http://cdn.jsdelivr.net/ http://clients-liveguide01us.netop.com/ https://liveguide01us.netop.com/ http://cdn.pardot.com/ http://pi.pardot.com/ http://team.americaneagle.com/ http://www.googletagmanager.com/ https://snap.licdn.com/ https://ws.zoominfo.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com americaneagledev.blob.core.windows.net americaneaglestaging.blob.core.windows.net ameagle-assets.azureedge.net *.americaneagle.com/ http://clients-liveguide01us.netop.com/ https://liveguide01us.netop.com/ https://lg-us-files.s3.amazonaws.com/ https://americaneagle-staging.idevdesign.net/ https://px.ads.linkedin.com/ https://p.adsymptotic.com/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com/ http://americaneagledev.blob.core.windows.net/ https://team.americaneagle.com/; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com team.americaneagle.com https://lgapi-us.netop.com/ https://fonts.googleapis.com/ http://team.americaneagle.com/ http://clients-liveguide01us.netop.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ americaneagle.com www.americaneagle.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src blob:; worker-src blob:; frame-src https: data: 'unsafe-inline' 'unsafe-eval'; 2
default-src https:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' https://www.coke2home.com https://microapps.google.com https://shamiaanaskitchen.com https://restoline.vercel.app 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 2
default-src 'self'; media-src https://*.amazonaws.com/live.iap.static/; img-src *; script-src 'self' https://www.dynamicyield.com/ https://www.google-analytics.com/ 'sha256-kfxO7WVMRNMq7PDT0hFqH4U0oMzftgNJuHQz/57HMN0=' https://www.googletagmanager.com/ https://consent-notice.magix.com/ https://*.hotjar.com/; style-src 'self' 'unsafe-inline'; frame-src https://www.googletagmanager.com/ https://checkout.producerplanet.com/ https://*.hotjar.com/; connect-src 'self' https://www.google-analytics.com/ https://*.hotjar.com/ https://stats.g.doubleclick.net/ 2
frame-ancestors 'self' manager.perrotin.com; 2
frame-ancestors *.uninassau.edu.br *.uninabuco.edu.br *.sereducacional.com *.sereduc.com *.leiaja.com *.ung.br *.unama.br *.univeritas.com *.uninorte.com.br *.blackboard.com http://*.joaquimnabuco.edu.br http://*.unama.br *.gokursos.com *.ig.com.br http://*.ung.br *.uninabuco.digital *.facimed.edu.br *.unifacimed.digital *.unijuazeiro.edu.br; 2
frame-ancestors 'self' *.ally.com; 2
frame-ancestors 'self'; report-uri https://www.descartes.com/report-uri/enforce 2
frame-ancestors 'self' https://newapp.etracker.com; 2
connect-src 'self' https://*.arcot.com https://api.github.com https://api.mypurecloud.ie https://googleads4.g.doubleclick.net wss://carrier-pigeon.mypurecloud.ie https://*.qualtrics.com https://privacyportal.cookiepro.com https://app.altocloud.com https://*.pingdom.net https://*.twitter.com https://stats.g.doubleclick.net https://*.cludo.com https://*.bankofireland.com https://*.bsw-dev.net https://siteintercept.qualtrics.com https://www.google-analytics.com https://gmspri.boi.com https://gkcpri.boi.com https://gkcsec.boi.com https://analytics.google.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com 2
default-src 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://consent.jtl-software.de https://stats.jtl-software.de https://www.youtube.com https://maps.googleapis.com https://s.ytimg.com https://www.jtl-software.de https://jira.jtl-software.de https://*.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://code.jquery.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net data:; img-src 'self' https://bilder.jtl-software.de https://stats.jtl-software.de https://img.youtube.com https://*.ytimg.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://lh3.ggpht.com https://cbks0.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.ch https://www.google.de https://www.google.at https://www.google.pl https://www.google.com.ua https://www.google.com.pk https://www.google.hu https://www.google.co.uk https://www.google.dk https://www.google.br https://www.google.it https://www.google.ae https://www.google.ca https://www.google.hr https://www.google.com.au https://www.google.sk https://www.google.es https://www.googletagmanager.com https://www.google.com.tr https://www.google.cz https://www.google.be https://www.google.co.in https://www.google.ge https://www.google.nl https://www.google.lu https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://cdn.jtl-software.com data:; frame-src 'self' https://stats.jtl-software.de https://consent.jtl-software.de https://www.youtube.com https://jira.jtl-software.de https://www.google.com https://stats.jtl-software.de https://www.facebook.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com; form-action 'self' https://jtl-software.us9.list-manage.com https://www.paypal.com https://oauth2.api.jtl-software.com https://www.facebook.com https://checkout.jtl-software.com; base-uri 'self'; connect-src 'self' https://consent.jtl-software.de https://www.facebook.com https://www.google-analytics.com  https://stats.g.doubleclick.net https://bat.bing.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; report-uri https://report.api.jtl-software.com/csp/; 2
default-src 'self'; font-src 'self' data: https://use.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com; img-src 'self' data: https://p.typekit.net https://t.co https://www.google.co.za https://www.google.com https://www.gstatic.com https://ssl.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://eu-images.contentstack.com https://images.contentstack.io https://i.ytimg.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://lh3.googleusercontent.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://ws.sessioncam.com; frame-src https://www.youtube.com https://*.fls.doubleclick.net https://platform.twitter.com/ https://www.google.com/ https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://www.buzzsprout.com https://secure.rewards.sit.oldmutual.co.za https://secure.dcc.oldmutual.co.za https://e.issuu.com/; connect-src 'self' https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.sessioncam.com https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://b.ws.sessioncam.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://use.typekit.net https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com https://assets-qa.nonprod.my.oldmutual.co.za https://assets.my.oldmutual.co.za https://www.google.com https://www.gstatic.com https://nba-webchat-server-prod.my.oldmutual.co.za https://nba-webchat-server-qa.demo.nonprod.my.oldmutual.co.za https://d2oh4tlt9mrke9.cloudfront.net https://www.brighttalk.com https://www.pages06.net https://vds.issproxy.com https://vds.issgovernance.com https://ir.tools.investis.com https://otp.tools.investis.com https://irs.tools.investis.com https://optimize.google.com https://snap.licdn.com https://www.buzzsprout.com https://www.googleadservices.com; 2
frame-ancestors 'self' http://www.lipton.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /security-report.php 2
default-src https:; img-src 'self' data: *; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: *; connect-src 'self' *; frame-src 'self' *; frame-ancestors https://*.appleseeds.com https://*.blair.com https://*.drapers.com https://*.fingerhut.com https://*.gettington.com https://*.haband.com https://*.oldpueblotraders.com; 2
default-src 	'self' 	arriva.acquiadam.com 	twimg0-a.akamaihd.net 	*.arrivabus.co.uk 	*.betrad.com 	*.bing.com 	origin-analytics.braintree-api.com 	api.braintreegateway.com 	scontent-sjc3-1.cdninstagram.com 	d2c87l0yth4zbw.cloudfront.net 	pinimg.com 	polldaddy.com 	mixcoud.com 	https://soundcloud.com/player/ 	spapps.cosp 	play.spotify.edgekey.net 	facebook.com 	*.facebook.com 	facebook.co.uk 	*.ak.facebook.com 	star.c10r.facebook.com 	vupload2.t.facebook.com 	*.google.com 	youtube.l.google.com 	ytimg.l.google.com 	www.google-analytics.com 	googlesyndication.com 	www.googletagmanager.com 	googlevideo.com 	api.instagram.com 	instagram.com 	https://crowdfunding.justgiving.com/justgiving.com/ 	akamaiedge.net 	cloudfront.net 	fbcdn.netfbsbx.com 	www.paypal.com 	s-media-cache-ak0.pinimg.com 	s-passets-cache-ak0.pinimg.com 	pinterest.com 	www.slideshare.net 	soundcloud.com 	*.spotify.com 	apps.spotify.edgekey.net 	t.co 	*.tiqcdn.com 	twimg.com 	*.twitter.com 	twitter.com 	vimeo.com 	vimeocdn.com 	youtube.com 	*.youtube.com 	www.youtube-nocookie.com 	ytimg.com 	ekr.zdassets.com 	static.zdassets.com 	arrivabus.zendesk.com 	wss://*.zendesk.com 	wss://*.zopim.com 	'unsafe-inline' 	'unsafe-eval';        script-src 	'self' 	*.teads.tv 	apis.google.com 	assets.zendesk.com 	code.jquery.com 	*.facebook.net 	maps.googleapis.com 	p.teads.tv 	pay.google.com 	s.yimg.com 	static.zdassets.com 	tags.tiqcdn.com 	visitor-service-eu-central-1.tealiumiq.com 	widget-mediator.zopim.com 	www.google-analytics.com 	www.googletagmanager.com 	www.paypal.com 	www.paypalobjects.com 	sp.analytics.yahoo.com  www.googleadservices.com  clarity.microsoft.com  www.clarity.ms  www.microsoft.com  www.webinsights.com 	'unsafe-inline' 	'unsafe-eval';    connect-src 	'self' 	*.arrivabus.co.uk 	analytics.google.com 	api.braintreegateway.com 	arrivabus.zendesk.com 	client-analytics.braintreegateway.com 	collect.tealiumiq.com 	ekr.zdassets.com 	widget-mediator.zopim.com 	my.tealiumiq.com 	origin-analytics.braintree-api.com 	payments.braintree-api.com 	wss://widget-mediator.zopim.com 	www.google-analytics.com 	www.paypal.com 	stats.g.doubleclick.net 	s.yimg.com 	'unsafe-inline';      img-src 	'self' 	arrivabus.prod.acquia-sites.com 	collect.tealiumiq.com 	content.api.arrivabus.co.uk 	linkmaker.itunes.apple.com 	maps.googleapis.com 	maps.gstatic.com 	*.google.com 	s.yimg.com 	t.paypal.com 	www.facebook.com 	www.google.ie 	www.google-analytics.com 	www.googletagmanager.com 	www.gstatic.com 	*.teads.tv 	data: 	blob: 	'unsafe-inline';     media-src 	static.zdassets.com;      font-src 	'self' 	app-nc.global.ssl.fastly.net 	*.fls.doubleclick.net 	*.google.com 	arrivabus.cloudflareaccess.com 	assets.braintreegateway.com 	assets.zendesk.com 	fonts.googleapis.com 	fonts.gstatic.com;   frame-src  assets.braintreegateway.com  www.paypal.com 	pay.google.com 	9458815.fls.doubleclick.net 	www.youtube.com 	'self';     style-src 	*.arrivabus.co.uk 	assets.braintreegateway.com fonts.googleapis.com 	www.paypal.com 	vimeo.com 	www.youtube.com 	'unsafe-inline'; 2
frame-ancestors 'self' https://*.head.com https://*.head-test.com https://head.testing-varnish.symmetrics.de https://*.mares.com https://*.mares-test.com https://*.tyrolia.com https://*.tyrolia-test.com https://*.divessi.com https://*.divessi-test.com https://*.fischersports.com https://*.zoggs.com https://*.zoggs-test.com 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' https://torrents-igruha.org https://telegram.im https://moytorrent.ru https://k3node.com https://send-push.info https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me;img-src * data:;media-src *;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://torrents-igruha.org https://telegram.im https://moytorrent.ru https://k3node.com https://send-push.info https://www.google.com http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; connect-src 'self' https://torrents-igruha.org https://telegram.im https://k3node.com https://moytorrent.ru https://send-push.info http://youtube.com https://youtube.com http://www.youtube.com https://www.youtube.com http://*.amazonaws.com https://vk.com http://vk.com http://*.vk.com https://*.vk.com http://vk.me https://vk.me http://*.vk.me https://*.vk.me; 2
frame-ancestors 'self' *.cinradio.org:* *.wvxu.org:* *.wguc.org:*; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com  services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com verify.sheerid.com services.sheerid.com platform.twitter.com;frame-ancestors;frame-src download.lumion.com verify.sheerid.com services.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com;object-src none; 2
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 2
frame-ancestors 'self' https://admin.vbulletin.com/ https://www.vbulletin.com/ https://members.vbulletin.com/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ https://ssl.kaptcha.com/'; script-src * blob: 'unsafe-inline' 'unsafe-eval' ; object-src * 2
frame-ancestors https://*.trend.at http://*.trend.at; upgrade-insecure-requests; block-all-mixed-content 2
frame-ancestors http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com 'self'; 2
default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com 2
default-src * data: blob: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: www.googletagmanager.com *.nr-data.net js-agent.newrelic.com www.gstatic.com *.googleadservices.com *.cloudflare.com *.googleapis.com *.google.com *.googlesyndication services.postcodeanywhere.co.uk pcspe11111.pcapredict.com *.checkout.com *.purechatcdn.com *.purechat.com *.bing.com *.trustpilot.com *.facebook.com *.facebook.net *.google-analytics.com widget.gleamjs.io *.cetelem.es groups.tapatalk-cdn.com;  object-src 'none'; style-src data: blob: 'unsafe-inline' *; 2
frame-ancestors  *.marincounty.org *.marinpublic.com *.mcera.org *.marinfair.org *.marincountyhr.org *.marincountyparks.org *.marinhhs.org 2
default-src https: 'unsafe-inline' 'unsafe-eval'; 2
default-src  http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  http:; style-src http:  'unsafe-inline'; img-src 'self' data: http:; connect-src http:  ws:; 2
default-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au; script-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com player.vimeo.com cdn.monsido.com connect.facebook.net *.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com usercheck.vgso.vic.gov.au public.tableau.com *.openforms.com secure-ds.serving-sys.com bs.serving-sys.com; style-src 'self' 'unsafe-inline' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.googleapis.com tagmanager.google.com ui.chatbot.digital.vic.gov.au fast.fonts.net *.openforms.com; img-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.amazee.io tracking.monsido.com *.google-analytics.com *.g.doubleclick.net www.google.com *.google.com *.google.com.au *.hotjar.com *.hotjar.io wss://*.hotjar.com api.mapbox.com *.gstatic.com vic-bot.netlify.app secure.adnxs.com www.facebook.com i.ytimg.com www.google.com.eg www.google.com.co www.google.ie www.google.com.br www.google.co.jpwww.google.gr www.google.co.za www.google.co.uk www.google.com.mx www.google.com.na www.google.it www.google.rs www.google.com.sg www.google.co.id www.googletagmanager.com www.google.com.tr www.google.com.pk www.google.nl www.google.lk www.google.hr www.google.fr www.google.com.bo www.google.com.co www.google.com.om www.google.com.ua au-gmtdmp.mookie1.com lh3.googleusercontent.com; font-src 'self' data: www.vic.gov.au *.content.vic.gov.au content.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com; frame-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com www.vic.gov.au *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com *.vic.gov.au macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com *.podbean.com; connect-src 'self' www.vic.gov.au *.content.vic.gov.au content.vic.gov.au api.go.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.elastic.sdp.vic.gov.au *.hotjar.io *.google-analytics.com *.g.doubleclick.net api.ipify.org *.myvictoria.vic.gov.au *.api.mapbox.com discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au iam.twilio.com tsock.us1.twilio.com flex-api.twilio.com tsock.us1.twilio.com wss://tsock.us1.twilio.com www.facebook.com www.google.com secure-ds.serving-sys.com api.sdp.vic.gov.au; frame-ancestors 'self' *.lagoon.vicsdp.amazee.io *.vic.gov.au; report-uri https://sdpops.report-uri.com/r/d/csp/enforce; 2
default-src 'self' *.brilliantcollector.com  *.studio  *.hotjar.io  *.arena.im/  *.gstatic.com  in.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: edit.co.uk *.brilliantcollector.com  *.cookiebot.com *.allinleeds.com *.googleadservices.com giphy.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com stats.g.doubleclick.net googleadservices.com px.ads.linkedin.com static.ads-twiter.com facebook.com googleads.g.doubleclick.net t.co google.com googletagmanager.com hotjar.com *.hotjar.com snap.licdn.com *.twitter.com platform.twitter.com analytics.twitter.com connect.facebook.net apis.google.com; img-src * data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.allinleeds.com *.vimeo.com giphy.com latex.codecogs.com platform.twitter.com; font-src 'self' *.gstatic.com  data:; frame-src 'self' *.studio  https://public.flourish.studio  www.youtube.com *.vimeo.com *.cookiebot.com www.facebook.com *.facebook.com *.hotjar.com *.allinleeds.com giphy.com platform.twitter.com syndication.twitter.com; 2
frame-ancestors 'self' my.bethelcollege.edu my.betheluniversity.edu; 2
connect-src data: https: *.hotjar.com *.hotjar.io wss://*.hotjar.com; default-src https: *.hotjar.com *.hotjar.io;  worker-src * blob:;   media-src * blob:;img-src * data:; frame-src https: *.hotjar.com *.hotjar.io;    font-src 'self' data: *.hotjar.com *.hotjar.io *.azurewebsites.net cohrcdn.azureedge.net *.gstatic.com *.google.com *.doubleclick.net *.coherent.com *.google-analytics.com;  script-src *.facebook.net *.hotjar.com *.hotjar.io *.searchcdn.com addsearch.com *.addsearch.com *.gstatic.com *.google.com *.googletagmanager.com *.driftt.com *.azurewebsites.net cohrcdn.azureedge.net geoip-db.com *.wistia.net *.wistia.com *.googleapis.com *.resultspage.com *.coherent.com *.transifex.com  *.pardot.com *.google-analytics.com *.msecnd.net 'unsafe-eval' 'unsafe-inline';  style-src blob: *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net *.addsearch.com *.driftt.com *.azurewebsites.net cohrcdn.azureedge.net *.coherent.com *.resultspage.com *.transifex.com *.pardot.com  'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' z.moatads.com *.addthis.com *.addthisedge.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com translate.googleapis.com translate.google.com *.facebook.net *.twitter.com *.instagram.com *.twimg.com *.youtube.com *.vimeo.com; frame-ancestors 'self' admin.industriall-union.org; 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com ; 2
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net ;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content; 2
default-src 'self' https: data: blob:;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests; 2
frame-ancestors https://*.ionos.it https://ionos.it; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.adroll.com *.adroll.mgr.consensu.org *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.gleamjs.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: static.wax.io *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.csgofast.com *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.gleamjs.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.mgr.consensu.org *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com d1zi9q96rsh4iw.cloudfront.net;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.devfast.io *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.adroll.mgr.consensu.org *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com *.ajdfbkjab.ru wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com wss://*.devfast.io *.csgofast.com wss://*.csgofast.com *.csgofast123.com wss://*.csgofast123.com *.csgofast.tl wss://*.csgofast.tl *.csgocasino.ru wss://*.csgocasino.ru *.csgofast.ru wss://*.csgofast.ru *.dapubg.net wss://*.dapubg.net *.gojackpod.com wss://*.gojackpod.com *.rusgofast.ru wss://*.rusgofast.ru *.dapubg.com wss://*.dapubg.com *.csgofast4.com wss://*.csgofast4.com *.rucsgofast.ru wss://*.rucsgofast.ru *.pubgfast.com wss://*.pubgfast.com *.csgofastbackend.com wss://*.csgofastbackend.com *.cs2gofast.com wss://*.cs2gofast.com *.opdota2.com wss://*.opdota2.com *.demofast.ru wss://*.demofast.ru *.demogofast.com wss://*.demogofast.com *.csgetfast.com wss://*.csgetfast.com *.gainskins.com wss://*.gainskins.com *.casecsgo.com wss://*.casecsgo.com wss://*.xcsgofast.ru *.xcsgofast.ru wss://*.xcsgofast.com *.xcsgofast.com wss://*.csgofastx.com *.csgofastx.com wss://*.csgofastx.ru *.csgofastx.ru wss://*.csgfst.org *.csgfst.org;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.gleamjs.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com slots-prod.csgofastbackend.com d1phhoo4f618zo.cloudfront.net *.csgofast.com *.csgofast123.com *.csgofast.tl *.csgocasino.ru *.csgofast.ru *.dapubg.net *.gojackpod.com *.rusgofast.ru *.dapubg.com *.csgofast4.com *.rucsgofast.ru *.pubgfast.com *.csgofastbackend.com *.cs2gofast.com *.opdota2.com *.demofast.ru *.demogofast.com *.csgetfast.com *.gainskins.com *.casecsgo.com *.xcsgofast.ru *.csgofastx.com *.csgofastx.com *.xcsgofast.com *.csgfst.org;object-src 'none';report-uri //in.csgofast.com/csp; 2
frame-ancestors 'self' https://www.yammer.com/         https://customer.al-enterprise.com https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/;         child-src 'self' https://www.yammer.com/ https://customer.al-enterprise.com         https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/; 2
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src 'self' *.gotoassist.com *.dev-gotoassist.com fastsupport.com i1fastsupport.com stage.fastsupport.com 'unsafe-inline' 'unsafe-eval' data: *.getgo.com *.google.com *.google-analytics.com *.googleapis.com 2
default-src  'self'  https://*.myligue.fr     https://*.lfp.fr     https://*.ligue1.fr     https://*.ligue2.fr  https://*.googlesyndication.com/  https://www.tntv.pf     https://opt-out.ferank.eu;  media-src *  'self'     https://ooyalaeuwest.streaming.mediaservices.windows.net  blob:  https://www.tntv.pf     https://www.youtube.com     https://www.dailymotion.com;  font-src  'self'  data:  https://use.fontawesome.com  https://fonts.gstatic.com  https://player.ooyala.com  ;  script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://az416426.vo.msecnd.net  https://cdn.ampproject.org  https://cdn.syndication.twimg.com  https://ssl.google-analytics.com  https://player.ooyala.com  https://www.googletagmanager.com  https://www.google.com  https://www.gstatic.com  https://www.google-analytics.com     http://www.google-analytics.com  https://www.googletagservices.com  https://adservice.google.fr  https://adservice.google.com  https://*.googlesyndication.com  https://securepubads.g.doubleclick.net  https://connect.facebook.net  https://platform.twitter.com  https://analytics.ooyala.com  https://imasdk.googleapis.com  http://imasdk.googleapis.com  https://s0.2mdn.net     https://www.youtube.com     https://www.dailymotion.com     https://opt-out.ferank.eu     http://opt-out.ferank.eu     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr  http://player.ooyala.com  http://players.brightcove.net     https://players.brightcove.net  https://vjs.zencdn.net  https://analytics.ooyala.com/     https://www.instagram.com     http://*.opta.net     https://*.opta.net;  style-src  'self'  'unsafe-inline'  https://cdnjs.cloudflare.com  https://use.fontawesome.com  https://fonts.googleapis.com  https://player.ooyala.com/     https://platform.twitter.com     https://www.youtube.com     https://www.dailymotion.com     https://opt-out.ferank.eu     http://opt-out.ferank.eu     http://players.brightcove.net     https://players.brightcove.net     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr     https://www.instagram.com     http://*.opta.net     https://*.opta.net;  child-src  'self'  blob:     https://*.myligue.fr  https://www.google.com/  https://*.googlesyndication.com  https://player.ooyala.com/  https://platform.twitter.com/  https://staticxx.facebook.com/  https://syndication.twitter.com/  https://widgets.lfp.stats.com  https://l.ooyala.com/  https://imasdk.googleapis.com/     https://www.youtube.com     https://www.dailymotion.com     https://cartemercatoligue1.com     https://11type.lfp.fr     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr     https://snapshots.playingsurface.net  http://player.ooyala.com     http://players.brightcove.net     http://players.brightcove.net  http://l.ooyala.com     https://twitter.com     https://www.facebook.com     https://m.facebook.com     https://www.instagram.com     https://imasdk.googleapis.com  http://imasdk.googleapis.com     https://www.google-analytics.com     http://www.google-analytics.com     https://www.sporcle.com     ;  img-src  'self'     data:  https://www.google.com  https://*.doubleclick.net  https://*.googlesyndication.com  https://lspcridevglcdn.azureedge.net  https://lspemeintglcdn.azureedge.net  https://lspsapuatglcdn.azureedge.net  https://lsprubpreglcdn.azureedge.net  https://lspisphereglcdn.azureedge.net  https://ssl.google-analytics.com  https://stats.g.doubleclick.net  https://lfpimageproxy.azureedge.net  https://secure-cf-c.ooyala.com  https://player.ooyala.com     https://www.blogduparieur.com     https://publish.lfpstg.ooflex.net      https://syndication.twitter.com/     https://abs.twimg.com     https://platform.twitter.com     https://pbs.twimg.com     https://www.youtube.com     https://www.dailymotion.com     https://www.google-analytics.com     http://www.google-analytics.com     https://story.tl     https://widget.ausha.co     https://taghcountdown.909c.fr  https://metrics.brightcove.com     http://metrics.brightcove.com  https://cf-images.us-east-1.prod.boltdns.net     https://www.instagram.com     https://cf-images.eu-west-1.prod.boltdns.net     http://cf-images.eu-west-1.prod.boltdns.net     https://tarteaucitron.io     http://*.opta.net     https://*.opta.net;  connect-src  'self'  https://*.doubleclick.net     https://www.google-analytics.com  https://dc.services.visualstudio.com  https://metrics-api.librato.com  https://player.ooyala.com  https://licensing.bitmovin.com  https://*.mediaservices.windows.net     https://csi.gstatic.com  https://edge.api.brightcove.com  http://edge.api.brightcove.com  http://player.ooyala.com  http://manifest.prod.boltdns.net  http://house-fastly-signed-us-east-1-prod.brightcovecdn.com     https://house-fastly-signed-us-east-1-prod.brightcovecdn.com     https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com     http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com     https://bcbolt446c5271-a.akamaihd.net     https://*.googlesyndication.com     ;  frame-ancestors  'self'  ; 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 2
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * data:; font-src * data: 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://assets.scrivito.com https://matomo.rz.hs-heilbronn.de/ https://fiona8-backend.hs-heilbronn.de/; object-src 'none'; block-all-mixed-content 2
connect-src 'self' *.healthcatalyst.com *.6sc.co *.company-target.com *.doubleclick.net *.google.com *.google-analytics.com *.hotjar.com *.hotjar.io secure.adnxs.com wss://*.hotjar.com wss://*.hotjar.io *.mrpfd.com vimeo.com; default-src 'none'; font-src 'self' data: *.healthcatalyst.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.slidesharecdn.com; frame-src 'self' *.healthcatalyst.com *.addtoany.com *.bootstrapcdn.com hcdatascienceservices.com *.hotjar.com *.myworkdayjobs.com *.pardot.com *.youtube.com *.youtube-nocookie.com *.slideshare.net *.vimeo.com; img-src 'self' data: *.healthcatalyst.com *.6sc.co *.adnxs.com *.adsymptotic.com *.bidr.io *.bizible.com *.company-target.com *.doubleclick.net *.facebook.com *.google.com *.google.pt *.google-analytics.com *.googletagmanager.com *.glassdoor.com *.gravatar.com *.linkedin.com *.publishthis.com t.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.healthcatalyst.com *.6sc.co *.addtoany.com *.ads-twitter.com *.bizible.com *.bizographics.com *.demandbase.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.jsdelivr.net *.licdn.com *.mrpfd.com *.youtube.com *.ytimg.com *.lassomarketing.io *.lhmos.com *.pardot.com polyfill.io *.steelhousemedia.com *.twitter.com *.vimeo.com; style-src 'self' 'unsafe-inline' *.healthcatalyst.com *.bootstrapcdn.com *.google.com *.googleapis.com; base-uri ; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 2
default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';font-src https: data:;img-src https: data: 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src *.myheritage.de https://www.myheritage.de  'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://*.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://*.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com *.myheritage.de;media-src 'self' https://*.myheritage.com https://*.mhcache.com 2
frame-ancestors 'self' https://next.brella.io/ https://taikalyhty.shapespark.com/ https://tiet01mstr6v7esprep.dxcloud.episerver.net/ 2
default-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://static.zdassets.com https://ekr.zdassets.com https://allkeyshop.zendesk.com wss://allkeyshop.zendesk.com wss://*.zopim.com https://www.google-analytics.com http://cdn.sendpulse.com https://*.twitch.tv https://cdn.jsdelivr.net https://www.youtube.com https://widget.gleamjs.io https://gleam.io https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagservices.com https://ad.doubleclick.net 'unsafe-inline' data:; style-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://cdn.jsdelivr.net https://cdn.sendpulse.com 'unsafe-inline'; img-src 'self' https://*.allkeyshop.com https://*.allkeyshop.ru https://*.keyforsteam.de https://*.goclecd.fr https://*.clavecd.es https://*.cdkeyit.it https://*.cdkeypt.pt https://*.cdkeynl.nl https://*.keyforsteam.com https://cheapdigitaldownload.com https://*.cheapdigitaldownload.com https://*.steamkeybox.com https://v2assets.zopim.io https://static.zdassets.com data: https://steamcdn-a.akamaihd.net https://www.google-analytics.com https://static-cdn.jtvnw.net https://cdn.sendpulse.com https://*.gravatar.com https://graph.facebook.com https://i0.wp.com/www.allkeyshop.com https://platform-lookaside.fbsbx.com https://*.fbcdn.net https://*.googleusercontent.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://js.gleam.io https://static-cdn.jtvnw.net https://i.ytimg.com 2
frame-ancestors https://*.isracard.co.il https://*.americanexpress.co.il https://*.netapoz.com 2
default-src 'self' https://yukon.ca ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.gov.yk.ca https://ajax.googleapis.com https://yukon.ca https://widget.time.is; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://yukon.ca ; img-src 'self' https://yukon.ca data: https://analytics.gov.yk.ca https://*.tile.openstreetmap.org ; font-src 'self' https://yukon.ca https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.youtube.com https://www.instagram.com https://instagram.com ; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data: 2
frame-ancestors 'self' statistiques-opus-prod.chambres-agriculture.fr 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data: blob:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:;  2
object-src 'self'; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com;         connect-src * 'self' data: *.hubspot.com https://optimize.google.com;         frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net;        style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com;         media-src 'self' data: www.qualia.com;         object-src 'none';         upgrade-insecure-requests 2
default-src 'self' data: 'unsafe-inline' *; 2
script-src 'self' https://flat.io https://*.flat.io https://*.flat-cdn.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://*.youtube.com https://*.ytimg.com https://w.soundcloud.com https://player.vimeo.com https://*.stripe.com https://*.paypal.com https://*.algolianet.com https://*.algolia.net 'unsafe-inline' 'unsafe-eval' data: blob:;connect-src * wss://* data:;font-src 'self' https://*.flat-cdn.com https://fonts.gstatic.com;frame-src blob: *;base-uri https://flat.io https://*.flat.io;report-uri https://peoc.flat.io/api/25/csp-report/?sentry_version=5&sentry_key=24549ed8ab89447988b5ffba60385de7 2
default-src https: blob: data: 'unsafe-inline' 2
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https://*.guidehouse.com https://*.navigant.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.guidehouse.com https://*.navigant.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://ajax.googleapis.com https://optimize.google.com https://code.jquery.com https://img.en25.com https://s2090192166.t.eloqua.com https://www.youtube.com https://s.ytimg.com https://*.linkedin.com https://*.licdn.com https://siteimproveanalytics.com https://*.ceros.com https://*.mouseflow.com https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org; img-src 'self' data: https://*.guidehouse.com https://*.navigant.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://s2090192166.t.eloqua.com https://i.ytimg.com https://static.licdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://*.doubleclick.net https://*.siteimproveanalytics.io; style-src 'self' 'unsafe-inline' https://*.guidehouse.com https://*.navigant.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.youtube.com https://cdn.jsdelivr.net https://*.typekit.net https://cloud.typography.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org; font-src 'self' data: https://*.guidehouse.com https://*.navigant.com https://fonts.gstatic.com https://*.typekit.net; frame-src 'self' mailto: https://*.guidehouse.com https://*.navigant.com http://sdn.sitecore.net https://www.youtube.com https://navigant.postclickmarketing.com https://www.slideshare.net https://w.soundcloud.com https://platform.linkedin.com https://*.ceros.com https://optimize.google.com; child-src 'self' https://*.guidehouse.com https://*.navigant.com http://sdn.sitecore.net https://www.youtube.com https://navigant.postclickmarketing.com https://www.slideshare.net https://w.soundcloud.com; connect-src 'self' https://*.guidehouse.com https://*.navigant.com https://www.google-analytics.com https://*.cookielaw.org https://*.mouseflow.com; 2
frame-ancestors 'self' https://*.boditrax.com/; 2
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 2
frame-ancestors https://www.cedars-sinai.org/ https://patients.mycslink.org/ https://patients-dev.mycslink.org/ https://patients-test.mycslink.org/ https://patients-stage.mycslink.org/ 2
default-src 'self' gap: 'unsafe-inline';     script-src 'self'         data: https://cdn.amcharts.com         data: https://c.mql5.com/         data: https://cdn.ampproject.org/         data: https://content.mql5.com/         data: https://connect.facebook.net/         data: https://ifccd.net         data: www.google-analytics.com         data: www.googletagmanager.com         data: trade.mql5.com         data: https://ipinfo.io         data: https://ajax.cloudflare.com         'unsafe-eval' 'unsafe-inline';     frame-src 'self'         data: https://component.autochartist.com         data: https://www.tradays.com/         data: https://www.mql5.com         data: https://www.facebook.com         data: https://www.youtube.com/         data: https://chat.irifcm.asia/         data: https://chat.trifcm.asia/         data: https://chat.ifcmarkets.com         data: https://trade.mql5.com         data: *.googletagmanager.com;     object-src *;     style-src 'self'         data: https://ifccd.net         data: https://pr.ifccd.net         data: https://fonts.googleapis.com/css         'unsafe-inline';     img-src *         data: http://www.w3.org/;     font-src 'self'         data: https://ifccd.net         data: https://fonts.gstatic.com         data: https://fonts.googleapis.com         data: https://pr.ifccd.net;     connect-src *;  manifest-src 'self' data: https://ifccd.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8090 https://cdn.polyfill.io https://seal.verisign.com https://polyfill.io https://cdn.ravenjs.com; object-src 'self'; 2
frame-ancestors 'self' homedna.com *.homedna.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 2
frame-ancestors jillstein.nationbuilder.com 2
frame-ancestors 'self' http://jobcloud.ch http://*.jobcloud.ch http://jobs.ch http://*.jobs.ch http://jobup.ch http://*.jobup.ch http://ingjobs.ch http://ictcareer.ch http://jobs4sales.ch http://financejobs.ch http://medtalents.ch http://jobwinner.ch http://alpha.ch http://topjobs.ch http://*.jobscout24.ch http://impieghi.ch http://*.impieghi.ch http://*.stellenmarkt.ch http://*.rhenus.com https://www.rhenus-truckerjobs.com https://www.lager-mitarbeiter.de 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ https://*.twitter.com/ http://*.twitter.com/ http://*.amazon.com/ https://maps.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://sadmin.brightcove.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.twimg.com;object-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com http://brightcove.vo.llnwd.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css http://*.amazon.com/ https://fonts.googleapis.com/css https://*.twitter.com/ http://*.twitter.com/ https://*.twimg.com;img-src 'self' https://*.twitter.com/ https://*.twimg.com http://*.amazon.com/ http://*.twitter.com/ http://*.google-analytics.com data: https://maps.googleapis.com https://*.gstatic.com/ http://*.gravatar.com/ http://umbraco.tv/media;media-src 'none';frame-src 'self' https://secure.brightcove.com https://www.youtube.com/embed/ http://www.youtube.com/embed/ https://syndication.twitter.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://players.brightcove.net;font-src 'self' fonts.gstatic.com/s/;connect-src 'self' https://secure.brightcove.com https://sadmin.brightcove.com;report-uri /WebResource.axd?cspReport=true 2
frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 2
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' *; script-src-elem 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; style-src-elem 'unsafe-inline' 'self' *; font-src 'self' * data:  ; frame-src 'self' *; connect-src 'self' *; img-src 'self' * data:; 2
frame-ancestors 'self' http://*.cheltenham.ecctis.co.uk; 2
default-src 'self'; media-src 'self' blob: *.dna.ip-only.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' dev.virtualearth.net *.highcharts.com *.google-analytics.com *.googletagmanager.com *.qbrick.com *.googleapis.com blob:;  img-src 'self' data: http://mt1.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.openstreetmap.org *.virtualearth.net *.dna.ip-only.net; font-src 'self' fonts.gstatic.com;  frame-src 'self' *.vimeo.com *.youtube.com;  connect-src 'self' opencache.statkart.no *.google-analytics.com *.googletagmanager.com *.highcharts.com *.qbrick.com *.dna.ip-only.net wss://notification.qbrick.com/ i.ytimg.com; 2
default-src 'self'; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; font-src 'self' data:; frame-src 'self' 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: s7.addthis.com; manifest-src 'self'; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data:; frame-src *; connect-src *; media-src * blob:; object-src 'none'; worker-src * blob: 'unsafe-inline'; 2
frame-ancestors *.kfst.dk *.forbrug.dk *.stormraadet.dk *.forbrugerombudsmanden.dk *.energianke.dk *.forbrugereuropa.dk *.consumerombudsman.dk *.consumereurope.dk *.danishstormcouncil.dk *.energysuppliescomplaintboard.dk 2
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;frame-src 'self' *;font-src 'self' *;connect-src 'self' *;child-src 'self' * 2
frame-ancestors 'self' https://sunlifeassurance.experiencecloud.adobe.com https://sunlifeassurance.marketing.adobe.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 2
frame-ancestors 'self' https://partners.arozone.com https://treehousei.com https://www.impartner.com *.3sharecorp.com 2
frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 2
frame-ancestors 'self' http://www.magnumicecream.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2
default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 2
default-src 'self' northside-admin.dev.merge-digital.com locations-api.northside.dev.merge-digital.com geolocation-db.com emi.northside.dev.merge-digital.com locations-api.northside.production.merge-digital.com *.addthis.com www.google-analytics.com www.northside.com emi.northside.production.merge-digital.com northside.com northside.production.merge-digital.com firstdroplets.com stats.g.doubleclick.net portalclient.echo-cloud.com/22008portal/classenrollment/SearchListing.aspx svc.northside.production.merge-digital.com *.callrail.com *.google.com *.nxtbook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net www.docscores.com ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org northside-admin.dev.merge-digital.com geolocation-db.com cdnjs.cloudflare.com emi.northside.dev.merge-digital.com locations-api.northside.production.merge-digital.com *.addthis.com emi.northside.production.merge-digital.com www.googletagmanager.com bat.bing.com tagmanager.google.com www.googleadservices.com svc.northside.production.merge-digital.com *.callrail.com *.influxmd.com *.nxtbook.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com cdnjs.cloudflare.com northside-admin.dev.merge-digital.com *.fontawesome.com emi.northside.dev.merge-digital.com emi.northside.production.merge-digital.com *.addthis.com tagmanager.google.com svc.northside.production.merge-digital.com *.influxmd.com *.nxtbook.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com kendo.cdn.telerik.com netdna.bootstrapcdn.com cdnjs.cloudflare.com data: *.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.googleusercontent.com www.google.com www.googletagmanager.com *.doubleclick.net images.unsplash.com source.unsplash.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.addthis.com emi.northside.dev.merge-digital.com bat.bing.com northside.production.merge-digital.com emi.northside.production.merge-digital.com svc.northside.production.merge-digital.com; media-src 'self' data: blob: https://northside.production.merge-digital.com; frame-src 'self' www.google.com player.vimeo.com platform.twitter.com www.fox5atlanta.com videos.sproutvideo.com w3.cdn.anvato.net www.11alive.com 11alive.com www.facebook.com *.youtube.com www.northside.com northside.connecthealthcare.com *.doubleclick.net *.influxmd.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com google.com northside-admin.dev.merge-digital.com geolocation-db.com emi.northside.dev.merge-digital.com emi.northside.production.merge-digital.com locations-api.northside.production.merge-digital.com svc.northside.production.merge-digital.com *.influxmd.com; 2
frame-ancestors tvhayz.net tvhayzz.net 2
frame-ancestors https://*.1-grid.com/ 'self'; 2
frame-ancestors 'self' tvn24.pl *.tvn24.pl 2
frame-ancestors 'self' apply.v12finance.com 2
frame-src 'self' 7host.at my.matterport.com; 2
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com smrtsrc.com *.smrtsrc.com jahia-macpd-03.smartsource.local jahia-macpd-04.smartsource.local jahia-mactd-01.smartsource.local jahia-macdd-01.smartsource.local 2
default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 2
default-src 'self' *.persistent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://match.prod.bidr.io/  https://d26x5ounzdjojj.cloudfront.net/ https://plugins.eventable.com/ https://www.recaptcha.net/  https://add.eventable.com  https://twitter.com/ https://script.hotjar.com https://static.hotjar.com/ https://maxcdn.bootstrapcdn.com/ https://dn1f1hmdujj40.cloudfront.net  https://tagmanager.google.com https://googleads.g.doubleclick.net  https://www.google-analytics.com  https://www.googleadservices.com/ https://geolocation.onetrust.com https://cookiepro.blob.core.windows.net https://code.jquery.com https://pi.pardot.com/ https://go.persistent.com  http://www.persistent.com https://www.persistent.com  https://www.google.com/ https://www.gstatic.com  https://analytics.twitter.com https://t.co  https://px.ads.linkedin.com  https://snap.licdn.com https://static.ads-twitter.com/ https://optanon.blob.core.windows.net  https://web-analytics.engagio.com/  https://platform.twitter.com/ https://cdn.syndication.twimg.com  https://s.ytimg.com  https://www.youtube.com/ https://connect.facebook.net/ https://www.linkedin.com https://www.googletagmanager.com https://d3afnetdjufmcb.cloudfront.net/ https://cdn.syndication.twimg.co https://ajax.googleapis.com; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://fonts.googleapis.com  https://cookiepro.blob.core.windows.net https://use.fontawesome.com http://www.persistent.com https://www.persistent.com  https://optanon.blob.core.windows.net  https://fonts.googleapis.com/css 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://d3afnetdjufmcb.cloudfront.net/ https://*.twitter.com https://*.twimg.com;font-src 'self' https://script.hotjar.com  https://www.google-analytics.com https://use.fontawesome.com https://d3afnetdjufmcb.cloudfront.net/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;frame-src 'self' https://accounts.google.com/ http://cal.events https://outlook.live.com/ https://login.yahoo.com/ https://calendar.yahoo.com/  https://calendar.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://add.eventable.com/ https://vars.hotjar.com/ http://go.persistent.com/  https://bid.g.doubleclick.net/ http://get.adobe.com/  https://web.facebook.com/ https://www.google.com/  https://player.vimeo.com/ https://*.twitter.com/ https://player.zype.com/ https://connect.facebook.net/ https://www.facebook.com/ https://staticxx.facebook.com https://ebooks.persistent.com/ *.persistent.com https://www.youtube.com/ https://www.linkedin.com/ ; img-src 'self' https://www.google.com.np/  https://www.googletagmanager.com/  https://plugins.eventable.com/ https://add.eventable.com/  https://p.adsymptotic.com https://content.persistent.com https://px.ads.linkedin.com https://www.google.com https://www.google.co.in  https://ssl.gstatic.com https://www.gstatic.com https://cookiepro.blob.core.windows.net  http://www.persistent.com https://www.persistent.com https://t.co/  https://optanon.blob.core.windows.net  https://*.twitter.com  https://syndication.twitter.com  https://*.twimg.com/  https://d3afnetdjufmcb.cloudfront.net/ https://secure.gravatar.com https://www.google-analytics.com https://www.facebook.com/ https://stats.g.doubleclick.net https://i.vimeocdn.com/ https://img.youtube.com/  data:;connect-src 'self' https://stats.g.doubleclick.net/ http://go.persistent.com/  https://www.google-analytics.com  https://go.persistent.com https://com-thebigwillow-prod1.collector.snplow.net/ https://www.googleapis.com/  https://my.yoast.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com https://ws6.hotjar.com/  https://in.hotjar.com/ wss://ws6.hotjar.com  https://www.facebook.com/  https://www.linkedin.com/ https://www.quandl.com/; frame-ancestors 'self' https://accounts.google.com/  https://www.youtube.com;plugin-types application/pdf  application/x-shockwave-flash;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com/ https://www.facebook.com 2
frame-ancestors 'self' *.omronhealthcare.com http://10.196.1.55:8000; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.inbenta.chat:* wss://*.inbenta.io:* wss://*.inbenta.com:* http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://youtu.be http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.inbenta.chat:* http://*.inbenta.io:* http://*.inbenta.com:* http://*.go-mpulse.net http://*.akstat.io http://*.akamaihd.net http://cdn-akamai.mookie1.com http://*.userway.org http://claro.speedtestcustom.com http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://tags.tiqcdn.com/* https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.inbenta.chat:* https://*.inbenta.io:* https://*.inbenta.com:* https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://cdn-akamai.mookie1.com https://*.userway.org https://claro.speedtestcustom.com https://*.clarovideo.net https://*.claromusica.com; media-src mediastream:; 2
script-src 'self' 'unsafe-inline' www.google-analytics.com quadia.webtvframework.com code.createjs.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com data:;media-src 'self';frame-src 'self' g.jwpsrv.com www.youtube.com tools.eurolandir.com quadia.webtvframework.com ahold.hostedby.quadia.com aholddelhaize.projects.quadia.net streams.nfgd.nl;font-src 'self' ssl.p.jwpcdn.com;form-action 'self';report-uri /WebResource.axd?cspReport=true 2
frame-ancestors 'self' https://www.bharatpetroleum.com https://*.bpcl.in 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2
default-src http: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.cloudfront.net s3.amazonaws.com *.facebook.com *.facebook.net *.googleapis.com *.jquery.com *.polyfill.io *.twitter.com unpkg.com *.unpkg.com *.vimeo.com *.vimeocdn.com *.google-analytics.com *.newrelic.com *.nr-data.net ssgsales.com ssgecom.com *.ssgecom.com *.bsnsports.com *.art.bsnsports.com fonts.gstatic.com *.googletagmanager.com settings.luckyorange.net www.google.com www.gstatic.com code.highcharts.com maxcdn.bootstrapcdn.com *.typekit.net use.fontawesome.com *.fancloth.com *.squarespace.com www.googleadservices.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.xisecurenet.com *.paymetric.com *.zopim.com *.zdassets.com; connect-src 'self' *.cloudflare.com *.cloudfront.net s3.amazonaws.com *.facebook.com *.facebook.net *.googleapis.com *.jquery.com *.polyfill.io *.twitter.com unpkg.com *.unpkg.com *.vimeo.com *.vimeocdn.com *.google-analytics.com *.newrelic.com *.nr-data.net ssgsales.com ssgecom.com *.ssgecom.com *.bsnsports.com *.art.bsnsports.com fonts.gstatic.com *.googletagmanager.com settings.luckyorange.net www.google.com www.gstatic.com code.highcharts.com maxcdn.bootstrapcdn.com *.typekit.net use.fontawesome.com *.fancloth.com *.squarespace.com www.googleadservices.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.xisecurenet.com *.paymetric.com *.zopim.com *.zdassets.com wss://in.visitors.live wss://visitors.live wss://*.hotjar.com wss://widget-mediator.zopim.com; report-uri /v3/csp_report 2
default-src 'self'; connect-src 'self' s3.us-west-2.amazonaws.com/upload.com.fmod/uploads/ www.google-analytics.com/j/collect; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com; font-src 'self' cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com code.jquery.com blob:; img-src 'self' d1s9dnlmdewoh1.cloudfront.net d26jga8jjsa591.cloudfront.net www.google-analytics.com; frame-src 'self' www.youtube.com player.twitch.tv; media-src 'self' d26jga8jjsa591.cloudfront.net; worker-src 'self' blob: 2
default-src 'self' mailto: https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.addthis.com/ https://optimize.google.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com http://localhost:50029 https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://maps.googleapis.com https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com stats.g.doubleclick.net https://angular-ui.github.io https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://siteimproveanalytics.com/ https://policy.cookiereports.com/ https://connect.facebook.net https://*.twitter.com https://www.googleadservices.com/pagead/conversion_async.js https://v1.addthisedge.com https://v1.addthis.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com https://*.youtube.com https://s.ytimg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://*.twitter.com; img-src 'self' https://www.googletagmanager.com https://gowlingwlg.com *.google.com https://www.google.co.uk http://*.twimg.com https://*.twimg.com https://www.google.ca/ https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://us2.siteimprove.com stats.g.doubleclick.net data: https://*.twitter.com https://www.facebook.com https://px.ads.linkedin.com https://61281065.global.siteimproveanalytics.io https://p.adsymptotic.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' http://localhost:50029 https://s7.addthis.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /WebResource.axd?cspReport=true https://m.addthis.com; frame-src 'self' https://mozbar.moz.com/ https://edge.addthis.com/ https://optimize.google.com s7.addthis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.media-server.com https://*.slideshare.net https://*.vuturevx.com https://*.gowlingwlg.com https://cdn.yoshki.com/ https://w.soundcloud.com/ https://html5-player.libsyn.com https://player.vimeo.com https://*.twitter.com https://twitter.com https://www.google.com; media-src 'self' https://*.gowlingwlg.com http://*.libsyn.com 2
frame-ancestors 'self' https://www.we-online.de https://www.we-online.com https://www.we-online.fr 2
frame-ancestors 'self' https://*.saint-gobain.net:*; report-uri /report-csp-violation 2
default-src 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d10lpsik1i8c69.cloudfront.net https://www.google.com https://www.gstatic.com https://panel.acens.net https://*.searchcdn.com https://addsearch.com https://s0.2mdn.net https://connect.facebook.net https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://scripts.isl.teledemos.net https://www.googletagmanager.com https://track.adform.net https://s2.adform.net; connect-src 'self'  wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://yoast.com; img-src 'self' data: http://www.acens.com https://*.acens.com https://panel.acens.net https://secure.adnxs.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.entelgystats.com https://stats.sec.telefonica.com https://ajax.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.acens.com https://*.cloudfront.net https://app.addsearch.com https://ajax.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.acens.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.google.com https://www.facebook.com/ https://www.youtube.com/; 2
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.eu01.nr-data.net js-agent.newrelic.com sp.analytics.yahoo.com s.yimg.com userprotect.de.stihl-dns.net tagmanager.google.com www.google-analytics.com www.googletagmanager.com analytics-udg.netdna-ssl.com assets.adobedtm.com maps.googleapis.com typekit.net *.typekit.net *.adyen.com *.geoplugin.net *.openweathermap.org *.google.com *.google.de *.gstatic.com *.criteo.net *.criteo.com *.g.doubleclick.net *.facebook.net *.bing.com *.outbrain.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.mouseflow.com; connect-src 'self' s.yimg.com bam.eu01.nr-data.net *.youtube-nocookie.com *.google.com *.google.de analytics.google.com *.g.doubleclick.net *.bing.com stihl-sso.com stihl.tui-servicelayers.io ext.nonstoppartner.net www.google-analytics.com *.omtrdc.net *.demdex.net adobeioruntime.net *.adobeioruntime.net maps.googleapis.com typekit.net *.typekit.net *.mouseflow.com stihlb2bdocuments.blob.core.windows.net; img-src 'self' *.google.ch *.doubleclick.net *.rubiconproject.com *.smartadserver.com *.3lift.com *.adnxs.com *.yahoo.com *.casalemedia.com *.pubmatic.com *.360yield.com *.openx.net *.twiago.com *.adscale.de *.adform.net *.advertising.com *.teads.tv *.media.net *.yieldlab.net *.omnitagjs.com *.bidswitch.net *.sharethrough.com *.ivitrack.com *.e-planning.net *.stickyadstv.com *.tremorhub.com *.taboola.com *.googleusercontent.com *.youtube-nocookie.com *.atdmt.com *.criteo.net *.ytimg.com stats.g.doubleclick.net *.google.com *.google.de www.google-analytics.com www.googletagmanager.com *.facebook.com *.bing.com *.outbrain.com *.everesttech.net *.demdex.net *.omtrdc.net static.stihl.com *.stihlusa.com typekit.net *.typekit.net *.gstatic.com maps.googleapis.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com data: *.mouseflow.com *.stihl.e2c60971c7ab4045b5e9.westeurope.aksapp.io; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.typekit.net typekit.net fonts.googleapis.com fonts.gstatic.com data: *.mouseflow.com; frame-src 'self' userprotect.de.stihl-dns.net *.criteo.com e.video-cdn.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.demdex.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com static.stihl.com *.fls.doubleclick.net *.mouseflow.com; child-src 'self' *.mouseflow.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src https:; object-src 'none' 2
default-src 'self' https: data: blob: 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.ch *.gstatic.com *.launchdarkly.com *.instavid360.com *.hotjar.com *.intercom.io *.intercomcdn.com secure.adnxs.com acdn.adnxs.com *.googleadservices.com *.criteo.net *.criteo.com *.youtube.com *.ytimg.com cdn.cookielaw.org geolocation.onetrust.com bat.bing.com connect.facebook.net securepubads.g.doubleclick.net *.googletagservices.com adservice.google.ch tpc.googlesyndication.com *.da-services.ch *.adsafeprotected.com bs.serving-sys.com secure-ds.serving-sys.com tagger.opecloud.com beagle.dev.tda.link beagle.prod.tda.link https://assets.carforyou.ch https://emotional-takeover.carforyou.ch ad.doubleclick.net 2
default-src https://static.mailplus.nl/ https://*.printfriendly.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://*.googlesyndication.com/ https://*.googleapis.com/ 'self' 'unsafe-inline'; font-src https://*.gstatic.com/ 'self'; child-src  'self'; connect-src wss://*.hotjar.com/ https://pagead2.googlesyndication.com/ https://api.omappapi.com/ https://*.printfriendly.com/  wss://ws1.hotjar.com/ https://*.google-analytics.com/ https://9292.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.opmnstr.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ 'self'; frame-src https://crossmedia.mediasite.com/ https://*.crossmediaplatform.nl/ https://widgets.bnr.nl/ https://quadia.webtvframework.com/ https://*.printfriendly.com/ https://knmg.mediafiler.net/ https://player.vimeo.com/ https://*.magzmaker.com/ https://*.twitter.com/ https://twitter.com/ https://www.facebook.com/ https://player.bnnvara.nl/ https://*.soundcloud.com/ https://vgt.medischcontact.nl/ https://*.googlesyndication.com/ https://*.formdesk.com/ https://9292.nl/ https://www.google.com/ https://webforms.aboportal.nl/ https://open.spotify.com/ https://www.youtube-nocookie.com/ https://*.youtube.com/ https://*.hotjar.com/ 'self'; frame-ancestors  'self'; img-src http://www-medischcontact-tst-1.gxcloud.local/ http://www-medischcontact-tst.gxcloud.local/ http://www-medischcontact-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.net/ http://www-knmg-tst.gxcloud.local/  https://*.mailplus.nl/ https://*.printfriendly.com/ https://*.googleusercontent.com/ https://*.twimg.com/ https://*.twitter.com/ http://www.knmg.nl/ http://www-knmg.gxcloud.net http://www.medischcontact.nl/ http://www-medischcontact.gxcloud.net/ https://picsum.photos/ http://placehold.it/ https://unsplash.it/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.doubleclick.net/ https://*.google.com/ javascript:void(0) 'self' data:; media-src  'self'; object-src  'self'; script-src https://9292.nl/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 2
default-src 'self'; script-src 'self' 'unsafe-eval' *.google.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com connect.facebook.net www.gstatic.com 'sha256-7dmqZZLLX6D7vRUpOo9oGWybyT7OTprKV/MqzVtfazI=' 'sha256-TzsojWrmQgtU/VHh/nMPzSeEdhOtnUUSntGZa2kUBBQ=' 'sha256-kGUQiECb7HTB3+cdt9SV9OGtiju37vTHScB5TlU3tzo=' 'sha256-Q+VTwJHrRt12CC/tmuUH5RrdysEBkGfdK5o9EXpLUw8=' 'sha256-EM+M18hn/dpC/Uff86LJ5BTbX9rSLp99XXaruSXPkGs=' 'sha256-KugiFcHMHAQWm+zgnRUo6wBXcqGhqEhwgwBFIVflGFI='; style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: *.gstatic.com; connect-src 'self' *.dsers.com *.google-analytics.com stats.g.doubleclick.net *.sentry.io; child-src 'self' *.dsers.com *.aliexpress.com https://alitems.com *.google.com *.youtube.com; frame-ancestors 'self' *.dsers.com; base-uri 'self'; report-uri /cspreport 2
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ 2
script-src * 'self' 'unsafe-inline'; img-src * 'self' 'unsafe-inline' data: http://www.w3.org/2000; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 2
default-src 'self' https://derpicdn.net; script-src 'self' https://derpicdn.net; style-src 'self' https://derpicdn.net; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://derpicdn.net https://camo.derpicdn.net; block-all-mixed-content 2
worker-src 'self' 2
default-src 'none'; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' 		code.jquery.com 		maxcdn.bootstrapcdn.com 		netdna.bootstrapcdn.com 		ssl.google-analytics.com 		https://cse.google.com 		www.googleapis.com 		www.google-analytics.com 		www.google.com 		www.gstatic.com 		www.googletagmanager.com 		translate.google.com 		ajax.googleapis.com 		maps.googleapis.com 		translate.googleapis.com 		cdn.jsdelivr.net 		cdnjs.cloudflare.com 		polyfill.io 		pi.pardot.com; 	connect-src 'self' freegeoip.net; 	img-src 'self' blob: data: 		code.jquery.com 		www.google.com 		www.googleapis.com 		www.google-analytics.com 		www.gstatic.com 		images-na.ssl-images-amazon.com 		csi.gstatic.com 		clients1.google.com 		*.gstatic.com/images 		stats.g.doubleclick.net 		maps.gstatic.com 		maps.googleapis.com; 	style-src 'self' 'unsafe-inline' 		maxcdn.bootstrapcdn.com 		netdna.bootstrapcdn.com 		www.google.com 		translate.googleapis.com 		fonts.googleapis.com 		cdnjs.cloudflare.com 		code.jquery.com; 	font-src 'self' 		maxcdn.bootstrapcdn.com 		netdna.bootstrapcdn.com 		fonts.googleapis.com 		fonts.gstatic.com; 	object-src 'self'; 	frame-src 'self' www.google.com https://cse.google.com www.youtube.com 2
default-src 'self' *.mobistar.be *.cloudfront.net *.emsecure.net *.customersaas.com *.orange.be *.netdna-ssl.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com; object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; style-src 'unsafe-inline' 'self' *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com; img-src * blob: data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net; media-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com; frame-src 'self' * emsecure.net  *.orange.be; font-src 'self' *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com; connect-src 'self'  *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com  *.orange.be *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.app.khoros.com *.smooch.io; report-uri /fr/report-csp-violation 2
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net *.api.here.com *.wp.com lftracker.leadfeeder.com www.youtube.com www.youtube-nocookie.com s.ytimg.com; object-src 'self'; img-src * 'self' https: data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com dq4irj27fs462.cloudfront.net; style-src 'unsafe-inline' 'self' fonts.googleapis.com js.api.here.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com dq4irj27fs462.cloudfront.net *.api.here.com; connect-src 'self' blob: *.lancom-systems.de *.lancom-systems.com wss://chat.userlike.com chat.userlike.com api.userlike.com www.google-analytics.com *.doubleclick.net *.hereapi.com js.api.here.com ; media-src 'self' dq4irj27fs462.cloudfront.net blob: ; worker-src 'self' blob: ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.valcartier.com *.calypsopark.com gcv-static.azureedge.net gcv-cms-static.azureedge.net gcv-staging-static.azureedge.net gcv-dev-static.azureedge.net gcv-qa-static.azureedge.net gcv-qa2-static.azureedge.net gcv-qa3-static.azureedge.net www-gcv-static.azureedge.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.ticket-ops.com data: *.tripadvisor.ca *.tripadvisor.com *.jscache.com static.tacdn.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.google.com fonts.gstatic.com facebook.net *.facebook.com *.google.ca *.googleadservices.com *.doubleclick.net acuityplatform.com securecode.com *.securecode.com moneris.com *.moneris.com visa.com *.visa.com verifiedbyvisa.com *.verifiedbyvisa.com *.arcot.com *.vgdelivery.com vgdelivery.com *.cardinalcommerce.com cardinalcommerce.com *.online-metrix.net online-metrix.net securesuite.net *.securesuite.net az416426.vo.msecnd.net dc.services.visualstudio.com connect.facebook.net player.vimeo.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com http://youtube.com/iframe_api https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://player.vimeo.com/api/player.js https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www.googletagmanager.com/gtm.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://analytics.twitter.com/i/adsct https://tagmanager.google.com/debug https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://tagmanager.google.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js https://cdn1.readspeaker.com/script/9190/webReader/webReader.js https://cdn1.readspeaker.com/script/9190/webReader/ReadSpeaker.pub.Config.js https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Core.js https://cdn1.readspeaker.com/ *.lfeeder.com *.leadfeeder.com https://code.jquery.com/jquery-3.4.1.min.js https://www.googletagmanager.com/gtag/js https://twitter.com/ https://pi.pardot.com/pd.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js http://cdn1.readspeaker.com/script/11546/webReader/ https://pi.pardot.com/ https://go.soprasteria.de/ https://www.clarity.ms/ https://walls.io/js/ https://cdn.goldenbees.fr/ https://tag.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://www.youtube.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles-Button.css https://cdn1.readspeaker.com/script/9190/webReader/r/r974/ReadSpeaker.Styles.css https://cdn1.readspeaker.com/script/9190/webReader/r/ https://cdn1.readspeaker.com http://cdn1.readspeaker.com/script/11546/webReader/r/r1099/ReadSpeaker.Styles.css http://cdn1.readspeaker.com/script/11546/webReader/r/r1099/ReadSpeaker.Styles-Button.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/; media-src 'self' data: blob: https://lesjoiesducode.fr/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ https://www.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/ https://maps.google.com/ https://walls.io/ https://cdn.goldenbees.mgr.consensu.org/ https://s.surveyanyplace.com/; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ https://app-eu.readspeaker.com/ https://rstts-eu.readspeaker.com/ https://media-eu.readspeaker.com/ https://www.digitale-exzellenz.de/feed/ https://www.digitale-exzellenz.de/category/branchen/ https://www.digitale-exzellenz.de/tag/ https://www.instagram.com/ https://www.instagram.com/soprasteria_fr/ https://www.instagram.com/instagram/ *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.clarity.ms/ https://vendorlist.consensu.org/; 2
default-src 'none'; object-src 'self'; media-src blob: https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.lpsnmedia.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.hirslanden.ch https://*.infocentric.ch https://*.wistia.com https://*.medicosearch.ch https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; font-src 'self' data: https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.amazonaws.com https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://play.pod.co https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://*.lpsnmedia.net https://*.licdn.com https://sc-static.net https://*.liveperson.net https://*.google.ch https://*.ads-twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.elfsight.com https://uberall.com https://static-prod.uberall.com https://api.instacloud.io https://mediclinic.mediaplatform.com https://api.doctena.ch https://*.createsend.com https://cdn.dotcy.com.cy https://script.crazyegg.com https://testmcmebot.azurewebsites.net https://*.medicosearch.ch https://*.infocentric.ch https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://cdn.syndication.twimg.com https://csi.gstatic.com https://*.podcast.co https://*.pod.co https://*.radio.co https://code.jquery.com https://soundcloud.com/; connect-src 'self' https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://stats.g.doubleclick.net https://*.blueglass.io https://*.mediclinic.co.za https://*.podcast.co https://*.pod.co https://*.radio.co https://*.googleadservices.com https://*.elfsight.com https://uberall.com https://blog.hirslanden.ch https://er24.info https://*.typeform.com https://*.wistia.com https://*.litix.io https://www.facebook.com/ https://*.crazyegg.com https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.ads-twitter.com https://*.google.ch https://mediclinic.mediaplatform.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://cdn.dotcy.com.cy https://*.medicosearch.ch https://cloud.typography.com https://*.sprechzimmer.ch https://*.twitter.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com https://ton.twimg.com; frame-src 'self' https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.typeform.com https://*.doubleclick.ne https://play.pod.co https://*.onedoc.ch https://onedoc.ch https://vimeo.com/ https://*.vimeo.com/ https://*.brightcove.net/ https://mixlr.com/ https://*.mixlr.com/ https://*.liveperson.net https://*.lpsnmedia.net https://*.snapchat.com https://*.ads-twitter.com https://*.linkedin.com https://*.instagram.com https://*.mediclinic.com https://*.mediclinic.co.za https://mediclinic.mediaplatform.com http://mcairportrdauh.royalwebhosting.net https://*.google.ch https://*.twitter.com http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://*.doctena.com https://*.createsend.com https://*.google.com https://*.googletagmanager.com https://w.soundcloud.com/ https://cdn.dotcy.com.cy https://testmcmebot.azurewebsites.net https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.ch https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://*.business360.ch https://*.tourmkr.com https://*.matterport.com https://*.okadoc.com https://*.blueglass.io https://*.mediclinic.co.za https://*.ads-twitter.com https://*.google.ch http://*.mediclinicprime.co.za https://*.googleadservices.com https://*.elfsight.com https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://ton.twimg.com 2
base-uri 'self'; connect-src 'self'  *.edgy.app; media-src 'self'  *.edgy.app; frame-ancestors 'self'  *.edgy.app 2
default-src https: data: blob: wss://*.zopim.com wss://*.hotjar.com wss://*.noibu.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.actility.io *.cedexis.com cdnjs.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.twitter.com *.ytimg.com *.mgr.consensu.org; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-src *; img-src * data: blob:; font-src 'self' *.gstatic.com data:; media-src *; connect-src * 2
frame-ancestors 'self' https://www.hvfcuonline.org 2
frame-ancestors 'self' www.amway.com.au www.amway.co.nz www.amway.com.vn www.amway.my www.amway.sg www.amway.com.bn www.amway.com.ph admin.amway.my admin.amway.sg admin.amway.com.bn 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; 2
frame-ancestors 'self' *.qfc.cn *.tnc.com.cn www.zhidaoai.com *.aliyuncs.com *.aliyun.com *.ctcn.com.cn 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com *.republer.com 2
frame-ancestors 'self' https://beauty.magnet.com 2
-Report-Only '/some-report-uri'; 2
frame-ancestors https://bulbul.io 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://p.typekit.net https://fonts.gstatic.com https://siteimproveanalytics.com https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/ https://cdn.cookielaw.org;                                                          script-src 'self' 'unsafe-inline' 'unsafe-eval' https://view.ceros.com https://goodwin.photoshelter.com https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net http://cdnjs.cloudflare.com http://us1.siteimprove.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com https://photoshelter.com https://player.vimeo.com/ https://cdn.cookielaw.org  https://j.6sc.co;                                                          frame-ancestors 'self' http://goodwinlaw.com https://goodwinlaw.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io;                                                          frame-src 'self'  https://goodwin.photoshelter.com http://players.brightcove.net https://www.google.com https://www.youtube.com https://player.simplecast.com https://embed.simplecast.com https://players.brightcove.net https://ud.tiaa-cref.org https://view.ceros.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://w.soundcloud.com photoshelter.com https://player.vimeo.com/;                                                          img-src 'self' data: https://us1.siteimprove.com https://www.google-analytics.com https://nowexttype.com https://p.typekit.net https://www.googletagmanager.com https://cdn.yoshki.com https://61282325.global.siteimproveanalytics.io https://cdn.cookielaw.org;                                                          font-src 'self' https://fonts.gstatic.com https://advance.lexis.com https://use.typekit.net https://61282325.global.siteimproveanalytics.io;                                                          connect-src 'self' https://performance.typekit.net https://www.google-analytics.com https://61282325.global.siteimproveanalytics.io https://cdn.cookielaw.org;                                                          report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 2
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bhuntr.com *.bhuntr.com *.bountyhunter.co *.cloudfront.net *.google.com https://adservice.google.com.tw https://adservice.google.com https://*.googleadservices.com *.googletagservices.com *.googletagmanager.com *.googlevideo.com *.twitter.com *.intercom.io *.intercomcdn.com *.amplitude.com *.fullstory.com https://www.gstatic.com https://connect.facebook.net https://*.facebook.com https://securepubads.g.doubleclick.net https://www.youtube.com https://s.ytimg.com http://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.google.com https://static.doubleclick.net https://www.google-analytics.com https://publisherconsole.appspot.com https://scdn.line-app.com https://googleads.g.doubleclick.net cdn.ampproject.org *.sentry-cdn.com fullstory.com optimize.google.com d.line-scdn.net;img-src * data: 'self';font-src * data: 'self';connect-src * data: 'self' 2
frame-ancestors 'self' https://*.discover.com https://*.discoverfinancial.com https://*.adobe.com https://*.discoverihs.com https://www.discoverstudentloans.com 2
frame-ancestors 'self' temenos.seismic.com 2
default-src 'none'; form-action 'self' mailform.ntppool.org; frame-ancestors 'none'; connect-src 'self' 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntp.report-uri.com/r/d/csp/wizard 2
frame-ancestors 'self' https://*.moody.edu 2
font-src *.fontawesome.com *.bootstrapcdn.com *.photoslurp.com *.googleapis.com *.gstatic.com *.sia.eu 3ds.sia.eu 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.cardinalcommerce.com *.authorize.net *.facebook.com *.adyen.com 3ds.sia.eu * 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.authorize.net *.paypal.com *.iubenda.com *.facebook.com *.google.com https://player.vimeo.com *.test.adyen.com *.adyen.com *.photoslurp.com *.danieledallabona.com *.sia.eu 3ds.sia.eu *.arcot.com *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.magentocommerce.com *.www.google-analytics.com *.paypal.com *.ytimg.com *.doubleclick.net *.photoslurp.com *.facebook.com *.google.co.in *.google.com 'self' data: *.fizik.com https://www.google.it *.livestory.io *.test.adyen.com *.adyen.com *.zoorate.com *.feedaty.com https://black.bird.eu *.omtrdc.net *.placeholder.com dqwcrm8p9oclf.cloudfront.net *.cloudfront.net *.verifiedbyvisa.com * *.sia.eu 3ds.sia.eu *.amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.paypal.com *.ytimg.com *.google.com *.authorize.net *.braintreegateway.com *.signifyd.com *.livestory.io *.photoslurp.com *.youtube.com *.google-analytics.com *.iubenda.com *.googletagmanager.com *.facebook.net *.gstatic.com *.test.adyen.com *.adyen.com https://chimpstatic.com *.zoorate.com *.clerk.io *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.getfirebug.com *.bootstrapcdn.com *.photoslurp.com *.livestory.io *.googleapis.com *.zoorate.com dqwcrm8p9oclf.cloudfront.net *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livestory.io *.getfirebug.com *.photoslurp.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.photoslurp.com *.iubenda.com *.livestory.io *.dpm.demdex.net *.google.com *.googleusercontent.com *.google-analytics.com *.avada.io *.facebook.com *.doubleclick.net *.adyen.com *.amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 2
: script-src "self" 2
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 2
default-src 'self' *.projects-abroad.net ssl.google-analytics.com tagmanager.google.com fonts.googleapis.com www.google-analytics.com www.gstatic.com fonts.gstatic.com connect.facebook.net www.googletagmanager.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net static.hotjar.com script.hotjar.com js.hs-scripts.com js.hscta.net js.hsforms.net forms.hsforms.com js.hs-analytics.net cta-service-cms2.hubspot.com d10lpsik1i8c69.cloudfront.net code.jquery.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com native.testing.equest.com www.google.com *.docusign.net www.youtube.com youtu.be player.vimeo.com docs.google.com 'unsafe-inline' 'unsafe-eval' data: font;frame-src 'self' www.google.com www.youtube.com www.facebook.com staticxx.facebook.com orangehrm.orangehrm.com vars.hotjar.com bid.g.doubleclick.net forms.hsforms.com native.testing.equest.com *.amazonaws.com;connect-src 'self' *.orangehrm.com www.google-analytics.com settings.luckyorange.net vc.hotjar.com vc.hotjar.io in.hotjar.com;worker-src blob: 'self';img-src * 'self' www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: blob: 2
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com securityscorecard.qa securityscorecard.com *.cookiebot.com; default-src 'none'; object-src 'none'; img-src 'self' blob: data: https:; media-src 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' securityscorecard.com instant.securityscorecard.com data: https:; frame-src 'self' https:; connect-src 'self' https:; base-uri 'self'; form-action 'self' https: 2
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 2
default-src 'self' * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com data:;connect-src 'self' blob: *.bg.co.uk *.wgp-bgs.co.uk *.birdguides.com *.birdguides-cdn.com https://vimeo.com https://api.raygun.io https://apikeys.civiccomputing.com https://clapi.civiccomputing.com ws://am.freshrelevance.com http://am.freshrelevance.com *.traveldesk.io *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com *.g.doubleclick.net *.googlesyndication.com *.pbstck.com;base-uri 'self' 2
connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.index-education.com http://*.index-education.com http://*.datatables.net https://www.googleapis.com;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobe.com *.cloudflare.com https://www.googletagmanager.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr data:; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.tradingview.com https://storage.googleapis.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://res.wx.qq.com https://static.bitkan.com https://static.bitkan.net https://www.google-analytics.com https://www.googletagmanager.com https://hm.baidu.com https://www.sobot.com https://aeis.alicdn.com https://g.alicdn.com https://cf.aliyun.com https://ynuf.alipay.com https://static.geetest.com https://api.geetest.com https://monitor.geetest.com https://dn-staticdown.qbox.me; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://static.bitkan.com https://static.bitkan.net https://fonts.googleapis.com https://static.geetest.com https://dn-staticdown.qbox.me; font-src 'self' data: https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://static.bitkan.com https://static.bitkan.net https://fonts.gstatic.com https://at.alicdn.com; frame-src 'self' redpacket: https://www.tradingview.com https://player.bilibili.com https://files.bitkan.com https://mobile.bitkan.com  https://bitkan.com https://beta.bitkan.com https://static.bitkan.com https://static.bitkan.net https://www.sobot.com https://v.qq.com https://player.youku.com; connect-src 'self' https://static.bitkan.net https://www.tradingview.com https://files.bitkan.com https://img.szsing.com https://img.bitkan.net https://mobile.bitkan.com https://wapi.bitkan.com wss://s.btckan.com:8080 wss://imws.sobot.com:* https://sentry.io https://www.google-analytics.com https://stats.g.doubleclick.net https://hm.baidu.com https://upload.qiniup.com https://ynuf.alipay.com https://cors-anywhere.bitkan.com https://uplog.qbox.me https://api.qiniu.com ; object-src 'none' 2
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; connect-src 'self' wss: https:; font-src 'self' https: data:; frame-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'self' https: data:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
frame-ancestors 'self' *.eur.nl 2
frame-ancestors 'self' https://www.kabeldeutschland.de https://www.vodafone.de https://kabel.vodafone.de https://gigakombi.vodafone.de 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src 'self' https://www.googletagmanager.com; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://s.ytimg.com; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; child-src 'self' https://www.youtube.com; 2
default-src 'self' https://www.az.nl/  https://assets.bettyblocks.com/ https://fc1ad83dd5153fedf4ef6acc5fe38e77.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html https://pagead2.googlesyndication.com/; script-src 'self' 'nonce-EDNnf03nceIOfn39fn3rrv434sf2' 'nonce-EDNnf03nceIOfn39fn3rryy45vs' 'nonce-EDNnf03nceIOfn39fnhj8558utyb' 'nonce-ednnf03nceiofn39fn3rryy45vs' 'nonce-EDNnf03nceIOfn39fn3rrv434sf2' 'sha256-TMjildBygRLgzRoCdgno6yXlwCnoDNjlC0z7AZxq3cQ=' 'sha256-6hJDbhNRB5vWW/eYdEgyKKf/i9lkH5i3ca8pwcImK0E=' 'sha256-3MkmcnfMmUlpHY9NonnxTbBCuQaJk/UJl+Ov6j0aeVY=' 'sha256-b229rgn44JgbE+A8pRgqZWbP+MzJ6BwA8j/7dUCy+og=' 'sha256-v9T+xpWSU/YAQ+qN9D3+paJ8IpuAG2rBgGpYTsLfJig=' 'sha256-1aGb4Jp9WMxcZpDa7nNFXxMOEvlTV4NGvjJRvq0pnW0=' 'unsafe-eval' https://www.stanza.co/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.hsadspixel.net https://js.hs-banner.com  https://dff2h0hbfv6w4.cloudfront.net/ https://tagmanager.google.com/ https://js.hsforms.net/forms/ https://www.jscache.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://rum-static.pingdom.net/ https://securepubads.g.doubleclick.net/tag/js/ https://w.soundcloud.com https://api.soundcloud.com https://r1.surveysandforms.com/8e4i9o12-09352689 https://px.ads.linkedin.com/ https://www.tripadvisor.com/ https://www.tripadvisor.nl/ https://static.tacdn.com/ https://vars.hotjar.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/  https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.6/umd/popper.min.js https://www.googleadservices.com/ https://connect.facebook.net/ https://www.google.com https://www.google.nl https://assets.bettyblocks.com/ https://www.google.com/recaptcha/ https://a-az.ttf.zicht.nl/api/v3/ https://tickets.az.nl/  https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js  https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.18.0/jquery.validate.js https://code.jquery.com/ui/1.12.1/jquery-ui.min.js https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.10.0/js/lightbox.js https://www.gstatic.com/recaptcha/ https://code.jquery.com/jquery-3.3.1.min.js https://r1.surveysandforms.com https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ajax/libs/jquery/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ www.instagram.com/embed.js; style-src  'self' data: https://static.tacdn.com/ https://tagmanager.google.com/ https://assets.bettyblocks.com/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://pro.fontawesome.com/ https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.10.0/css/lightbox.min.css https://platform.twitter.com/ 'unsafe-inline';  font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ https://static.tacdn.com/ https://pro.fontawesome.com/ https://platform.twitter.com/; img-src 'self' data: https://ssl.gstatic.com/ https://forms.hsforms.com/ https://p.adsymptotic.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://www.tripadvisor.nl/img/ https://static.tacdn.com/ https://track.hubspot.com/ https://www.facebook.com/ https://pixel.sojern.com/ https://px.ads.linkedin.com/  https://p.travelsmarter.net/ https://tag.yieldoptimizer.com/ https://ib.adnxs.com/ https://assets.bettyblocks.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.nl/ https://stats.g.doubleclick.net/  https://az-development.bettywebblocks.com/ https://az-testing.bettywebblocks.com/ https://az-acceptance.bettywebblocks.com/ https://az.bettywebblocks.com/ https://cdnjs.cloudflare.com/ajax/libs/lightbox2/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ https://r1.surveysandforms.com/; frame-src 'self' https://tpc.googlesyndication.com/ https://forms.hsforms.com/ https://consentcdn.cookiebot.com https://stanza.co/ https://embed.kijk.nl/ https://w.soundcloud.com https://api.soundcloud.com https://twitter.com/ https://vars.hotjar.com/ https://www.instagram.com/ https://www.facebook.com/ https://assets.bettyblocks.com/ https://r1.surveysandforms.com/ https://docs.google.com/  https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/; connect-src 'self' wss://ws4.hotjar.com/api/v1/client/ws https://in.hotjar.com/ https://api.hubapi.com https://vc.hotjar.io/ https://securepubads.g.doubleclick.net/ https://pagead2.googlesyndication.com/ https://api.postcodeapi.nu/ https://www.google-analytics.com/ https://api.mixpanel.com/ https://www.stanza.co/ https://ppquj5g26c.execute-api.us-west-2.amazonaws.com/ https://a-az.ttf.zicht.nl/api/v3/ https://tickets.az.nl/  https://az-development.bettywebblocks.com/ https://az-testing.bettywebblocks.com/ https://az-acceptance.bettywebblocks.com/ https://az.bettywebblocks.com/ https://www.az.nl/; 2
frame-ancestors https://new.mospolytech.ru https://mospolytech.ru http://awards.ratingruneta.ru uplab.uplab.digital 2
default-src 'self' 'report-sample' *.google-analytics.com; script-src *; connect-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src *; frame-src 'self' *.youtube.com www.google.com bid.g.doubleclick.net mangomap.com; font-src 'self' fonts.gstatic.com data:; form-action 'self' https://checkout.globalgatewaye4.firstdata.com; upgrade-insecure-requests; report-uri /errors/cspreport.php; 2
default-src 'self' data: blob: gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://media-gsam.akamaized.net 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com data:; script-src 'self' https://polyfill.io https://assets.adobedtm.com https://ds-aksb-a.akamaihd.net https://*.gsam.com https://*.gs.com https://*.google.com https://snap.licdn.com https://*.gsacquisition.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.akamaized.net https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.demdex.net https://*.omtrdc.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com  https://*.gsamsymposium.com 'unsafe-inline' data:; object-src 'self'; child-src blob: gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self' https://t2.jiji.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.doubleclick.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://gsam.demdex.net https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self' https://www.commercefunds.com https://p.adsymptotic.com https://ds-aksb-a.akamaihd.net https://*.google.co.in https://*.google.co.uk https://*.google.ca https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it  https://*.google.com https://*.demdex.net https://*.gsam.com https://*.gs.com https://px.ads.linkedin.com https://*.doubleclick.net https://www.linkedin.com https://*.gs.com:28500 https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://cm.everesttech.net https://gsam.sc.omtrdc.net https://*.rocaton.com data:; style-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://conory.report-uri.io/r/default/csp/enforce 2
default-src 'self' data: blob: *.calibra.com *.novi.com *.fbcdn.net *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;upgrade-insecure-requests; 2
frame-ancestors 'self' cse.google.com; 2
default-src 'self'  http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://www.aparat.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com; img-src https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://1abzar.ir 'self' https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://www.aparat.com; frame-ancestors 'self' https://trustseal.enamad.ir 2
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com ajax.googleapis.com cdn.jsdelivr.net www.google-analytics.com platform.twitter.com platform.instagram.com syndication.twitter.com player.ooyala.com linkhelp.clients.google.com cdn.syndication.twimg.com js.gleam.io www.instagram.com www.recaptcha.net connect.facebook.net ; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com platform.twitter.com ajax.googleapis.com cdn.jsdelivr.net ; img-src * data:; media-src *; child-src 'self' www.google.com www.twitch.tv player.twitch.tv clips.twitch.tv www.youtube.com player.ooyala.com giphy.com plays.tv *.twitter.com www.instagram.com gleam.io viewer.autodesk.com open.spotify.com www.facebook.com ; frame-ancestors 'self'; font-src fonts.googleapis.com fonts.gstatic.com; connect-src 'self' tl.net; block-all-mixed-content; 2
default-src 'self'; frame-ancestors 'self' https://www.iil.slackandcompany.com/ https://iil.slackandcompany.com/ http://www.iil.slackandcompany.com/ http://iil.slackandcompany.com/ https://www.insideidealabs.com/ https://insideidealabs.com/ http://www.insideidealabs.com/ http://insideidealabs.com/ https://www.insideidealabs.com.ar https://insideidealabs.com.ar http://www.insideidealabs.com.ar http://insideidealabs.com.ar https://www.insideidealabs.de https://insideidealabs.de http://www.insideidealabs.de http://insideidealabs.de https://www.insideidealabs.pe https://insideidealabs.pe http://www.insideidealabs.pe http://insideidealabs.pe https://www.insideidealabs.com.br https://insideidealabs.com.br http://www.insideidealabs.com.br http://insideidealabs.com.br https://www.insideidealabs.jp https://insideidealabs.jp http://www.insideidealabs.jp http://insideidealabs.jp https://www.insideidealabs.eu https://insideidealabs.eu http://www.insideidealabs.eu http://insideidealabs.eu https://www.insideidealabs.co.kr https://insideidealabs.co.kr http://www.insideidealabs.co.kr http://insideidealabs.co.kr https://www.insideidealabs.kr https://insideidealabs.kr http://www.insideidealabs.kr http://insideidealabs.kr https://www.insideidealabs.cn https://insideidealabs.cn http://www.insideidealabs.cn http://insideidealabs.cn https://www.insideidealabs.com.cn https://insideidealabs.com.cn http://www.insideidealabs.com.cn http://insideidealabs.com.cn https://www.insideidealabs.mx https://insideidealabs.mx http://www.insideidealabs.mx http://insideidealabs.mx https://www.insideidealabs.sg https://insideidealabs.sg http://www.insideidealabs.sg http://insideidealabs.sg https://www.insideidealabs.asia https://insideidealabs.asia http://www.insideidealabs.asia http://insideidealabs.asia https://www.insideidealabs.co https://insideidealabs.co http://www.insideidealabs.co http://insideidealabs.co https://www.insideidealabs.co.uk https://insideidealabs.co.uk http://www.insideidealabs.co.uk http://insideidealabs.co.uk https://www.insideidealabs.uk https://insideidealabs.uk http://www.insideidealabs.uk http://insideidealabs.uk http://iildev.rivetagency.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; media-src 'self' *; connect-src 'self' *; frame-src  'self' *; style-src 'self' 'unsafe-inline' * 2
default-src 'self' https://www.youtube.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com https://code.jquery.com https://secure.gravator.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://azekco-media.s3.amazonaws.com https://s3.amazonaws.com https://www.google-analytics.com https://*.w.org https://secure.gravatar.com data:; font-src 'self' data:; 2
script-src 'unsafe-inline' 'unsafe-eval' * data: 2
frame-ancestors 'self' https://login.collector.se/ https://secure.collector.se/ 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 2
frame-ancestors 'self' blaetterkatalog.musicstore.de  ; 2
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
frame-ancestors 'self' https://mossrehab.healthpost.com;  2
frame-ancestors 'self' kiosk.bxgcorp.com 2
frame-ancestors 'self'; report-uri https://www.goodnes.com/report-uri/enforce 2
default-src 'self' https://connect.facebook.net/en_US/fbevents.js https://www.google.com/recaptcha/api.js https://fonts.gstatic.com/  https://fonts.googleapis.com https://www.googletagmanager.com ;script-src 'self'  'sha256-ZFgEXkseyEt3CFGjUxYUE6rV3zJeeINABgKRBELxcrM=' 'sha256-eHvlfSp4WdmxVEF62vHFKGeY5BrXBPmZer3n9XNFfyU=' 'sha256-7Ia7ivoj7HI/U+5g2XG9hbQ69AbUohgkE2T1pl/AAjE=' https://www.grupoanaya.es/js/btn_compra.js https://www.gstatic.com/ https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/recaptcha/releases/66WEle60vY1w2WveBS-1ZMFs/recaptcha__es.js https://www.gstatic.com/recaptcha/api2/v1566858990656/recaptcha__es.js https://connect.facebook.net/signals/config/1610730305895192  https://www.googletagmanager.com https://rec.smartlook.com/ https://track.oniad.com/ https://track.adform.net/  https://scontent.cdninstagram.com/  https://platform.oniad.com  https://track.adform.net/serving/scripts/trackpoint/async/  https://www.google-analytics.com/  https://www.googletagmanager.com https://api.instagram.com https://ajax.googleapis.com/* https://www.google.com/recaptcha/api.js ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/count/36c8c0  ;img-src * data: 'unsafe-inline';connect-src * 'unsafe-inline';frame-src *;base-uri 'self'; 2
frame-ancestors *.bilimal.kz *.mycollege.kz *.citorleu.kz *.cit-orleu.kz *.elumiti.kz *.fpp.kz *.presidentfoundation.kz 2
upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com *.my.slate.com 2
default-src 'unsafe-inline' https://landbot.io https://www.google.pl https://static.landbot.io https://emplocity.com https://stats.g.doubleclick.net https://use.fontawesome.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.youtube-nocookie.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl https://www.en.bgk.pl https://nowa.bgk.pl; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl https://www.en.bgk.pl https://nowa.bgk.pl; style-src 'unsafe-inline' https://www.google-analytics.com  https://www.google.pl https://static.landbot.io https://emplocity.com https://stats.g.doubleclick.net https://use.fontawesome.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.youtube-nocookie.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://*.bgk.pl https://www.en.bgk.pl https://nowa.bgk.pl blob: data:; img-src 'self'  https://www.google.pl https://static.landbot.io https://emplocity.com https://stats.g.doubleclick.net https://use.fontawesome.com https://system.erecruiter.pl https://skk.erecruiter.pl https://www.youtube.com https://www.youtube-nocookie.com https://www.emplocity.com https://*.googleapis.com  https://*.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.facebook.com https://*.bgk.pl https://www.en.bgk.pl https://nowa.bgk.pl data: 2
unsafe-inline 2
frame-src https://secure.livechatinc.com/ https://metroonlinepk.firebaseapp.com/ https://metro-online-web.firebaseapp.com/ https://app.adfilius.com/ https://bid.g.doubleclick.net/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2
default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; font-src 'self' data: https: *.fibi.co.il; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com 2
default-src 'none'; frame-src https://www.youtube.com/ https://www.figma.com/ ; img-src 'self' data: https://track.hubspot.com https://forms.hsforms.com https://analytics.helio.app https://js.intercomcdn.com https://static.intercomassets.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-scripts.com https://analytics.helio.app https://static.cloudflareinsights.com https://ajax.cloudflare.com https://js.intercomcdn.com https://widget.intercom.io https://www.googletagmanager.com https://d20luy73ujukeu.cloudfront.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://analytics.helio.app; object-src 'none'; media-src 'self' https://js.intercomcdn.com https://d20luy73ujukeu.cloudfront.net; font-src 'self' data: https://js.intercomcdn.com; connect-src 'self' https://forms.hubspot.com https://analytics.helio.app https://www.google-analytics.com https://api-m.helio.app *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; form-action *; frame-ancestors 'self' https://heatmap.it/; upgrade-insecure-requests; base-uri 'self'; 2
script-src 'unsafe-inline' 'unsafe-eval' *.museumofthehome.org.uk *.cloudflare.com *.aspnetcdn.com *.ajax.googleapis.com maps.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.addthis.com *.addthisedge.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.fonts.net; 2
default-src https://d27urz3c38hyx4.cloudfront.net; img-src https://d27urz3c38hyx4.cloudfront.net data:; style-src https://d27urz3c38hyx4.cloudfront.net 'unsafe-inline'; script-src https://d27urz3c38hyx4.cloudfront.net; connect-src 'self'; frame-src 'self'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'none' 2
default-src 'none'; style-src 'self' 'unsafe-inline' *.fr.ingdirect.intranet https://m.ing.fr/ https://dev.visualwebsiteoptimizer.com/static/0.5/styles/themes/ https://s3.amazonaws.com/vwo-surveys/theme/ https://fonts.googleapis.com/ http://app.vwo.com/ ; media-src 'self'; font-src 'self' https://www.ing.fr/assets/fonts/ https://app.vwo.com/assets/fonts/ https://fonts.gstatic.com/ ; object-src 'self'; connect-src 'self' https://dev.visualwebsiteoptimizer.com/analysis/ https://m.ing.fr/ https://www.google-analytics.com/j/ https://ampcid.google.com/v1/publisher:getClientId https://www.google.com/ads https://www.google.fr/ads https://amp-error-reporting.appspot.com/ https://stats.g.doubleclick.net/r/ https://ampcid.google.fr/ https://www.google-analytics.com/r/collect *.fr.ingdirect.intranet https://www.ing.fr/ https://services.opcvm360.com/api-v1/ https://cr-input.mxpnl.net/; img-src 'self' https://www.google.fr/ads/ https://www.google.com/ads/ https://news.ing.be/newsingbeimages/assets/ https://stats.g.doubleclick.net/r/collect/ data: http://chart.googleapis.com/ http://*.visualwebsiteoptimizer.com/ *.fr.ingdirect.intranet www.ing.fr www.google-analytics.com ssl.google-analytics.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://app.vwo.com/visitor-behavior-analysis/ https://www.google.com/jsapi http://b.mxpnl.net/cs/ http://trendtext.eu/metric/ http://trendtext.eu/ https://cse.google.com/cse/brand *.fr.ingdirect.intranet http://www.ing.fr www.google-analytics.com ssl.google-analytics.com www.google.com platform.twitter.com connect.facebook.net apis.google.com http://d5phz18u4wuww.cloudfront.net/ http://*.visualwebsiteoptimizer.com/ code.jquery.com; frame-src https://*.visualwebsiteoptimizer.com/ https://app.vwo.com/visitor-behavior-analysis/ https://fls.doubleclick.net/ https://*.fls.doubleclick.net/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ http://www.google.com/cse https://cse.google.com/cse; child-src 'self' https://cse.google.com/cse http://cse.google.com https://*.doubleclick.net https://*.youtube.com http://*.youtube.com https://apis.google.com/ http://www.google.com https://www.google.com http://r.turn.com https://r.turn.com http://platform.twitter.com/widgets https://accounts.google.com https://s-static.ak.facebook.com http://www.facebook.com/plugins;  2
frame-ancestors https://www.usgacardshop.com http://www.usgacardshop.com http://www.123print.com http://www.brookhollowcards.com http://www.cardsdirect.com https://www.123print.com https://www.brookhollowcards.com https://www.cardsdirect.com http://*.cardsdirect.com https://*.123print.com http://*.123print.com https://*.brookhollowcards.com http://*.brookhollowcards.com; 2
default-src 'self' *; script-src 'self' https://platform.twitter.com/widgets.js https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://www.calendarwiz.com https://cdn.plot.ly https://players.brightcove.net https://analytics.brightcove.net https://s0.2mdn.net https://adservice.google.com 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cbbb.realmagnet.land http://bbbprograms.org/Sitefinity/Authenticate/OpenID/assets/app.FormPostResponse.js https://tagmanager.google.com https://cdn.rlets.com https://bbbnp-bbbp-stf-use1-01.s3.amazonaws.com https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/plotly-latest.min.js:61 *; style-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://www.calendarwiz.com https://cbbb.wufoo.com https://players.brightcove.net 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://bbbprograms.org/ResourcePackages/Main/assets/dist/fonts/783096/F6A6A4055450D7ABE.css https://tagmanager.google.com https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/plotly-latest.min.js:61 https://cdn.plot.ly/plotly-latest.min.js; font-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com http://www.calendarwiz.com https://players.brightcove.net 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://bbbprograms.org/ResourcePackages/Main/assets/dist/fonts/783096/F6A6A4055450D7ABE.css; img-src *.s3.amazonaws.com https://www.calendarwiz.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://secure-cf-c.ooyala.com http://cf.c.ooyala.com https://players.brightcove.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com clients1.google.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.coms https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://t.co/i/adsct https://px.ads.linkedin.com https://stats.g.doubleclick.net https://p.adsymptotic.com; media-src http://cf.c.ooyala.com 'self' data: blob: https://cdn.rlets.com https://bbbnp-bbbp-stf-use1-01.s3.amazonaws.com; form-action 'self' https://cbbb.wufoo.com https://bbbprograms.org; frame-src *; child-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://www.google.com https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net http://imasdk.googleapis.com/ http://l.ooyala.com/ 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src *.google-analytics.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net https://licensing.bitmovin.com https://metrics-api.librato.com 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/world_110m.json; 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.googleadservices.com siteimproveanalytics.com *.doubleclick.net;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.fontawesome.com *.crowdriff.com;img-src 'self' localhost:* localtest.com:* *.jquery.com *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.crowdriff.com *.cloudfront.net *.doubleclick.net *.arrivalist.com *.google.com *.sa-as.com *.adnxs.com *.siteimproveanalytics.io *.linkedin.com *.facebook.com *.adsymptotic.com *.ytimg.com *.google.ca *.googletagmanager.com;media-src *.spindustry.com;frame-src *.spindustry.com *.google.com *.youtube.com *.facebook.com *.doubleclick.net *.moz.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.fontawesome.com;connect-src 'self' *.spindustry.com *.crowdriff.com *.fontawesome.com *.doubleclick.net *.google-analytics.com *.facebook.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com *.facebook.net *.facebook.com;frame-ancestors *.spindustry.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: track.yello.de *.usabilla.com *.cloudfront.net *.mouseflow.com *.ekomi.com *.wt-safetag.com *.doubleclick.net *.googleadservices.com *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com *.adform.net *.adjust.com *.dwin1.com *.awin1.com *.zenaps.com ad4m.at ad4m.de ad4mat.de *.yieldlab.net *.ad4m.at *.ad4mat.net *.ad4mat.de r.adserver01.de r.adc-serv.net r.df-srv.de *.adfarm1.adition.com *.adscale.de *.twiago.com ads.creative-serving.com imagesrv.adition.com secure.adnxs.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com t.nativendo.de *.youtube.com *.ytimg.com *.instagram.com *.twitter.com *.twimg.com *.ytimg.com *.twitch.tv *.mapbox.com *.mapbox localhost r.df-srv.de bat.bing.com analytics-udg.netdna-ssl.com connect.facebook.net amplify.outbrain.com *.taboola.com tr.outbrain.com *.redintelligence.net zenloop-website-overlay-production.s3.amazonaws.com hal9000.redintelligence.net api.zenloop.com www.redditstatic.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.thunderhead.com *.twitter.com *.twimg.com *.mapbox.com *.mapbox localhost;img-src 'self' data: blob: track.yello.de *.contentful.com *.ctfassets.net *.usabilla.com *.cloudfront.net *.mouseflow.com *.wcfbc.net *.google-analytics.com *.doubleclick.net *.google.com *.google.de *.gstatic.com *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.googleusercontent.com *.ytimg.com *.youtube-nocookie.com *.awin1.com *.tradedoubler.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.communicationads.net *.twitter.com *.twimg.com track.adform.net *.twimg.com ad4m.at *.yieldlab.net *.ad4m.at *.ad4mat.net r.adserver01.de r.adc-serv.net r.df-srv.de *.adfarm1.adition.com *.adscale.de *.twiago.com ads.creative-serving.com imagesrv.adition.com secure.adnxs.com *.adform.net d.adup-tech.com insight.adsrvr.org *.taboola.com www.facebook.com connect.facebook.net cx.atdmt.com bat.bing.com dsum-sec.casalemedia.com tr.outbrain.com amplifypixel.outbrain.com zenloop-assets.s3.amazonaws.com alb.reddit.com;frame-src *.usabilla.com *.cloudfront.net *.ekomi.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.adform.net *.awin1.com ad4m.at *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com yello.mitgedacht.nrw sales.tetraeder.solar *.twitch.tv *.instagram.com *.twitter.com *.taboola.com www.facebook.com *.redintelligence.net hal9000.redintelligence.net channels-api.zenloop.com;connect-src 'self' ws://localhost:8080 track.yello.de dc.services.visualstudio.com localhost:* *.mouseflow.com *.ekomi.com *.zenaps.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.nexcheck.de wss://*.nexcheck.de *.mapbox.com *.google-analytics.com *.taboola.com *.doubleclick.net bat.bing.com *.facebook.com channels-api.zenloop.com zenloop-website-overlay-production.s3.amazonaws.com api.zenloop.com;frame-ancestors 'self' *.yello.de localhost:* hal9000.redintelligence.net channels-api.zenloop.com 2
default-src 'none'; script-src 'self' 'unsafe-eval' cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com *.algolia.net *.algolianet.com mc.yandex.ru; style-src 'self' 'unsafe-inline'; img-src 'self' blog-images.clickhouse.tech data: mc.yandex.ru; connect-src 'self' mc.yandex.ru cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru www.youtube.com datalens.yandex; font-src 'self' data:; base-uri 'none'; form-action 'self'; frame-ancestors webvisor.com metrika.yandex.ru; prefetch-src 'self' 2
frame-ancestors http://*.iow.gov.uk 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtm.js https://tagmanager.google.com/debug https://ajax.googleapis.com/ajax/libs/jquery/ https://fonts.googleapis.com/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://fd10.formdesk.com/scripts/fd_general.js https://cdn.feedbackify.com/f.js https://cdn.feedbackify.com/dialog.js https://www.feedbackify.com/touch https://s3.amazonaws.com/fby-form/13644/d.js https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: http://www.royalfloraholland.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://i.ytimg.com/ https://cdn.feedbackify.com/img/classic/ https://dev.visualwebsiteoptimizer.com/v.gif https://s3.amazonaws.com/fby-form/13644/logo.jpg; font-src 'self' https://fonts.googleapis.com/ data:; frame-src 'self' *.royalfloraholland.com *.floraholland.nl https://www.google.com/ https://www.youtube.com/ https://forms.office.com/ https://www.formdesk.com/ https://fd10.formdesk.com/; connect-src 'self' https://fhctest.rimote.nl/myfloraholland/ https://fhc-acc.rimote.nl/myfloraholland/ https://community.royalfloraholland.com/myfloraholland/ 2
frame-ancestors 'self' bcaa.me 2
default-src 'self';script-src 'self' 'unsafe-inline' https://young.scot https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com http://www.googleadservices.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.google.co.uk https://googleads.g.doubleclick.net https://www.google.com https://*.vo.msecnd.net https://www.instagram.com http://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.tiktok.com https://s16.tiktokcdn.com https://sf16-scmcdn-sg.ibytedtos.com;style-src 'self' 'unsafe-inline' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net https://platform.twitter.com https://s16.tiktokcdn.com;img-src 'self' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://*.cdninstagram.com http://*.cdninstagram.com https://*.twitter.com https://*.twimg.com https://sf-tb-sg.ibytedtos.com data:;media-src 'self' https://young.scot https://ysprodportal.blob.core.windows.net https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com;font-src 'self' https://young.scot https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://s16.tiktokcdn.com;connect-src 'self' https://dc.services.visualstudio.com https://*.playbuzz.com http://*.playbuzz.com http://cdn.thinglink.me https://www.thinglink.com https://sf-hs-sg.ibytedtos.com;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.playbuzz.com http://*.playbuzz.com https://www.surveygizmo.eu http://cdn.thinglink.me https://www.thinglink.com https://www.google.com https://www.instagram.com http://www.instagram.com https://*.twitter.com https://prezi.com https://soundcloud.com https://w.soundcloud.com https://open.spotify.com https://www.tiktok.com https://www.facebook.com;report-uri https://stormid.report-uri.com/r/d/csp/enforce 2
connect-src 'self' disqus.com *.disqus.com *.disquscdn *.addthis.com *.gstatic.com *.googlesyndication.com 2
default-src 'self' *.fluvius.be cdn-fluvius.azureedge.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com maps.googleapis.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io *.hotjar.com https://*.geopunt.be static.ads-twitter.com analytics.twitter.com *.bizographics.com translate.google.com translate.googleapis.com  cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com  https://amp.cloudflare.com cdn.sparkcentral.com translate.googleapis.com cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net; img-src 'self' data: www.google-analytics.com *.gstatic.com maps.googleapis.com www.eandis.be stats.g.doubleclick.net www.facebook.com www.google.be www.google.com  https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io *.fluvius.be https://s3.eu-central-1.amazonaws.com blob: t.co *.linkedin.com translate.googleapis.com cdn-fluvius.azureedge.net  cdn-o-fluvius.azureedge.net https://cdn-eu.sparkcentral.com; media-src 'self' https://cdn.sparkcentral.com; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube-nocookie.com https://www.google.com https://www.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com *.hotjar.com datastudio.google.com; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.sparkcentral.com data:; connect-src 'self' www.google-analytics.com https://discovery.amp.cloudflare.com https://stats.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io *.geopunt.be *.hotjar.com *.hotjar.io translate.googleapis.com 79znwy2ew9.execute-api.eu-central-1.amazonaws.com; report-uri /report-csp-violation 2
default-src 'self'; frame-ancestors 'self' alemana.cl *.alemana.cl portal.alemana.cl; frame-src portal.alemana.cl * 'self' *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.clinicaalemana.cl *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com *.googletagmanager.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com *.google.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.aspnetcdn.com *.fontawesome.com *.google.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.google.com tagmanager.google.com *.twimg.com; img-src 'self' *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl *.clinicaalemana.cl stats.g.doubleclick.net *.google.com *.youtube.com *.google.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl *.alemana.cl i.stack.imgur.com *.cloudflare.com *.clinicaalemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.google.com data: blob: *.eloqua.com track.hubspot.com *.cloudfront.net; font-src 'self' *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' *.google-analytics.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl *.clinicaalemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com wss://ws1.hotjar.com ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net *.hotjar.io *.hotjar.com *.alemana.cl www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob: *.cloudfront.net; child-src 'self' *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com; 2
frame-ancestors http://www.liligo.fr http://cosearch.edreams.fr http://cosearch.govoyages.com http://cosearch.opodo.fr http://admin.liligo.fr http://www.cosearch.opodo.fr http://www.cosearch.edreams.fr http://www.cosearch.govoyages.com http://flights.sebogo.fr http://vol-v2.routard.com https://www.liligo.fr https://cosearch.edreams.fr https://cosearch.govoyages.com https://cosearch.opodo.fr https://admin.liligo.fr https://www.cosearch.opodo.fr https://www.cosearch.edreams.fr https://www.cosearch.govoyages.com https://flights.sebogo.fr https://vol-v2.routard.com https://local-b2c.corsair.fr https://run-b2c.corsair.fr https://pp2-b2c.corsair.fr https://www.corsair.fr https://local-ibev2.corsair.fr https://run-ibe.corsair.fr https://pp2-ibe.corsair.fr https://vols.corsair.fr 2
default-src 'self' blob:;connect-src 'self' wss: *.mywebinar.com *.mywebinar.io *.mywebinar.live myownconference.net *.myownconference.net v2.zopim.com widget-mediator.zopim.com widget-mediator.zdassets.com static.zdassets.com ekr.zdassets.com www.google-analytics.com stats.g.doubleclick.net chimpstatic.com yoast.com my.yoast.com;frame-src 'self' www.youtube.com www.google.com yoa.st;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.myownconference.com *.mywebinar.com *.mywebinar.net *.mywebinar.io www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.google-analytics.com ajax.googleapis.com v2.zopim.com widget-mediator.zopim.com widget-mediator.zdassets.com static.zdassets.com chimpstatic.com a.quora.com;img-src 'self' data: *;media-src 'self' blob: *.mywebinar.com *.mywebinar.net *.mywebinar.io myownconference.net *.myownconference.net v2.zopim.com static.zdassets.com;style-src 'self' 'unsafe-inline' *.mywebinar.com *.mywebinar.net *.mywebinar.io;font-src 'self' data: *.mywebinar.net *.mywebinar.io v2.zopim.com static.zdassets.com;object-src 'self' *.mywebinar.net *.mywebinar.io; 2
script-src-elem 'self' 'unsafe-inline' *; 2
default-src 'self' 'unsafe-inline' *.tableau.com *.vimeo.com *.youtube.com cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com fonts.gstatic.com www.google.com *.googleapis.com maps.gstatic.com developers.google.com tagmanager.google.com ssl.gstatic.com www.gstatic.com tagmanager.google.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com cdn.siteimprove.net data:; 2
frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://www.youtube.com https://connect.facebook.net; frame-src 'self' https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://transaction.hostedpayments.com https://certtransaction.hostedpayments.com https://*.afterdigital.uk https://skyway.honolulumuseum.org; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://services.postcodeanywhere.co.uk https://api.addressy.com https://skyway.honolulumuseum.org https://*.afterdigital.uk https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com; img-src 'self' https://skyway.honolulumuseum.org https://*.cdninstagram.com https://*.afterdigital.uk https://art.honolulumuseum.org https://t-bridge.s3.eu-west-1.amazonaws.com https://skyway-us-cms-assets.s3.us-east-2.amazonaws.com https://www.google-analytics.com https://www.instagram.com https://*.doubleclick.net; font-src 'self' 'unsafe-inline' data: 2
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com  *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com cdn.jsdelivr.net calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com 2
frame-ancestors 'none'; object-src 'none'; base-uri 'none'; 2
frame-ancestors 'self' *.career-inspiration.com *.pathmotion.com *.talent-soft.com; 2
'self'; 2
base-uri 'self' https://docs.helpscout.net/; child-src blob:; connect-src *; default-src 'self' https://api.luckyorange.com/ https://files.zadapps.info/islamqa.info/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://static-v.tawk.to/a-v3/fonts/ https://use.fontawesome.com/; frame-src 'self' https://cse.google.com/ https://djtflbt20bdde.cloudfront.net/ https://files.zadapps.info/ https://js.stripe.com/ https://optimize.google.com https://www.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/; img-src 'self' data: https://*.gstatic.com/ https://cdn.jsdelivr.net/emojione/assets/png/ https://clients1.google.com/generate_204 https://d10lpsik1i8c69.cloudfront.net/graphics/ https://files.zadapps.info/islamqa.info/ https://i.ytimg.com/ https://optimize.google.com https://static-v.tawk.to/a-v3/images/ https://stats.g.doubleclick.net/ https://www.google.com.tr/ads/ https://www.google.com/ads/ https://www.google.com/cse/static/ https://www.google.com/uds/ https://www.googleapis.com/generate_204 https://www.googletagmanager.com www.google-analytics.com/; media-src 'self' https://d10lpsik1i8c69.cloudfront.net/sounds/ https://files.zadapps.info/islamqa.info/ https://www.youtube.com/; object-src 'self' https://djtflbt20bdde.cloudfront.net/img/ https://files.zadapps.info/islamqa.info/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://cdnjs.cloudflare.com/ajax/libs/ https://ajax.cloudflare.com/cdn-cgi/scripts/ https://apis.google.com/ https://app.insignal.co/pixel/ https://cdn.ampproject.org/ https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cse.google.com/ https://d10lpsik1i8c69.cloudfront.net/ https://djtflbt20bdde.cloudfront.net/ https://embed.tawk.to/5e9ecbae69e9320caac5cb92/default https://js.sentry-cdn.com/ https://js.stripe.com/v3/ https://optimize.google.com/ https://static-v.tawk.to/683/languages/ar.js https://tagmanager.google.com/ https://use.fontawesome.com/ https://www.google-analytics.com/ https://www.google.com/cse/ https://www.google.com/jsapi/ https://www.google.com/recaptcha/api.js https://www.google.com/uds/api/search/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdnjs.cloudflare.com/ajax/libs/ https://d10lpsik1i8c69.cloudfront.net/css/ https://djtflbt20bdde.cloudfront.net/css/ https://fonts.googleapis.com https://optimize.google.com https https://tagmanager.google.com https://use.fontawesome.com https://use.fontawesome.com/ https://www.google.com/cse/ https://www.google.com/uds/api/search/; worker-src blob: 2
frame-ancestors 'self' https://ua.gov.il/ 2
frame-ancestors 'self' http://*.vseigru.net http://vseigru.net 2
script-src 'unsafe-inline' 'self' fonts.googleapis.com www.google.com www.gstatic.com recaptcha.msgapp.com cdn.ampproject.org www.google-analytics.com client-analytics.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.sandbox.braintreegateway.com js.braintreegateway.com marketing.suzohapp.com stats.g.doubleclick.net maps.googleapis.com maps.google.com ajax.googleapis.com mts1.googleapis.com www.kota3chat.com 2
media-src * 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:; 2
frame-ancestors 'self' *.inlinewarehouse.com www.icewarehouse.com www.derbywarehouse.com www.tennis-warehouse.com; 2
default-src 'self';connect-src https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://operateurtec.tt.omtrdc.net/ 'self' blob: ; script-src https://www.gstatic.com/charts/loader.js http://cdn.jsdelivr.net/momentjs/latest/moment.min.js https://connect.facebook.net https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net:443 https://www.google.com:443 https://maps.googleapis.com:443 https://www.googletagmanager.com/ https://tagmanager.google.com/ https://assets.adobedtm.com 'unsafe-inline' 'unsafe-eval' 'self';style-src https://fonts.googleapis.com:443 https://tagmanager.google.com/ 'self' 'unsafe-inline'; font-src https://fonts.gstatic.com:443 'self'; img-src https: data: 'self' 'unsafe-inline' https://ssl.gstatic.com/ blob:; frame-src https://*.letec.be https://*.youtube.com https://www.facebook.com/ https://player.vimeo.com:443 https://www.dailymotion.com:443; 2
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.twitter.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://static.zdassets.com https://static.ads-twitter.com; img-src * data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src https://contactnash.zendesk.com https://www.youtube.com; connect-src 'self' https://d2044444.sibforms.com https://www.google-analytics.com https://ekr.zdassets.com https://contactnash.zendesk.com wss://widget-mediator.zopim.com https://nashproxy.dev.nash.io; object-src 'none'; media-src 'self' https://static.zdassets.com; 2
script-src 'self'  http://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widgetapi.js http://s.ytmig.com https://s.ytimg.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widget.js https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://www.gstatic.com/ https://www.google.com/recaptcha/api.js http://www.google.com/recaptcha/api.js https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com http://maps.googleapis.com https://ssl.google-analytics.com http://ssl.google-analytics.com https://connect.facebook.net http://tagmanager.google.com https://assets.adobedtm.com http://assets.adobedtm.com http://jscdn.appier.net http://track.adform.net https://track.adform.net http://track.omguk.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ 'unsafe-inline' 'unsafe-eval'; object-src 'self'; default-src 'self' https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ http://wogadobeanalytics.sc.omtrdc.net/ *.appier.net *.doubleclick.net www.youtube.com *.google.com *.google.com.sg; img-src 'self' data: https://wogadobeanalytics.sc.omtrdc.net/ http://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ *.google-analytics.com *.appier.net *.doubleclick.net ssl.socdm.com *.facebook.com *.google.com.sg *.google.com http://va.ecitizen.gov.sg https://va.ecitizen.gov.sg i.ytimg.com *.onemap.sg; connect-src 'self' http://va.ecitizen.gov.sg https://va.ecitizen.gov.sg developers.onemap.sg https://*.wogaa.sg http://*.wogaa.sg https://dpm.demdex.net/ http://dpm.demdex.net/ *.appier.net; style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg; font-src 'self' data: https://assets.wogaa.sg/fonts/ https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg *.amazonaws.com; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' data: 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src 'self' ; frame-src * 'self' ;  2
style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com  https://platform.twitter.com https://assets.mofoprod.net/static/; worker-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://assets.mofoprod.net/static/ https://embed.typeform.com; media-src 'self' https://s3.amazonaws.com/mofo-assets/foundation/video/; img-src * data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://assets.mofoprod.net/static/; default-src 'none'; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; connect-src *; frame-src 'self' https://www.youtube.com  https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://devopstypeform.typeform.com; frame-ancestors 'none' 2
default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://*.mhcache.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src *.myheritage.pl https://www.myheritage.pl  'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://*.nr-data.net https://*.mk-sense.com https://code.jquery.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://*.nr-data.net https://sentry.io https://capture.trackjs.com https://*.bing.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com 2
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 2
default-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io https://www.googletagmanager.com https://cdn.taboola.com data:; script-src 'self' *.bootstrapcdn.com *.rawgit.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io https://tdns4.gtranslate.net  https://www.googletagmanager.com https://cdn.taboola.com https://s.yimg.com https://sp.analytics.yahoo.com https://sc.lfeeder.com https://www.googleadservices.com https://googleads.g.doubleclick.net data:; img-src * 'self' data:; media-src 'self' *.youtube.com *.ltts.com; frame-src  *.ltts.com *.linkedin.com *.youtube.com youtube.com *.facebook.com *.twitter.com www.google.com *.google.com *.hotjar.com https://www.easytourz.com/; connect-src 'self' https://tdns4.gtranslate.net https://mc.yandex.ru https://in.hotjar.com https://www.linkedin.com https://translate.googleapis.com https://vc.hotjar.io https://www.google-analytics.com https://trc.taboola.com https://s.yimg.com https://bam.nr-data.net; report-uri /report-csp-violation 2
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 2
default-src 'unsafe-eval' 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; connect-src *; font-src * data: 2
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src 'self' https://submit.jotform.com/ https://form.jotform.com/ https://www.youtube.com/ https://lpcdn.lpsnmedia.net/ https://sy.msg.liveperson.net/ https://sy.idp.liveperson.net/ https://www.facebook.com/ https://m.facebook.com/ https://omny.fm/ https://cdn.flipsnack.com/ https://player.vimeo.com/ https://roller.app/ https://www.google.com/; connect-src 'self' https://weather-ydn-yql.media.yahoo.com https://www.google-analytics.com/ wss://sy.msg.liveperson.net/ws_api/account/1987918/messaging/consumer; media-src 'self' https://lpcdn.lpsnmedia.net/; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
style-src 'self' 'unsafe-inline' *.wales.ac.uk 2
frame-src 'self' *.abtasty.com *.affirm.com *.account.amazon.com www.amazon.com api-cdn.amazon.com payments.amazon.com static-na.payments-amazon.com payments-sandbox.amazon.com  www.assayassured.co.uk *.bugherd.com members.cj.com www.emjcd.com cj.dotomi.com *.criteo.net *.criteo.com connect.facebook.net lookaside.facebook.com staticxx.facebook.com m.facebook.com web.facebook.com www.facebook.com *.flagship.io checkout.getbread.com checkout-sandbox.getbread.com bid.g.doubleclick.net cm.g.doubleclick.net www.google.com www.googletagmanager.com pay.google.com beacon-v2.helpscout.net license.icopyright.net player.idomoo.com *.jewlr.com assets-jewlr.netdna-ssl.com *.jwl.io *.safyre.dev *.justuno.com *.jst.ai *.leefiori.com *.leefiori.ca www.locize.app www.paypalobjects.com www.paypal.com www.sandbox.paypal.com www.resellerratings.com apm.scoutapp.com scoutapm.com tr.snapchat.com js.stripe.com cdn.tangiblee.com widget.tangiblee.com *.trustpilot.com platform.twitter.com syndication.twitter.com player.vimeo.com www.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.abtasty.com cdn.segment.com cdn.mxpnl.com api.addressnow.co.uk d.adroll.com s.adroll.com *.affirm.com tracker.affirm.com calculator.affirm.com mpsnare.iesnare.com api-cdn.amazon.com payments.amazon.com static-na.payments-amazon.com payments-sandbox.amazon.com apay-us.amazon.com cdn.amplitude.com d24n15hnbwhuhn.cloudfront.net www.assayassured.co.uk bat.bing.com js.braintreegateway.com *.bronto.com c.bron.to *.bugherd.com d2wy8f7a9ursnm.cloudfront.net d2iiunr5ws5ch1.cloudfront.net paypalus.cloud-iq.com ajax.cloudflare.com static.cloudflareinsights.com members.cj.com *.convertexperiments.com *.criteo.net *.criteo.com connect.facebook.net lookaside.facebook.com staticxx.facebook.com web.facebook.com www.facebook.com *.flagship.io fb33ac4224ea.cdn4.forter.com 621e092954a3.cdn4.forter.com d35u1vg1q28b3w.cloudfront.net *.forter.com:* cdnjs.cloudflare.com media-akam.licdn.com edge.fullstory.com rs.fullstory.com www.fullstory.com fullstory.com *.getbread.com www.googletagmanager.com apis.google.com www.google.com *.googleapis.com ssl.google-analytics.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net www.googleadservices.com pippio.com cm.g.doubleclick.net optimize.google.com tagmanager.google.com www.google.ca www.jewlr.co.uk www.jewlr.com.au pay.google.com beacon-v2.helpscout.net license.icopyright.net player.idomoo.com assets-jewlr.netdna-ssl.com *.jewlr.com blob: builder-jewlr.netdna-ssl.com ca-j4-assets-jewlr.netdna-ssl.com j4-assets-jewlr.netdna-ssl.com jo-assets-jewlr.netdna-ssl.com ps-j4-assets-jewlr.netdna-ssl.com user-uploads-jewlr.netdna-ssl.com render-jewlr.netdna-ssl.com renderb-jewlr.netdna-ssl.com static-jewlr.netdna-ssl.com staticv-jewlr.netdna-ssl.com daga8y6cp8j63.cloudfront.net *.jwl.io *.safyre.dev *.justuno.com *.jst.ai *.leefiori.com *.leefiori.ca www.paypal.com www.paypalobjects.com paypal.adtag.where.com rum-static.pingdom.net s.pinimg.com www.resellerratings.com cdn.rollbar.com apm.scoutapp.com scoutapm.com shopperapproved.com www.shopperapproved.com cdn.siftscience.com d1gzz21cah5pzn.cloudfront.net www.sitejabber.com sc-static.net js.stripe.com cdn.tangiblee.com api.tangiblee.com static.bytedance.com s0.ipstatp.com sf19-scmcdn-va.ibytedtos.com *.trustpilot.com platform.twitter.com player.vimeo.com staticw2.yotpo.com; frame-ancestors https://*.jewlr.com https://*.leefiori.com https://*.leefiori.ca https://*.safyre.dev; report-uri /csp_report 2
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com pwna4hope.org; report-uri http://www.nativepartnership.org/site/XFrameViolation 2
default-src 'self' https:; font-src 'self' https: data: data://* use.typekit.net; img-src 'self' https: data: my.raspberrypi.org profiles-production.s3.eu-west-1.amazonaws.com p.typekit.net images.ctfassets.net; object-src 'none'; script-src 'self' https: data: 'unsafe-inline' www.google-analytics.com www.googletagmanager.com use.typekit.net tagmanager.google.com; style-src 'self' https: 'unsafe-inline' use.typekit.net; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://api.postcodes.io https://www.google-analytics.com https://*.typekit.net https://api-cdn.embed.ly https://*.stripe.com; frame-ancestors 'self' https://trinket.io https://*.trinket.io; report-uri https://raspberrypi.report-uri.com/r/d/csp/enforce 2
default-src 'none'; script-src 'unsafe-inline' 'self' 'unsafe-eval' *.payengine.de mc.yandex.ru googleadservices.com rum-static.pingdom.net *.paypal.com *.googletagmanager.com *.google-analytics.com googleadservices.com *.sovido.de *.bing.com cdn.dictum.com tagmanager.google.com pix.hyj.mobi d.hyj.mobi; style-src 'unsafe-inline' 'self' vjs.zencdn.net cdn.dictum.com tagmanager.google.com fonts.googleapis.com *.sovido.de; connect-src 'self' stats.g.doubleclick.net mc.yandex.ru rum-collector-2.pingdom.net *.sovido.de *.google-analytics.com *.tagmanager.google.com www.alphavantage.co *.paypal.com; img-src * data:; font-src 'self' fonts.gstatic.com tagmanager.google.com vjs.zencdn.net cdn.dictum.com *.paypalobjects.com data:; object-src 'self'; media-src *.dictum.com *.rackcdn.com data: audio/mpeg; frame-src 'self' *.payengine.de mc.yandex.md *.paypal.com *.youtube.com *.google.com *.youtube-nocookie.com *.vimeo.com *.dailymotion.com *.googletagmanager.com; frame-ancestors 'self' *.youtube.com *.sovido.de; 2
default-src https: wss: data: mediastream: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors 'self' 2
default-src 'self' 'unsafe-inline' https://piwik.bzga.de/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.youtube-nocookie.com/ https://app.dialogfeed.com/; img-src 'self' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.bzga.de/ https://jwpltx.com/ https://maps.gstatic.com/ https://maps.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/ https://www.youtube.com/iframe_api https://ssl.p.jwpcdn.com/ https://piwik.bzga.de/ https://maps.googleapis.com/ 2
script-src * https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';worker-src https: blob: 2
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 2
frame-ancestors https://www.sapo.pt; block-all-mixed-content; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://code.highcharts.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://unpkg.com; img-src 'self' data: https: https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com http://www.w3.org; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 2
default-src 'self'; style-src 'self' 'unsafe-inline' use.typekit.net/ p.typekit.net/; script-src 'self' 'unsafe-inline' www.space.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; form-action 'self'; worker-src 'none'; frame-src 'self' www.space.net/ www.youtube.com/ www.youtube-nocookie.com/ https://www.google.com/recaptcha/; img-src 'self' www.space.net/ data:; object-src 'none'; font-src 'self' use.typekit.net/; 2
default-src 'self'; connect-src 'self' https://www.ibex.co https://wavezero.ibex.co https://www.google-analytics.com https://scout.salesloft.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagmanager.com https://scout-cdn.salesloft.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://cdn.ampproject.org https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://mid.collect.igodigital.com https://www.gstatic.com; img-src 'self' https://www.google-analytics.com https://wavezero.ibex.co https://www.google.com https://www.google.com.pk https://www.facebook.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com https://bid.g.doubleclick.net; object-src 'none'; media-src 'self' 2
frame-ancestors 'self' *.azdev.direct *.adobe.com 2
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.mqcdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.lvvwd.com *.juicer.io *.digicert.com *.mqcdn.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.onefiserv.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net https://sdks.shopifycdn.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; connect-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.mapquestapi.com *.mapquest.com *.google-analytics.com *.googleapis.com *.gstatic.com *.doubleclick.net https://springs-preserve.myshopify.com *.cludo.com *.cludo.com.cdn.cloudflare.net data:; font-src 'self' *.lvvwd.com *.juicer.io *.mqcdn.com *.jwpcdn.com *.gstatic.com data:; img-src * data: * blob:; frame-src 'self' *.onefiserv.com *.streamtext.net *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com blob: data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com www.google-analytics.com; 2
default-src 'none'; script-src 'self' http://gis.bmlrt.gv.at.test https://gis.bmlrt.gv.at siteimproveanalytics.com connect.facebook.net graph.facebook.com *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com; connect-src 'self' *; img-src 'self' blob: data: *.facebook.com *.youtube.com *.twimg.com *.twitter.com *; style-src 'self' http://gis.bmlrt.gv.at.test https://gis.bmlrt.gv.at 'unsafe-inline'; media-src 'self' *.youtube.com; font-src 'self'; object-src 'none'; frame-src 'self' *.bmlfuw.gv.at *.bmnt.gv.at *.bmlrt.gv.at https://app.genial.ly https://tawk.to https://*.youtube.com *.facebook.com https://*.umweltbundesamt.at https://*.laola1.tv https://*.europa.eu https://*.facebook.com https://www.google.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.youtube.com *.googleapis.com *.googletagmanager.com *.sharethis.com *.eyereturn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.facebook.net *.licdn.com *.ads.linkedin.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googletagmanager.com *.fontawesome.com *.myfonts.net; font-src 'self' *.gstatic.com *.fontawesome.com *.myfonts.net data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.ca *.eyereturn.com *.g.doubleclick.net *.adsrvr.org *.facebook.com *.pubmatic.com *.casalemedia.com *.search.spotxchange.com *.eyedemand.com *.sharethis.com; frame-src 'self' localhost:* *.google.com *.doubleclick.net *.youtube.com go.loyalty.com *.sharethis.com c.sharethis.mgr.consensu.org *.facebook.com; connect-src 'self' *.sharethis.com; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net *.googletagmanager.com tagmanager.google.com www.gstatic.com *.google-analytics.com www.googleadservices.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io connect.facebook.net *.blueconic.net knltb.sb.blueconic.net service.force.com *.salesforceliveagent.com *.googleapis.com knltb.my.salesforce.com knltb.secure.force.com ajax.aspnetcdn.com *.cloudfront.net www.instagram.com www.mollie.com *.youtube.com *.ytimg.com *.newrelic.com *.nr-data.net *.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net tagmanager.google.com fonts.googleapis.com service.force.com knltb.secure.force.com *.cloudfront.net www.mollie.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: dashboard.umbraco.org our.umbraco.com *.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com *.hotjar.com *.hotjar.io www.facebook.com *.ytimg.com *.googleapis.com *.gstatic.com *.blueconic.net stats.g.doubleclick.net *.persgroep.net *.google.nl; connect-src 'self' 'unsafe-eval' 'unsafe-inline' our.umbraco.com tagmanager.google.com www.google-analytics.com *.hotjar.com:* *.hotjar.io *.blueconic.net knltb.sb.blueconic.net service.force.com knltb.secure.force.com homerun.co *.nr-data.net stats.g.doubleclick.net; frame-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.youtube.com bid.g.doubleclick.net *.hotjar.com *.hotjar.io service.force.com www.facebook.com widgets.knltb.club www.instagram.com www.mollie.com nlpadel.meshlink.nl m.facebook.com; style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.blueconic.net service.force.com knltb.secure.force.com *.cloudfront.net; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.sfdcstatic.com; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.hotjar.io *.youtube.com *.blueconic.net knltb.sb.blueconic.net; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.blueconic.net knltb.sb.blueconic.net; block-all-mixed-content; 2
frame-ancestors 'self' https://sgl-live01.mcon-group.com https://logon.sglcarbon.com; 2
default-src 'self';frame-src * 'unsafe-inline';connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; style-src * 'unsafe-inline';  media-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data:; worker-src *  2
default-src 'self' *.adobe.com bcove.video optimize.google.com *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com manifest.prod.boltdns.net eba-api.uk.experian.com smeservices.uk.experian.com *.hotjar.com sjs.bizographics.com cdn.taboola.com trc.taboola.com *.js.ubembed.com *.events.ubembed.com assets.ubembed.com www.dwin1.com bat.bing.com t.co cdn.smct.co smct.co j.flxpxl.com *.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com www.google-analytics.com ssl.google-analytics.com adservice.google.com adservice.google.co.uk ajax.googleapis.com www.google.co.uk analytics.twitter.com platform.twitter.com static.ads-twitter.com *.linkedin.com www.facebook.com connect.facebook.net *.outbrain.com builder-assets.unbounce.com *.boldchat.com www.dianomi.com *.pingdom.net *.cloudfront.net *.eloqua.com *.quantserve.com rules.quantcount.com img.en25.com snap.licdn.com secure.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com experian-thinking.s3-eu-west-1.amazonaws.com cdn.livechatinc.com themes.googleusercontent.com translate.googleapis.com *.experian.com ui.customsearch.ai hosteduxprod.blob.core.windows.net *.brightcove.com *.brightcove.net vjs.zencdn.net *.adobedtm.com *.demdex.net *.omniture.com *.youtube.com *.hotjar.io; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; 2
frame-ancestors 'self'; base-uri 'self'; default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' 'unsafe-inline' https://super-monitoring.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://*.twitter.com https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://media.onboardflow.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://api-js.mixpanel.com https://*.mxpnl.com https://*.hotjar.com;font-src 'self' https://super-monitoring.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tawk.to;img-src 'self' https://super-monitoring.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.facebook.com https://connect.facebook.net https://*.twitter.com https://*.capterra.com https://*.onboardflow.com https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link data:;style-src 'self' 'unsafe-inline' https://super-monitoring.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.facebook.com https://connect.facebook.net https://*.onboardflow.com https://*.tawk.to https://cdn.jsdelivr.net;frame-src * 2
img-src https: data:; default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com www.googletagmanager.com www.gstatic.com 10597.global.siteimproveanalytics.io stats.g.doubleclick.net www.google-analytics.com siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com cdn.yoshki.com; img-src 'self' data: *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: ; font-src 'self' data:; worker-src 'self' blob: ; connect-src 'self' *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net 2
frame-ancestors 'self' https://www.google-analytics.com https://www.roedl.de/ https://www.roedl.com/ https://test-sp.roedl.com/ https://test-sp.roedl.de/ https://www.roedl.de:10006/ https://karriere.roedl.de/ https://adm-karriere.roedl.de/; form-action 'self' https://www.google-analytics.com; connect-src https://www.google-analytics.com 'self' https://orca.roedlcloud.com/ https://DEFFMSPFWEBD01.roedl.org:86 https://www.wetter.com/; img-src 'self' matomo.roedlcloud.com https://www.google-analytics.com https://chart.googleapis.com https://cs3.wettercomassets.com/; 2
default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; 2
frame-ancestors *.adobe.com 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: blob: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net blob: 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
frame-ancestors 'self' http://www.liligo.fr/ http://www.kayak.fr/ http://www.kayak.de/ https://drivy.zendesk.com/ https://*.zdusercontent.com/ 2
script-src 'self' data: da.beethoven.de ajax.googleapis.com www.google.com www.gstatic.com 'unsafe-eval' 'unsafe-inline' www.google-analytics.com *.google.com www.googleadservices.com www.googletagmanager.com code.jquery.com *.twitter.com walls.io cdn.syndication.twimg.com cdn.jsdelivr.net; img-src 'self' *.ggpht.com *.googleusercontent.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com *.google.com data: 'unsafe-inline' *.twitter.com *.twimg.com *.paypal.com *.paypalobjects.com; default-src 'self' www.google-analytics.com; frame-src 'self' www.google.com drive.google.com accounts.google.com maps.google.de www.youtube.com wwww.youtube-nocookie.com da.beethoven.de *.appspot.com katalog.beethoven.de *.twitter.com panorama.beethoven.de data: *.google.com walls.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twitter.com *.twimg.com *.google.com; media-src 'self' internet.beethoven.de; font-src 'self' fonts.googleapis.com fonts.gstatic.com; 2
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: blob: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors https://www.maison-alaia.com/ https://www.maison-alaia.com/ ; 2
default-src 'self' static.mycity.travel static.www.region-du-leman.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 2
default-src 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https://www.bkk-dachverband.de https://stats.bkk-dachverband.de; font-src 'self'; style-src 'unsafe-inline' https://www.bkk-dachverband.de ; img-src 'self' data: https://www.bkk-dachverband.de https://stats.bkk-dachverband.de; frame-src https://app.powerbi.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.ims-cms.net; connect-src https://www.bkk-dachverband.de ; media-src 'self' 2
font-src 'self' data: *.googleapis.com *.bing.com *.microsoft.com *.designmynight.com *.gstatic.com *.cloudfront.net; style-src 'self' data: *.googleapis.com *.bing.com *.microsoft.com *.designmynight.com *.cloudfront.net 'unsafe-inline'; frame-ancestors 'self' 2
default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' 2
script-src *.wistia.com apply.workable.com *.wufoo.com www.googletagmanager.com *.olark.com www.google.com www.gstatic.com fast.fonts.net www.google-analytics.com rum-static.pingdom.net d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src *.wistia.com apply.workable.com *.wufoo.com www.googletagmanager.com *.olark.com www.google.com www.gstatic.com fast.fonts.net www.google-analytics.com rum-static.pingdom.net d1io3yog0oux5.cloudfront.net 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.mydomaine.com 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
script-src 'self' 'unsafe-inline' *.ellaskitchen.co.uk *.googletagmanager.com tagmanager.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.fls.doubleclick.net *.youtube.com s.ytimg.com *.livechatinc.com *.zendesk.com *.facebook.net sc-static.net data:; img-src 'self' www.google.com www.google.co.uk *.google-analytics.com *.gstatic.com *.googleusercontent.com stats.g.doubleclick.net *.facebook.com s-static.ak.facebook.com *.zendesk.com *.livechatinc.com *.livechat-static.com fonts.gstatic.com tr.snapchat.com *.prismic.io cdn.shopify.com data:; media-src 'self' *.livechatinc.com; object-src 'none'; default-src 'self'; font-src 'self' *.ellaskitchen.co.uk *.livechatinc.com *.livechat-static.com fonts.gstatic.com themes.googleusercontent.com; frame-src *.ellaskitchen.co.uk *.livechatinc.com *.youtube.com *.zendesk.com *.facebook.com s-static.ak.facebook.com www.google.com *.fls.doubleclick.net tr.snapchat.com; style-src 'self' 'unsafe-inline' tagmanager.google.com *.googleapis.com *.zendesk.com 2
default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-eval' 'unsafe-inline' 2
default-src 'self' https:; child-src *; frame-src *; img-src * data:; media-src *; script-src 'self' *.windowsforum.com *.facebook.net *.google-analytics.com *.maxcdn.com *.facebook.com *.cloudflare.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.twitter.com *.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.windowsforum.com *.facebook.net *.google-analytics.com *.maxcdn.com *.facebook.com *.cloudflare.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.twitter.com *.bootstrapcdn.com 'unsafe-inline' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none' 2
default-src 'none'; font-src * data:; img-src * data:; frame-src 'self' https://*.taboola.com https://*.2checkout.com https://*.paddle.com https://*.youtube.com https://*.googlesyndication.com https://*.doubleclick.net https://*.google.com https://web.facebook.com https://amazon.com https://*.amazon.co.uk https://*.amazon.ca https://*.amazon.de https://*.amazon.fr https://*.amazon.it https://*.amazon.es https://*.amazon.in https://*.amazon.com.mx https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ioscout.postaffiliatepro.com/ https://secure.avangate.com/ https://eligibility.wootric.com/ https://wootric-eligibility.herokuapp.com/ https://www.facebook.com/ https://graph.facebook.com/ https://secure.2checkout.com/; style-src 'self' 'unsafe-inline' https://*.taboola.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://amazon.com https://*.amazon.co.uk https://*.amazon.ca https://*.amazon.de https://*.amazon.fr https://*.amazon.it https://*.amazon.es https://*.amazon.in https://*.amazon.com.mx; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.taboola.com https://*.yimg.com/ https://*.yahoo.com/ https://*.2checkout.com https://*.paddle.com https://*.optimize.google.com https://*.googlesyndication.com https://*.doubleclick.net https://bat.bing.com https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://*.wootric.com/ https://*.google-analytics.com https://*.googleanalytics.com https://*.googleadservices.com https://*.doubleclick.com https://ioscout.io https://amazon.com https://*.amazon.co.uk https://*.amazon.ca https://*.amazon.de https://*.amazon.fr https://*.amazon.it https://*.amazon.es https://*.amazon.in https://*.amazon.com.mx https://*.facebook.net https://*.onthe.io https://*.intercom.io/ https://*.intercomcdn.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ioscout.postaffiliatepro.com/ https://secure.avangate.com/ https://eligibility.wootric.com/ https://wootric-eligibility.herokuapp.com/ https://*.google.com/ https://connect.facebook.net; connect-src https://*.taboola.com https://*.yimg.com/ https://*.yahoo.com/ https://*.2checkout.com/ https://*.paddle.com https://*.doubleclick.net https://bat.bing.com https://*.google-analytics.com https://*.googleanalytics.com https://*.googleadservices.com https://*.doubleclick.com https://www.facebook.com/ https://graph.facebook.com/ https://ioscout.io/ https://*.ioscout.io/ https://*.onthe.io/ https://*.intercom.io/ wss://*.intercom.io/ https://*.intercomcdn.com https://*.intercomusercontent.com https://*.cloudfront.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ioscout.postaffiliatepro.com/ https://secure.avangate.com/ https://eligibility.wootric.com/ https://wootric-eligibility.herokuapp.com/ https://production.wootric.com; media-src https://ioscout.io https://*.onthe.io/ https://*.intercom.io/ https://*.intercomcdn.com/ https://ioscout.postaffiliatepro.com/ https://secure.avangate.com/ https://eligibility.wootric.com/ https://wootric-eligibility.herokuapp.com/; frame-ancestors 'self' https://www.amazon.com/ https://*.amazon.co.uk https://*.amazon.ca https://*.amazon.de https://*.amazon.fr https://*.amazon.it https://*.amazon.es https://*.amazon.in https://*.amazon.com.mx; 2
frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src www.gstatic.com translate.googleapis.com 'unsafe-inline' 'self'; script-src www.gstatic.com translate.google.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com 'sha256-NNiElek2Ktxo4OLn2zGTHHeUR6b91/P618EXWJXzl3s=' 'self'; img-src * data:; connect-src * data:; frame-src 'self' * 2
default-src 'self' *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.cloudfront.net *.google.com *.cloudflare.com *.fontawesome.com *.optimonk.com *.intercomassets.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.hotjar.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.doubleclick.net *.facebook.com *.facebook.net *.trackedlink.net cdn-akamai.mookie1.com cdn.districtm.ca secure.adnxs.com tags.tiqcdn.com *.authorize.net *.signifyd.com *.livechatinc.com *.bing.com *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hsleadflows.net *.cloudfront.net *.dotmailer-surveys.com *.cloudflare.com *.jquery.com *.trackedweb.net *.youtube.com *.ytimg.com *.bizographics.com *.fontawesome.com *.optimonk.com *.hscollectedforms.net *.connecoutdoors.com connecoutdoors.com *.intercom.io *.intercomcdn.com *.adroll.com; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.amazonaws.com *.fontawesome.com *.intercomcdn.com garneau.com; img-src 'self' data: blob: *.paypalobjects.com *.signifyd.com *.online-metrix.net *.google-analytics.com *.doubleclick.net *.gstatic.com *.googleapis.com *.cdninstagram.com *.google.com *.facebook.com *.google.ca *.livechatinc.com *.hubspot.com *.cloudfront.net *.bronto.com *.abmr.net *.bing.com *.cloudflare.com *.jquery.com *.dotmailer-surveys.com *.googletagmanager.com *.optimonk.com *.hsforms.com *.intercomassets.com *.intercomcdn.com *.adroll.com; media-src 'self' *.cloudfront.net *.livechatinc.com; frame-src 'self' acdn.adnxs.com tags.tiqcdn.com *.hotjar.com *.addthis.com *.googletagmanager.com *.moneris.com *.signifyd.com *.youtube.com *.vimeo.com *.doubleclick.net *.livechatinc.com *.dotmailer-surveys.com *.facebook.net *.online-metrix.net *.google.com *.cloudfront.net *.facebook.com *.freshdesk.com; connect-src 'self' *.authorize.net *.addthis.com *.luckyorange.net *.cloudfront.net *.hubspot.com *.googleapis.com *.hubapi.com *.visitors.live wss://*.visitors.live wss://visitors.live *.doubleclick.net *.cloudflare.com *.youtube.com *.trackedweb.net *.google-analytics.com *.luckyorange.com *.mixpanel.com *.optimonk.com *.intercom.io wss://*.intercom.io; worker-src 'self' blob:; 2
frame-ancestors 'self' dev.dieselserviceandsupply.com www.dieselserviceandsupply.com ; 2
upgrade-insecure-requests; default-src  'unsafe-inline' 'unsafe-eval' 'self' *.ria.ee www.google-analytics.com *.plumbr.io themes.googleusercontent.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com docs.google.com; img-src data: 'self' *.ria.ee www.google-analytics.com; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net; font-src 'self' self data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src *; img-src 'self' self data: 'unsafe-inline' 'unsafe-eval' https://pbs.twimg.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri /nelmio/csp/report 2
default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 2
frame-ancestors 'self' *.dja.com; 2
frame-src https://www.facebook.com 2
frame-ancestors 'self' www.amway.com.au www.amway.co.nz https://pos.amway.com.au https://pos.amway.co.nz https://pos.amway.com.vn www.amway.com.vn www.amway.com.ph admin.amway.com.ph 2
frame-ancestors https://io.apply.creditkarma.com 2
frame-ancestors 'self' *.dnc.io 2
default-src 'self'; img-src 'self' 'unsafe-inline' https://www.facebook.com https://www.googletagmanager.com https://t.co https://www.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://www.google.com.au https://20810323p.rfihub.com https://us-u.openx.net https://x.bidswitch.net https://ib.adnxs.com data: https://ad.doubleclick.net https://www.google.co.za https://*.tribalfusion.com https://dsum-sec.casalemedia.com https://*.pubmatic.com https://pixel.rubiconproject.com https://sync.search.spotxchange.com https://soma.smaato.net https://pixel.advertising.com https://partners.tremorhub.com https://p.rfihub.com https://*.yahoo.com https://ads.stickyadstv.com https://aa.agkn.com https://ssl.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://ajax.cloudflare.com https://www.google-analytics.com https://*.tymedigital.com https://*.tymebank.co.za https://secure-ds.serving-sys.com https://bs.serving-sys.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://static.hotjar.com https://script.hotjar.com https://www.google.co.za https://*.tribalfusion.com https://www.youtube.com https://s.ytimg.com https://web-tyme-mvp-prod.k8s-prod-ie.finn.ai https://www.googleadservices.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://web-tyme-mvp-prod.k8s-prod-ie.finn.ai https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://vars.hotjar.com https://www.youtube.com; connect-src 'self' https://*.tymedigital.com https://*.tymebank.co.za https://secure-ds.serving-sys.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com wss://msg-tyme-mvp-prod.k8s-prod-ie.finn.ai; object-src 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.jquery.com *.addtoany.com use.fontawesome.com *.cloudflare.com *.youtube.com *.ytimg.com *.googleapis.com *.googletagmanager.com connect.facebook.net cdnjs.cloudflare.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.addtoany.com cloud.typography.com www.groningerforum.nl; font-src 'self' *.gstatic.com data:; img-src 'self' data: www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com www.facebook.com www.googletagmanager.com *.doubleclick.net *.google.nl *.googleusercontent.com; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com youtu.be *.activetickets.com activetickets.groningerforum.nl www.facebook.com *.ticketworks.nl *.afasonline.com groningerforum.podiumnederland.nl forum.podiumnederland.nl open.spotify.com;media-src 'self' *.youtube.com *.vimeo.com *.vimeocdn.com *.akamaized.net;connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl www.google-analytics.com stats.g.doubleclick.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' js-agent.newrelic.com maps.googleapis.com use.typekit.net cdnjs.cloudflare.com www.google-analytics.com bam.nr-data.net connect.facebook.net platform.twitter.com gmc.lingotek.com pixel.mathtag.com platform.linkedin.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com flockler.com embed-cdn.flockler.com polyfill.io/v3/polyfill.min.js unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fast.fonts.net gmc.lingotek.com static.flockler.com; frame-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; child-src 'self' youtu.be youtube.com www.youtube.com *.facebook.com *.twitter.com spark.adobe.com; report-uri /report-csp-violation 2
style-src * blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline';connect-src * ws: wss:; 2
default-src 'self'; script-src 'self'; 2
upgrade-insecure-request 2
frame-ancestors bestdrive.marketing.adobe.com bestdrive.experiencecloud.adobe.com emea1-proxy.adobemc.com 'self' 2
upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.in https://manganime.id https://manganime.in 2
default-src 'self' *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org https://unpkg.com *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net blob:; style-src 'unsafe-inline' *; font-src * data:; connect-src 'self' cdn.opticsinfobase.org *.google.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us wss://*.zoom.us blob:; object-src 'self' cdn.opticsinfobase.org *.cloudfront.net *.googlesyndication.com https://*.zoom.us blob:; frame-src 'self' *.cloudfront.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.googlesyndication.com *.youtube.com https://titanembeds.com; frame-ancestors 'self' *.osa.org *.frontiersinoptics.com; 2
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; 2
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.dkv.com; 2
default-src https://www.gmp.de; img-src 'self' data: https://matomo.gmp.de; connect-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline'; frame-src data: https://player.vimeo.com https://www.youtube.com https://www.google.com; script-src-elem data: https://ajax.googleapis.com 'self' 'unsafe-inline' https://matomo.gmp.de; 2
frame-ancestors 'self' https://*.b2bmit.com https://*.gocatalogs.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com/recaptcha/  maps.googleapis.com *.facebook.com *.facebook.net licensebuttons.net *.doubleclick.net *.youtube.com cdn.maksnet.tv *.adobe.com licensebuttons.net *.rnids.rs xn--d1aholi.xn--90a3ac  forms.office.com *.tipometar.org; report-uri /report-csp-violation 2
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 2
default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 2
default-src 'self' fonts.gstatic.com datatables.net hostadvice.com js.stripe.com qwebirc.franceserv.fr; img-src 'self' * franceserv.fr www.franceserv.fr data: platform.twitter.com hostadvice.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.datatables.net ajax.googleapis.com datatables.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com datatables.net *.datatables.net platform.twitter.com ajax.googleapis.com apis.google.com api.stripe.com uploads.stripe.com js.stripe.com device.maxmind.com hostadvice.com; worker-src 'self' qwebirc.franceserv.fr js.stripe.com hostadvice.com 2
frame-ancestors 'self' https://*.tonies.de https://*.tonies.com https://*.tonie.cloud 2
block-all-mixed-content;frame-ancestors *.web.de web.de http://images.google.de 2
default-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net suggestions.dadata.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru 'unsafe-inline'; frame-src *; media-src *; img-src * data: blob:; font-src *.beeline.ru data:; script-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io yastatic.net  *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.beeline.ru metrika.yandex.ru mc.yandex.ru http://webvisor.com *.yandex.net *.mtproxy.yandex.net *.yandex.tld yastatic.net; connect-src 'self' *.beeline.ru *.oktaplan.ru *.fls.doubleclick.net suggestions.dadata.ru kasko-osago-online.ru ad.mail.ru ads.betweendigital.com *.ads.betweendigital.com adservice.google.com an.yandex.ru *.rutarget.ru *.g.doubleclick.net mc.yandex.ru *.google.com sync.upravel.com top-fwz1.mail.ru vk.com connect.facebook.net www.facebook.com www.google.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com static.criteo.net *.tmcrussia.com sslwidget.criteo.com dis.eu.criteo.com api-maps.yandex.ru enterprise.api-maps.yandex.ru api.flocktory.com flocktory.com api.mindbox.ru *.artfut.com click.adkratos.ru code.jquery.com fullstory.com bn.adblender.ru aprtx.com aprtn.com px.adhigh.net mod.calltouch.ru *.googleapis.com www.youtube.com st.yagla.ru k50-a.akamaihd.net *.k50.ru *.ruru.ru widgets.mos.ru *.kaspersky-labs.com *.popmechanic.ru metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.carrotquest.io wss://*.carrotquest.io yastatic.net *.gdeslon.ru gdeslon.ru *.aebdgd.ru aebdgd.ru *.s4fmvl.ru s4fmvl.ru go.epnbest.bz c.4clouds.org *.witstroom.com *.witstroom.com:8080 anketa.alfabank.ru *.dashamail.com *.onesignal.com onesignal.com suggest-maps.yandex.ru *.maps.yandex.ru 'unsafe-inline' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.amazonaws.com *.doubleclick.net *.freshworks.com livestream.com *.googleadservices.com *.sumo.com www.google.com cdn.jsdelivr.net cdn.plyr.io widget.happyfoxchat.com cdn.datatables.net static.leadpages.net *.issuu.com issuu.com *.vimeo.com code.jquery.com www.googletagmanager.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.stripe.com js.stripe.com fast.wistia.com; frame-src 'self' *.google.com *.doubleclick.net *.freshdesk.com http://www.buddhismuskunde.uni-hamburg.de/ livestream.com wisdomexperience.org fast.wistia.com *.issuu.com issuu.com wisdompubs.lpages.co widget.happyfoxchat.com js.stripe.com *.vimeo.com vimeo.com hooks.stripe.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; 2
base-uri 'none'; object-src 'none'; script-src https://boti.ru/logs/ https://boti.ru/sidekiq/ https://boti.ru/mini-profiler-resources/ https://boti.ru/assets/ https://boti.ru/brotli_asset/ https://boti.ru/extra-locales/ https://boti.ru/highlight-js/ https://boti.ru/javascripts/ https://boti.ru/plugins/ https://boti.ru/theme-javascripts/ https://boti.ru/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; worker-src 'self' https://boti.ru/assets/ https://boti.ru/brotli_asset/ https://boti.ru/javascripts/ https://boti.ru/plugins/ 2
default-src 'self'; child-src https://flickrembed.com https://maps.google.com https://www.google.com https://connect.facebook.net; script-src 'self' https://oss.maxcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://stackpath.bootstrapcdn.com https://fonts.gstatic.com; frame-ancestors; form-action 'self'; base-uri 'self'; object-src;  2
“upgrade-insecure-requests” 2
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' https://distributor.51degrees.com/ https://devicedatasubmissions.azurewebsites.net/api/Submit;font-src 'self';img-src 'self' data: http://images.51degrees.mobi https://51degrees.cachefly.net;frame-src 'self' 2
frame-src 'self' *.fundinfo.com secure.mari4norm.com edge-cdn.net; font-src 'self' *.bootstrapcdn.com *.gstatic.com data:; img-src * data: ; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fundinfo.com *.cloudflare.com tagmanager.google.com data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.lfeeder.com *.fundinfo.com *.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.tinymce.com secure.mari4norm.com *.msecnd.net *.visualstudio.com tagmanager.google.com *.consensu.org *.quantserve.com *.quantcount.com; default-src 'self' *.fundinfo.com *.visualstudio.com *.consensu.org; base-uri 'self'; report-uri 'self'/error/csp 2
frame-ancestors 'self' *.veepee.be  *.veepee.nl *.veepee.lu 2
frame-ancestors 'self' http://tags2.adshell.net http://clk.sportstream.live 2
base-uri 'self'; default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://adservice.google.com https://adservice.google.es https://adservice.google.fr https://www.googletagservices.com https://cse.google.com https://*.disqus.com https://*.facebook.net https://*.googlesyndication.com; img-src 'self' data: https://media.ustility.com https://www.google.com https://*.gstatic.com https://www.google-analytics.com https://*.googlesyndication.com https://img.youtube.com https://i.ytimg.com https://cdn.jsdelivr.net https://referrer.disqus.com https://c.disquscdn.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://c.disquscdn.com/; font-src 'self' data: https://cdn.jsdelivr.net; object-src 'none'; frame-src https: data:; script-src-elem 'unsafe-inline' https:; connect-src https://api.usitility.com https://*.googlesyndication.com https://*.gstatic.com https://www.google-analytics.com https://cse.google.com 2
default-src 'self' https://www.bam.eu01.nr-data.net edge.api.brightcove.com viz.tools.investis.com *.brightcove.com *.jsdelivr.net www.facebook.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net stats.g.doubleclick.net https://brightcove.hs.llnwd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net cdn.rawgit.com cdnjs.cloudflare.com https://www.bam.eu01.nr-data.net ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com boards.greenhouse.io https://js-agent.newrelic.com https://bam.eu01.nr-data.net  https://www.youtube.com https://s.ytimg.com tagmanager.google.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net greenhouse-integration-demo.herokuapp.com tagmanager.google.com; img-src 'self' 'unsafe-inline' * data:; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com boards.greenhouse.io www.ocado.com www.youtube.com jobsfeed.ocado.com https://players.brightcove.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com; connect-src 'self' https://www.bam.eu01.nr-data.net https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://edge.api.brightcove.com https://viz.tools.investis.com https://stats.g.doubleclick.net https://www.facebook.com 2
default-src 'self' 'unsafe-inline' *.system1.com *.typekit.net *.formstack.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com s.flocdn.com mapquest.com *.mapquest.ca s3.amazonaws.com stats.g.doubleclick.net jobs.lever.co data:; img-src *; 2
frame-ancestors tsys.easesales.com; 2
default-src 'none' ;         script-src 'self' 'unsafe-inline' 'unsafe-eval'  ajax.googleapis.com  code.jquery.com  maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com ssl.siteimprove.com siteimproveanalytics.com  www.gstatic.com dl.edge-cdn.net mfpembedcdnweu.azureedge.net app.mailjet.com *.qualtrics.com www.openpetition.de www.google-analytics.com;          style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net cloud.typography.com *.twimg.com www.metroag.de;          img-src 'self' csi.gstatic.com dl.edge-cdn.net data: maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com ssl.siteimprove.com www.gstatic.com app.miag.com                  maintenance.metroag.de 1634.global.siteimproveanalytics.io mfpembedcdnweu.azureedge.net *.qualtrics.com *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com                  *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro                 *.metro-advertising.de *.metro-advertising.com *.metro-advertising.pl *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de                 *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de                 *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.google-analytics.com;         frame-src 'self' www.youtube.com irs.tools.investis.com player.admiralcloud.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com app.mailjet.com feedback.metro-cc.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d1azc1qln24ryf.cloudfront.net www.openpetition.de;          object-src 'self'  ;         base-uri 'none';         connect-src 'self' dl.edge-cdn.net *.twitter.com www.3dzeitschrift.de *.qualtrics.com;         media-src 'self' jpn.videos.metrosystems.net edge-cdn.net ;         report-uri MagReport.csp?cspReport=true 2
frame-ancestors 'self' https://webchat.iris.ci 2
frame-ancestors https://*.hussle.com https://apps.facebook.com/ 2
default-src 'self'; font-src 'self' *.gstatic.com *.hotjar.com *.hotjar.io fonts.gstatic.com; img-src 'self' data: *.google-analytics.com *.facebook.com *.google.com *.gstatic.com *.siteimprove.com *.siteimproveanalytics.io *.doubleclick.net www.firstnational1870.com *.hotjar.com *.hotjar.io optimize.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.facebook.net *.cloudfront.net siteimproveanalytics.com *.ensighten.com *.doubleclick.net *.hotjar.com *.hotjar.io www.gstatic.com *.googleoptimize.com optimize.google.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com graph.facebook.com api-public.addthis.com; style-src 'self' 'unsafe-inline' *.googleapis.com optimize.google.com; frame-src 'self' *.cloudfront.net insight.adsrvr.org *.doubleclick.net www.facebook.com eendorsements.com www.youtube.com *.hotjar.com *.hotjar.io optimize.google.com s7.addthis.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com settings.luckyorange.net www.facebook.com *.hotjar.com *.hotjar.io m.addthis.com; 2
font-src https://cdnjs.cloudflare.com/ http://www.aexp-static.com/ https://use.typekit.net/ 'self' http://fonts.gstatic.com/ https://*.bootstrapcdn.com/ https://*.aexp-static.com/; frame-ancestors https://*.aexp.com/  https://*.americanexpress.com/; frame-src https://staticxx.facebook.com/ https://*.americanexpress.com/ https://*.demdex.net/ https://*.liveperson.net/ https://lpcdn.lpsnmedia.net/ http://*.demdex.net/ https://googleads.g.doubleclick.net/ http://*.americanexpress.com/ https://www.payback.it/ https://service.maxymiser.net/ https://www.youtube.com/ https://*.aexp-static.com/ https://*.akamaihd.net/; style-src https://14106077.va.cobrowse.liveperson.net/ https://*.aexp-static.com/ 'unsafe-inline' 'self'; object-src  'self'; report-uri https://csp.tsrs.cloud/r/62c749c0b9b5a14a94559129ab0017b432d368a1; base-uri http://www.americanexpress.com/ https://*.americanexpress.com/ https://ds-aksb-a.akamaihd.net/ 'self'; script-src http://assets.adobedtm.com/ https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' 'self' https://*.liveperson.net/ https://googleads.g.doubleclick.net/ https://*.lpsnmedia.net/ https://www.googleadservices.com/ https://service.maxymiser.net/ https://*.aexp-static.com/ https://c00.adobe.com/ https://aexp.demdex.net/ http://nexus.ensighten.com/ https://connect.facebook.net/ http://*.aexp-static.com/ https://*.americanexpress.com/ https://cdn.appdynamics.com/ https://ct.contentsquare.net/ https://nexus.ensighten.com/ https://contentsquare.com/ https://adservice.google.co.il/ http://*.americanexpress.com/ https://*.contentsquare.com/ http://*.liveperson.net/ https://www.google.com/ https://*.akamaihd.net/ http://service.maxymiser.net/ 'unsafe-eval'; media-src 'self' https://lpcdn.lpsnmedia.net/ https://lpchat.americanexpress.com/; connect-src https://assets.adobedtm.com/ http://www.aexp-static.com/ https://*.americanexpress.com/ https://papi.walkme.com/ wss://iwmap.americanexpress.com/ https://nexus.ensighten.com/ https://*.demdex.net/ wss://www.americanexpress.com/ https://*.liveperson.net/ https://*.contentsquare.net/ http://dpm.demdex.net/ http://*.americanexpress.com/ https://www.facebook.com/ https://ad.doubleclick.net/ https://aeopprodvip.acxiom.com/ https://*.aexp-static.com/ https://*.akamaihd.net/; img-src 'self' data: https: http:; worker-src  'self' blob:; form-action http://www.americanexpress.com/ https://*.americanexpress.com/;  2
frame-ancestors https://*.net10wireless.com 2
frame-src https:; report-uri /csp-violation-endpoint/ 2
default-src 'self' s.amazon-adsystem.com d.adroll.com s.adroll.com https: http:; img-src * 'self' p.alocdn.com data: https: http:; style-src 'self' 'unsafe-inline' www.google.com platform.twitter.com cdn.syndication.twimg.com fonts.googleapis.com seal-sanjose.bbb.org s.amazon-adsystem.com s.adroll.com a.adroll.com d.adroll.mgr.consensu.org d.adroll.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cse.google.com cdn.syndication.twimg.com platform.twitter.com platform.instagram.com www.instagram.com cdn1.developermedia.com cdn2.developermedia.com apis.google.com www.googletagservices.com adservice.google.com securepubads.g.doubleclick.net ajax.aspnetcdn.com ssl.google-analytics.com www.google-analytics.com s.adroll.com a.adroll.com seal-sanjose.bbb.org d.adroll.mgr.consensu.org d.adroll.com s.amazon-adsystem.com; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.kontent.ai/ 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp auth.airnewzealand.co.nz auth.airnewzealand.eu; script-src 'self' s-airnz.com p-airnz.com 'unsafe-inline' 'unsafe-eval' maps.googleapis.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.googletagservices.com www.google.com pagead2.googlesyndication.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com *.hotjar.com yourir.info auth.airnewzealand.co.nz auth.airnewzealand.eu ssl.google-analytics.com cdnjs.cloudflare.com res.levexis.com; style-src 'unsafe-inline' s-airnz.com p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com yourir.info 'self'; img-src https: data:; font-src s-airnz.com p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self'; media-src 'self' video.cdnvue.com ; frame-src 'self' www.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn.optimizely.com nebula-cdn.kampyle.com *.hotjar.com; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz auth.airnewzealand.eu *.demdex.net *.tt.omtrdc.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com wss://*.hotjar.com https://*.hotjar.com vc.hotjar.io yourir.info ssl.google-analytics.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
frame-ancestors 'self' https://aula.educaixa.org; 2
default-src 'none';connect-src 'self';font-src 'self' fonts.gstatic.com;frame-src *.actiris.brussels www.facebook.com player.vimeo.com youtu.be www.youtube.com www.gstatic.com www.google.com static.ak.facebook.com s-static.ak.facebook.com connect.facebook.net;frame-ancestors 'self';img-src 'self' data: www.google-analytics.com *.actiris.brussels *.selectactiris.brussels *.basemaps.cartocdn.com i.ytimg.com www.facebook.com stats.g.doubleclick.net https://yestest.actiris.brussels:4443 *.actiris.brussels:4443;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com; 2
frame-ancestors bnaibrithcanada.nationbuilder.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com stackpath.bootstrapcdn.com ajax.aspnetcdn.com www.google.com www.google-analytics.com www.gstatic.com www.eventbrite.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src 'self' api.psauthority.org.uk http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com response.pure360.com www.eventbrite.co.uk https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src *; object-src 'none' 2
frame-ancestors 'self' *.kumulusvape.fr *.kmls.fr 2
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 2
default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'none' 2
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.syndication.twimg.com/timeline/ https://code.highcharts.com/ https://connect.facebook.net/it_IT/sdk.js https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://rawgit.com/tyrasd/osmtogeojson/ https://use.fontawesome.com/;frame-ancestors 'self' file: *.spaggiari.eu italiascuola.it www.italiascuola.it; 2
frame-ancestors 'self' https://www.googletagmanager.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com  *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 2
script-src 'self' usa.experian.com smetrics1.experian.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com tagmanager.google.com *.doubleclick.net *.youtube.com *.analytics.yahoo.com *.appdynamics.com cdn.appdynamics.com *.facebook.net *.discover.com *.btstatic.com *.thebrighttag.com *.visualwebsiteoptimizer.com *.cloudflare.com *.clicktale.net *.siteimproveanalytics.com siteimproveanalytics.com *.pendo.io *.heapanalytics.com *.websecurity.norton.com nexus.ensighten.com *.aexp-static.com service.maxymiser.net omns.americanexpress.com lptag.liveperson.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.humanapi.co *.sundaysky.com 'unsafe-inline' 'unsafe-eval' blob: ; object-src 'self'; 2
default-src https: 'unsafe-inline' 2
frame-ancestors https://*.protoshare.com http://*.protoshare.com 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 2
Array 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.recaptcha.net *.google.cn http://maps.google.cn http://ditu.google.cn https://www.gstatic.cn; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com http://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: http://fonts.gstatic.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.gstatic.cn *.google.cn http://maps.gstatic.cn http://maps.google.cn; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com https://www.recaptcha.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com; 2
default-src 'none'; connect-src *; img-src 'self' data: https:; style-src 'self' * 'unsafe-inline' ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' ;font-src * ;frame-src *;media-src 'self' http: data: ;prefetch-src *; 2
script-src 'self' https: 'unsafe-eval' 2
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 2
report-uri https://sentry.io/api/1206618/security/?sentry_key=4b848061416d44a9bc925db5abadefe2; script-src 'sha256-gv5RuvicjcQkpPHuqI8gdF8wRHEtWORv3moVY0GDb1g=' 'self' 'sha256-5BwLN3SdqK/eMeKOhZ0sqhOPNLBS/miJTtBB7kaXKV8=' 'sha256-Nv+MuCOEIRq4K4seHm8TI00Gr9/YCj0vFKCx1neHPpo=' 'sha256-941WYeiLU/yy9OIi57KVWBrkaq+lM5Mm3xwkmynGJXc=' 'sha256-d6Y2sfBU7k5A4ZE89ioaBaAlDljeB5habdy5bLO5dws=' 'sha256-QI3vqzJmPp1YBhjwydx92YmXZ9BolAKUesznyJNwGE0=' 'sha256-LfbuW2GlEmUSyviun1qLrU3vH/s8LsYLZShWtrB4Bdo=' 'sha256-0VjxPIVaubW3kRmJaD8t/UQM2d1La/BLvRBUb7e3P6s=' 'sha256-Naun945dC1Vq2pUxHewEFc+8XfLCZ/nE3110J0plvo4=' 'sha256-W8HJ3tWDuw0EcmFXRlfSId0wV0uOp41HdHwPBfMBSsM=' 'sha256-gznhoIZ+OBW0XR5vLSwept4NbccKHLrdB1xADlZySK8=' 'sha256-kKTzQY2YMS0cV5J6HVqy1AlRhMl9lZZo7MTsWJeOqsQ=' 'sha256-G+fhAQ8yf1JXpb3ag45+8mMImsevzw7IRbRq4Jm/uWs=' 'sha256-e9fD76zKBmonDOgaBNNkmcrnF0CcB7lqDMKY4L4qcm0=' 'sha256-s0sx0kGWQqfzt3Cbg7vwhwIFltnHBKCfj+8HBqfakJ0=' 'sha256-Bj2TlMGKDUy5Jt1Vr61f+3hcWKwfy45f7aNU1Mj+jhQ=' 'sha256-aJDpAShg/58wPpSC0d3zrDGAKL4pFWt/8cor2LATeCk=' 'sha256-G73FyPwO5Zi9EM2dU4MNrc+RYfOmEF/MRCL3sPIFl2I=' 'sha256-cSVASnADC/ShHipJYvWqQ3i/gRzIWqd1myYEPNGnfFA=' 'sha256-pH9zk+CCYJUIY7IiYeeK9acLochQ4y/t7TJL0IraLm0=' 'sha256-10IxJIn+Ir8OK8QWugjNxyR9u7goWY1djaUrbUMtm04=' https://static.smartrecruiters.com https://cdn.materialdesignicons.com https://fonts.googleapis.com https://fonts.gstatic.com https://breadwallet.us14.list-manage.com; default-src 'self'; connect-src 'self' https://sentry.io https://storerocket.io https://api.mapbox.com; style-src 'self' blob: 'unsafe-inline' cdn.materialdesignicons.com fonts.googleapis.com api.tiles.mapbox.com; font-src 'self' cdn.materialdesignicons.com fonts.gstatic.com; worker-src 'self' blob:; child-src 'self' blob:; img-src 'self' data: blob: https://storage.googleapis.com/ https://brd.imgix.net/; frame-src 'self' blob: https://www.youtube.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' 'unsafe-inline' data:; img-src 'self' blob: data:; media-src 'self'; frame-src 'self' www.youtube.com; font-src 'self'; connect-src 'self' sentry.io 2
frame-ancestors 'self' psa.digitalinsight.com; 2
frame-ancestors 'self' https://salesfra.me/ https://*.upseller.cloud ; 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://americannational.com https://*.lifeannuitydi.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.assistant.watson.appdomain.cloud https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
default-src 'self' *.itrsgroup.com; script-src 'unsafe-inline' 'unsafe-eval' *.itrsgroup.com *.vimeo.com *.youtube.com *.ytimg.com *.google-analytics.com *.zendesk.com *.zdassets.com *.pardot.com *.googletagmanager.com *.zopim.com *.google.com *.googleadservices.com *.doubleclick.net *.wistia.com *.wistia.net *.cloudflare.com *.jsdelivr.net *.gstatic.com *.rawgit.com; style-src 'unsafe-inline' *.itrsgroup.com *.cloudflare.com *.jsdelivr.net *.gstatic.com *.google.com *.googleapis.com *.rawgit.com *.myfonts.net; img-src *.itrsgroup.com *.zopim.com *.jsdelivr.net *.google.com *.google.es *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.ytimg.com *.vimeocdn.com *.linkedin.com data:; frame-src *.itrsgroup.com *.google.com *.doubleclick.net *.youtube.com *.vimeo.com vimeo.com itrs-health-assessment.clever-touch.com cezanneondemand.intervieweb.it; font-src data: *.itrsgroup.com *.jsdelivr.net *.gstatic.com *.zopim.com; connect-src *.itrsgroup.com *.zendesk.com *.algolia.net *.algolianet.com noembed.com *.zdassets.com wss://*.zopim.com *.google.com *.youtube.com *.vimeo.com vimeo.com *.google-analytics.com *.doubleclick.net data:; base-uri 'self'; 2
img-src * data: blob:; 2
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 2
frame-ancestors *.web.com *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net, frame-ancestors *.web.com *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 2
object-src 'none'; base-uri 'none'; 2
default-src 'self'; script-src 'self' https://*.consensu.org https://*.onetrust.com https://*.cookielaw.org https://*.googletagmanager.com https://*.yahoo.com https://*.msn.com https://*.googleadservices.com https://*.addthisedge.com https://*.mixpanel.com https://*.mxpnl.com https://*.facebook.net https://*.addthis.com https://*.google-analytics.com https://*.lassocrm.com https://*.googleapis.com https://*.moatads.com https://*.adroll.com https://*.snapengage.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*; connect-src 'self' https://*.consensu.org https://*.onetrust.com https://*.cookielaw.org https://*.cavco.com https://*.addthis.com https://*.mixpanel.com https://*.facebook.com 2
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 2
connect-src 'self' wss:             *.maxict.nl            *.maxshop.test            *.doubleclick.net            *.google-analytics.com            *.hotjar.com            *.hotjar.io            *.pro6pp.nl            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com;        default-src 'none';        font-src 'self' data:            *.maxict.nl            *.maxshop.test             *.gstatic.com            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com            *.hotjar.com;        frame-src 'self' 'unsafe-inline' about:             *.maxict.nl            *.maxshop.test            *.criteo.com            *.google.com            *.dpd.de            *.eetgroup.com            *.facebook.com            *.hotjar.com            *.hotjar.io            *.kingston.com            *.newstar.eu            *.newstar.nl            *.startech.com            *.tawk.to            *.twindis.com            *.youtube.com            *.psaparts.co.uk            *.gls-info.nl            *.gls-netherlands.com            *.dwin1.com            unpkg.com            *.zenaps.com;        img-src 'self' data: https:             *.maxict.nl            *.maxshop.test            *.google.com;        manifest-src 'self' *.maxict.nl;        object-src 'self' *.maxict.nl;        script-src 'self' 'unsafe-inline' 'unsafe-eval' about:             *.maxict.nl            *.maxshop.test            *.bing.com            *.bizographics.com            *.cloudfront.net            *.criteo.com            *.criteo.net            *.doubleclick.net            *.facebook.net            *.flix360.com            *.flixcar.com            *.flixfacts.com            *.google-analytics.com            *.googleadservices.com            *.googletagmanager.com            *.google.com            *.hotjar.com            *.hotjar.io            *.iceleads.com            *.jsdelivr.net            *.licdn.com            *.linkedin.com            *.list-manage.com            *.mailchimp.com            *.tawk.to            *.vane3alga.com            *.dwin1.com            unpkg.com            *.zenaps.com;        style-src 'self' 'unsafe-inline'             *.maxict.nl            *.maxshop.test            *.cloudfront.net            *.googleapis.com            *.google.com            *.jsdelivr.net            *.mailchimp.com            *.dwin1.com            unpkg.com            *.zenaps.com;        upgrade-insecure-requests; 2
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 2
default-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; frame-src https://www.youtube.com 2
font-src https://www.callisonrtkl.com https://cdn.crtkl.com data: 2
default-src 'self'              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://apis.google.com https://fonts.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://www.googleadservices.com https://panel.stopthehacker.com https://www.googlecommerce.com https://www.gstatic.com https://*.facebook.net https://*.addthis.com https://*.addthisedge.com https://*.bing.com https://*.pinterest.com https://*.powerreviews.com https://*.nr-data.net https://*.doubleclick.net https://*.typekit.net https://*.marinsm.com https://*.googletagmanager.com https://*.tm00.com https://*.cloudfront.net https://*.zendesk.com https://*.newrelic.com https://*.zdassets.com https://*.zopim.com https://*.steelhousemedia.com https://*.newrelic.com https://*.godatafeed.com https://*.steelhousemedia.com https://maps.googleapis.com https://s3.amazonaws.com https://mpsnare.iesnare.com https://www.googleapis.com https://*.nexcesscdn.net https://r2-t.trackedlink.net https://static.trackedweb.net https://h.online-metrix.net https://z.moatads.com https://*.youtube.com https://*.ytimg.com https://tagmanager.google.com https://*.yotpo.com https://cdnjs.cloudflare.com https://*.avmws.com; connect-src 'self' 'unsafe-inline' https://www.google.com https://ssl.google-analytics.com https://www.facebook.com https://panel.stopthehacker.com https://www.google.com https://insights.hotjar.com https://*.addthis.com https://*.bing.com https://*.zdassets.com https://*.zendesk.com https://*.typekit.net/ https://*.zopim.com ws://*.zopim.com ws://*.zendesk.com https://*.wyng.com https://wyng.io https://bam.nr-data.net https://api.offerpop.com https://www.google-analytics.com https://*.nexcesscdn.net https://r2.trackedweb.net https://*.yotpo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.nexcesscdn.net https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com; img-src 'self' https://www.facebook.com https://ssl.google-analytics.com https://panel.stopthehacker.com https://*.doubleclick.net https://*.google.com https://*.bing.com https://*.googleadservices.com https://*.outdoorsignsamerica.com https://*.magentocommerce.com https://*.pinterest.com https://*.addthis.com https://*.amazon-adsystem.com https://*.typekit.net https://*.cloudinary.com https://*.adsymptotic.com https://*.adsrvr.org https://*.zopim.com https://www.google-analytics.com https://www.googletagmanager.com https://dsum-sec.casalemedia.com https://images.ebsco.com https://*.googleapis.com data: https://*.advertising.com https://dpm.demdex.net https://maps.gstatic.com https://*.adnxs.com https://ads.yahoo.com https://m.addthisedge.com https://*.amazonaws.com https://*.steelhousemedia.com https://pixel.rubiconproject.com https://pixel.tapad.com https://*.bluekai.com https://s.thebrighttag.com https://simage2.pubmatic.com https://adadvisor.net https://beacon.krxd.net https://uipglob.semasio.net https://x.bidswitch.net https://match.sharethrough.com https://ads.scorecardresearch.com https://aa.agkn.com https://*.cloudfront.net https://use.fontawesome.com https://use.typekit.net https://privacy-policy.truste.com https://www.oakmountainoutfitters.com https://*.nexcesscdn.net https://ssl.gstatic.com https://www.gstatic.com https://*.yotpo.com https://cdn.wyng.com https://tracking.avantlink.com; font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://*.bootstrapcdn.com https://*.zopim.com data: https://*.cloudfront.net https://*.amazonaws.com https://*.nexcesscdn.net https://use.fontawesome.com https://*.yotpo.com; frame-src 'self' https://www.google.com https://*.googleadservices.com https://*.doubleclick.net https://*.facebook.com https://connect.facebook.net https://www.youtube-nocookie.com https://*.addthis.com https://*.authorize.net https://*.bing.com https://*.pinterest.com https://*.zendesk.com https://*.youtube.com https://*.wyng.com https://*.cybersource.com; object-src 'self' https://mpsnare.iesnare.com; media-src 'self' https://static.zdassets.com 2
frame-ancestors 'none'; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.youtube.com *.youtube-nocookie.com dailymotion.com; img-src http: https: data: blob:; worker-src blob:; child-src blob:; connect-src 'self' https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://translate.yandex.net; base-uri 'self'; frame-src * data: blob:; 2
frame-ancestors 'self'; object-src 'none'; form-action 'self'; base-uri 'none'; 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/uc.js https://www.google-analytics.com/analytics.js https://cdn.segment.com/analytics.js/v1/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/analytics.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js https://unpkg.com/@segment/consent-manager@4.2.2/standalone/consent-manager.js https://www.google.com/jsapi https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://cookieinformation.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://i.ytimg.com https://secure.gravatar.com https://tags.w55c.net; font-src 'self' data: https://ecostruxureit.com/wp-content/plugins/tablepress/css/tablepress.svg https://fonts.googleapis.com https://fonts.gstatic.com https://ecostruxureit.com/wp-content/plugins/tablepress/css/tablepress.ttf; connect-src 'self' https://consent.app.cookieinformation.com https://api.segment.io https://my.wpengine.com https://cdn.segment.com/v1/projects/iRtbOAyGSwQKqJWe9ULwAIil2CEUjZf0/integrations; media-src 'self' https://www.youtube.com; object-src 'self'; frame-src 'self' http://localhost:9100/ https://www.youtube.com https://policy.app.cookieinformation.com; frame-ancestors 'self' http://localhost:9100/ https://app.ecostruxureit.com/ https://dev-app.ecostruxureit.xyz/; report-uri https://ecostruxureit.report-uri.com/r/d/csp/reportOnly 2
script-src 'self' https://az416426.vo.msecnd.net/; form-action 'self'; font-src 'self'; frame-ancestors 'self'; 2
frame-ancestors staging.firebrand.training firebrand.training cms.firebrandtraining.com 2
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://a.omappapi.com https://a.optmnstr.com https://a.quora.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.usemessages.com https://kisi-webflow-production.herokuapp.com https://kisi-webflow-staging.herokuapp.com https://www.redditstatic.com https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com 2
frame-ancestors 'self' http://www.galaxyclub.cn https://www.galaxyclub.cn http://www.samsungmembers.cn https://www.samsungmembers.cn 2
default-src 'self';frame-ancestors 'none';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com *.salesforce.com;child-src 'self';form-action 'self' *.facebook.com *.salesforce.com;img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.outbrain.com *.taboola.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.doubleclick.net *.outbrain.com *.taboola.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net;object-src 'none';connect-src 'self' *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com *.google.com *.taboola.com wss://*.hotjar.com 2
'unsafe-inline'; 2
default-src 'self' wss://*.tawk.to wss://*.hotjar.com https: data:;style-src 'unsafe-inline' https: ;script-src 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: data: * 2
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com; object-src 'none'; block-all-mixed-content 2
frame-ancestors  'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com 2
block-all-mixed-content; base-uri 'none'; default-src 'none'; frame-ancestors 'none'; frame-src consentcdn.cookiebot.com player.vimeo.com www.google.com www.youtube.com *.hotjar.com; object-src 'self'; media-src 'self'; form-action 'self' dmtrk.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiebot.com consentcdn.cookiebot.com bam.nr-data.net js-agent.newrelic.com vimeo.com player.vimeo.com maps.googleapis.com www.googleadservices.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com *.hotjar.com; connect-src 'self' skyfire.vimeocdn.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com *.doubleclick.net *.googlesyndication.com *.hotjar.com wss://*.hotjar.com; img-src 'self' maps.gstatic.com maps.googleapis.com www.google-analytics.com www.google.com www.google.co.uk *.doubleclick.net *.googlesyndication.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.hotjar.com data:; style-src 'self' 'unsafe-inline' maps.googleapis.com fonts.googleapis.com tagmanager.google.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.hotjar.com data:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'unsafe-inline'; img-src 'self'; report-uri /csp 2
default-src 'self' https://*.optimizely.com https://www.google-analytics.com https://*.heg-cp.com; style-src 'self' 'unsafe-inline' https://*.hosteurope.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hosteurope.de https://js.leadinspector.de http://js.leadinspector.de https://js.leadinspector.de tags.tiqcdn.com https://*.doubleclick.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com http://*.optimizely.com www.googleadservices.com https://bat.bing.com www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' data:; object-src 'self'; img-src 'self' 'unsafe-inline' https://www.hosteurope.com/ data: https://www.google.com.ua https://*.leadinspector.de https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net; 2
font-src 'self' https:; base-uri 'self'; 2
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src www.google.com; 2
frame-ancestors 'self' *.plentymarkets-cloud-de.com 2
script-src 'self'  https://*.wistia.com https://embedwistia-a.akamaihd.net blob:  https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com  ajax.aspnetcdn.com  use.typekit.net  us1.siteimprove.com siteimproveanalytics.com  cdnjs.cloudflare.com  use.fontawesome.com  player.vimeo.com  clicky.com in.getclicky.com static.getclicky.com  code.jquery.com  'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; img-src 'self' https://*.leoninedistribution.com data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https:; object-src 'self' https:; media-src 'self' https:; form-action 'self'; base-uri 'self' 2
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 2
frame-ancestors 'self' bibliocms.com *.bibliocms.com bibliocommons.com *.bibliocommons.com libanswers.com *.libanswers.com sccl.bibliocms.com *.sccl.bibliocms.com https://sccld.org sccld.org *.sccld.org; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; media-src * blob:; style-src * 'unsafe-inline'; 2
default-src 'self'; style-src 'self' 'unsafe-inline' aj-matomo-int1.mm-df1.net *.googleapis.com *.google.com *.ytimg.com *.analytik-jena.com; img-src 'self' data: *.google-analytics.com *.gstatic.com yt3.ggpht.com *.googletagmanager.com www.facebook.com *.mm-df1.net *.analytik-jena.com *.aj.local aj.local; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.google-analytics.com *.googletagmanager.com connect.facebook.net *.mm-df1.net *.analytik-jena.com *.aj.local aj.local; font-src 'self' aj-matomo-int1.mm-df1.net *.gstatic.com *.analytik-jena.com; frame-src *; 2
worker-src 'self' blob:; script-src 'unsafe-inline' 'self'  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  https://tags.iag.com.au  https://tags.tiqcdn.com  https://www.youtube.com  https://s.ytimg.com  https://pym.nprapps.org  https://js-agent.newrelic.com  https://static.whatshelp.io  https://*.whatshelp.io  https://bothelp.io  https://engine.api.myjrny.ai  https://bundle.static.myjrny.ai  https://www.staticcdn.co.nz  https://app-script.monsido.com  'unsafe-eval' cdnjs.cloudflare.com cdn.ampproject.org dev.visualwebsiteoptimizer.com www.googletagmanager.com i.kissmetrics.com cdn.inspectlet.com maps.gstatic.com s3.amazonaws.com code.jquery.com doug1izaerwt3.cloudfront.net maps.googleapis.com fonts.googleapis.com mt1.googleapis.com mt0.googleapis.com www.googleapis.com ad.doubleclick.net www.google-analytics.com clients1.google.com mts0.googleapis.com mts1.googleapis.com cbks0.googleapis.com; img-src * data:; style-src 'self' stackpath.bootstrapcdn.com cdnjs.cloudflare.com  https://connect.facebook.net  https://*.liveperson.net  https://www.googleadservices.com  https://bat.bing.com  https://app.vwo.com  https://tagmanager.google.com  https://cse.google.com  https://www.google.com  https://analytics.google.com   https://dev.visualwebsiteoptimizer.com   https://accdn.lpsnmedia.net  https://secure.quantserve.com  https://fonts.gstatic.com   https://*.visualwebsiteoptimizer.com  https://static.whatshelp.io  https://whatshelp.io  https://oneviewchat.iag.co.nz  https://www.facebook.com  https://messengerify.me  https://*.cloudfront.net  https://tags.iag.com.au  https://tags.tiqcdn.com  https://www.youtube.com  https://s.ytimg.com  https://pym.nprapps.org  https://js-agent.newrelic.com  https://static.whatshelp.io  https://*.whatshelp.io  https://bothelp.io  https://engine.api.myjrny.ai  https://bundle.static.myjrny.ai  https://www.staticcdn.co.nz  https://app-script.monsido.com  'unsafe-inline' fonts.googleapis.com www.google.com 2
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 2
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 2
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 2
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://api.autopilothq.com https://apenterprise.io https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl https://form.typeform.com/ https://awps01.argewebhosting.nl https://apenterprise.io https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl wss://ws8.hotjar.com/api/v2/client/ws https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com https://api.autopilothq.com https://apenterprise.io; form-action https:; report-uri /debug/csp; 2
frame-ancestors 'self' *.promod.fr *.promod.com *.promod.de *.promod.pl *.promod.it *.promod.ch *.promod.cz *.promod.es *.promod.co.uk *.promod.eu *.promod.hu *.wonderpush.com 2
frame-ancestors 'self' *.radio.com 2
frame-ancestors 'self' stage-portal.aerztekammer-hamburg.org portal.aerztekammer-hamburg.org; 2
default-src 'self' wss: https://static.zdassets.com https://ekr.zdassets.com https://*.contentful.com https://*.zendesk.com https://*.kampyle.com https://*.tigocloud.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' https://bid.g.doubleclick.net https://*.tigocloud.net https://*.tigo.com.bo https://*.tigo.com.py https://www.youtube.com https://*.kampyle.com https://khipu.com/ https://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://6493920.fls.doubleclick.net https://*.google.com https://*.tigo.com.hn; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://optimize.google.com https://www.google.com.ar https://*.tigocloud.net https://static.zdassets.com https://connect.facebook.net https://s.ytimg.com https://www.youtube.com/iframe_api https://widget-mediator.zopim.com https://*.kampyle.com https://js-agent.newrelic.com https://bam.nr-data.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.reportv.com.ar https://*.crwdcntrl.net https://tigo.us7.list-manage.com https://web.webpushs.com https://tigo.us18.list-manage.com https://static.ads-twitter.com https://www.gstatic.com https://cdn.epica.ai https://*.inbenta.chat https://*.inbenta.io https://*.googleoptimize.com https://ad.doubleclick.net https://cdn.smooch.io; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigocloud.net https://*.inbenta.io; img-src 'self' data: blob: https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://www.facebook.com https://*.kampyle.com https://static.zdassets.com https://www.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://*.zopim.io https://lh3.googleusercontent.com https://platform-lookaside.fbsbx.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.tigo.com.bo https://ssl.gstatic.com https://www.gstatic.com https://cdn.sendpulse.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://analytics.twitter.com https://svr.mic.edge.com.py http://openweathermap.org https://openweathermap.org https://bcp.crwdcntrl.net https://cx.atdmt.com https://ad.doubleclick.net https://*.inbenta.com https://*.inbenta.io;  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://tagmanager.google.com https://cdn.sendpulse.com https://*.tigocloud.net https://*.inbenta.io https://*.google.com; connect-src *; 2
frame-ancestors 'self' https://weltladen-fachtage.expo-ip.com http://weltladen-fachtage.expo-ip.com https://weltladen-fachtageadmin.expo-ip.com; 2
frame-ancestors 'self' https://viewer.ipaper.io; 2
default-src 'self' *.transunion.com *.transunion.co.za *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com *.passage.ai wss://tars-prod.passage.ai; script-src 'self' *.kore.ai *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net app.trustev.com pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com *.passage.ai blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.kore.ai wss://rtm.kore.ai *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.comi *.passage.ai wss://tars-prod.passage.ai; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com fonts.gstatic.com *.transunion.co.za api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 2
default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net 2
default-src 'self' data: code.jquery.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com; frame-src 'self' *.youtube-nocookie.com 2
base-uri 'self'; img-src * data: 'unsafe-inline'; default-src data: * 'unsafe-inline'; frame-ancestors 'self'; manifest-src 'self'; media-src *.readspeaker.com *.speechstream.net 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 2
default-src 'self'; connect-src https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://api.addressy.com https://*.lot.to https://*.sportcaller.com https://*.mixpanel.com https://cdn.contentful.com https://preview.contentful.com https://sentry.io https://*.pusher.com wss://*.pusher.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://www.facebook.com https://*.crazyegg.com https://*.maxmind.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.launchdarkly.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://adservice.google.com https://*.secure.footprint.net https://*.atgvision.com https://geoip-js.com https://*.upscope.io wss://*.upscope.io https://banner.appsflyer.com https://bat.bing.com https://*.oscato.com; form-action 'self' https://bridge.aircall.io https://intercom.help https://api-iam.intercom.io https://verify.monzo.com https://www.facebook.com https://*.oscato.com https://webapp.securetrading.net; frame-ancestors 'self'; frame-src https://account.tote.digital https://account.test.tote.digital https://account.dev.tote.digital https://account.migration.tote.digital https://www.google.com https://account.staging.tote.live https://account.performance.tote.live https://account.live.tote.live https://account.tote.live https://account.staging.tote.co.uk https://account.performance.tote.co.uk https://account.live.tote.co.uk https://account.tote.co.uk https://thetote.atlassian.net https://tentofollow.tote.digital https://tentofollow-internal.tote.digital https://tentofollow.tote.live https://tentofollow.tote.co.uk https://flattentofollow.tote.co.uk https://colossus.stage.tote.co.uk https://development.tote.digital https://test.tote.digital https://stage.tote.co.uk https://tote.co.uk https://test-branch.tote.digital https://intercom-sheets.com https://*.pariplaygames.com https://d21j22mhfwmuah.cloudfront.net https://player.vimeo.com https://www.youtube.com https://*.fls.doubleclick.net https://cdn.sportcaller.com https://*.adsrvr.org https://*.blueprintgaming.com https://*.rubyplay.com https://*.inspiredvirgo.com https://*.upscope.io https://servedby.flashtalking.com/ https://wab-visualisation.performgroup.com/ https://www.facebook.com https://*.inseincvirtuals.com/ https://*.oscato.com; img-src 'self' blob: data: https://icard.gbiracing.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk https://images.ctfassets.net https://images.racingpost.com https://www.googletagmanager.com https://static.intercomassets.com https://*.intercomcdn.com https://*.gstatic.com https://*.aircall.io https://*.micpn.com https://*.intercom.io https://*.intercom-attachments.com https://uploads.intercomusercontent.com https://lotto.nyc3.cdn.digitaloceanspaces.com https://www.facebook.com https://t.myvisualiq.net https://bat.bing.com https://tapestry.tapad.com https://t.co https://*.doubleclick.net https://tags.bluekai.com https://dpm.demdex.net https://loadus.exelator.com https://idsync.rlcdn.com https://www.google.com https://www.google.co.uk https://www.google.com.ua https://insight.adsrvr.org https://*.crazyegg.com https://*.google-analytics.com https://cx.atdmt.com https://*.upscope.io https://servedby.flashtalking.com https://cdn.sportcaller.com https://*.oscato.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pusher.com https://*.gstatic.com https://www.googletagmanager.com https://*.intercom.io https://js.intercomcdn.com https://*.google.com https://*.mxpnl.com https://thetote.atlassian.net https://*.micpn.com https://connect.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.myvisualiq.net https://www.googleadservices.com https://analytics.twitter.com https://*.crazyegg.com https://js.adsrvr.org https://*.google-analytics.com https://s3.amazonaws.com/trk.cetrk.com/7/t.js https://*.maxmind.com https://*.upscope.io https://websdk.appsflyer.com https://cdn4.userzoom.com https://*.oscato.com; font-src 'self' data: https://js.intercomcdn.com https://*.gstatic.com https://fonts.intercomcdn.com https://*.upscope.io https://cdn.tote.co.uk; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.upscope.io https://*.oscato.com https://*.tote.digital https://*.tote.rocks https://*.tote.live https://*.tote.co.uk; media-src 'self' https://js.intercomcdn.com https://*.akamaized.net https://*.akamaihd.net https://*.attheraces.com https://*.secure.footprint.net https://*.atgvision.com https://*.upscope.io https://wab-visualisation.performgroup.com/ blob:; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://wab-visualisation.performgroup.com/ https://*.upscope.io https://*.oscato.com blob:; worker-src blob:; upgrade-insecure-requests; report-uri https://thetote.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'self' *.medialift.nl *.drugsinfo.nl *.alcoholinfo.nl *.helderopvoeden.nl *.rokeninfo.nl *.verslaafdaanjou.nl *.gokkeninfo.nl *.gameninfo.nl *.mentaalvitaal.nl; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com *.google-analytics.com https://www.google-analytics.com *.googleapis.com https://www.google.com/js https://www.google.com/ads https://www.googletagmanager.com https://cloud.typography.com *.gstatic.com https://stats.g.doubleclick.net *.cloudfront.net https://www.youtube.com *.youtube.com https://app.termly.io https://i.ytimg.com https://yt3.ggpht.com https://static.doubleclick.net https://secure.quantserve.com https://snap.licdn.com https://rules.quantcount.com https://pixel.quantserve.com https://px.ads.linkedin.com http://www.google.com https://p.adsymptotic.com https://lbm.doitbestonline.com https://media.mydoitbest.com ; frame-src 'self' https://app.termly.io https://www.youtube.com https://www.google.com ; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 2
default-src 'self' 'unsafe-inline'; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 'report-sample' cdnjs.cloudflare.com srv-odh.dordogne.fr http://* *.googletagmanager.com *.google.com *.gstatic.com *.dordogne.fr dev.virtualearth.net arcgis.com *.arcgis.com ; style-src 'self' data: 'unsafe-inline' 'report-sample' arcgis.com *.arcgis.com srv-odh.dordogne.fr http://* *.googleapis.com *.dordogne.fr; img-src 'self' blob: data: habitat.dordogne.fr tile.openstreetmap.org img.youtube.com i.vimeocdn.com pbs.twimg.com *.ggpht.com *.ytimg.com *.fbcdn.net http://* *.dordogne.fr; font-src * 'self' data: https://fonts.gstatic.com *.dordogne.fr; connect-src *; media-src 'self' maps.google.com; object-src 'none'; prefetch-src 'self'; child-src 'self'; frame-src 'self' arcgis.com *.arcgis.com *.vimeo.com *.google.com *.calameo.com *.youtube-nocookie.com; worker-src 'none'; form-action 'self'; base-uri 'self'; manifest-src 'self'; 2
report-uri //csp.merlion.ru:8080/report/428307387702970221/; connect-src https://hd.ddix.ru rutube.ru *.google-analytics.com 'self' *.yandex.ru https://*.yandex.ru video.f1cd.ru ; child-src 'self' ; font-src static.lc-group.ru 'self' oklick.ru fonts.gstatic.com ; form-action https://hd.ddix.ru 'self' ; frame-ancestors webvisor.com *.webvisor.com 'self' ; frame-src *.oklick.ru https://*.googletagmanager.com 'self' *.yandex.ru yastatic.net video.f1cd.ru https://www.youtube.com ; img-src data: *.merlion.ru static.lc-group.ru *.oklick.ru https://*.yandex.net 'self' ferralabs.ru www.f1cd.ru *.yandex.net support.ddix.ru *.merlion.com merlion.com *.yandex.ru https://*.yandex.ru *.google-analytics.com yastatic.net ; media-src *.oklick.ru static.lc-group.ru 'self' ; object-src static.lc-group.ru *.oklick.ru 'self' *.rutube.ru *.f1cd.ru ; script-src https://hd.ddix.ru static.lc-group.ru *.oklick.ru https://*.googletagmanager.com https://yastatic.net https://*.yandex.net 'unsafe-eval' https://*.google-analytics.com *.google.com 'self' ajax.googleapis.com *.yandex.ru https://*.yandex.ru *.google-analytics.com yastatic.net support.ddix.ru www.google-analytics.com ; style-src static.lc-group.ru *.oklick.ru 'unsafe-inline' 'self' fonts.googleapis.com support.ddix.ru ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; 2
default-src 'self' *.onewp.net ;   style-src 'unsafe-inline' 'self' data: *.google.com *.facebook.com *.enalyzer.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.hotjar.com *.hotjar.io *.onewp.net *.google.com *.googleapis.com use.typekit.net p.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com;   font-src 'self' *.google.com *.google.se  *.facebook.com *.enalyzer.com *.adform.net *.facebook.net fonts.gstatic.com data: *.northfork.se *.hotjar.com *.hotjar.io *.elfsight.com *.onewp.net *.prod.onewp.net *.staging.onewp.net use.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com;   script-src 'self' *.google.com *.google.se *.facebook.com *.enalyzer.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.onewp.net *.hotjar.com *.hotjar.io *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com use.typekit.net sc-static.net *.sc-static.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com *.papaya.no 'unsafe-inline' 'unsafe-eval' blob:;   connect-src 'self' *.google.com *.google.se *.facebook.com *.enalyzer.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.onewp.net *.hotjar.com *.hotjar.io *.googleadservices.com *.google-analytics.com yoast.com performance.typekit.net oocd-api.azurewebsites.net *.azureedge.net *.svc.dynamics.com;   worker-src 'self' blob: ;   child-src 'self' blob: ;   img-src 'self' data: *.google.com *.google.se *.facebook.com *.adform.net *.facebook.net *.northfork.se *.elfsight.com *.hotjar.com *.hotjar.io *.cdninstagram.com *.onewp.net *.google-analytics.com *.gstatic.com *.doubleclick.net secure.gravatar.com s.w.org p.typekit.net *.clickdimensions.com *.msecnd.net *.vo.msecnd.net *.azureedge.net *.svc.dynamics.com;   frame-src 'self' * 2
frame-ancestors 'self' *.11freunde.de *; 2
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://chatbot.elmuemasz.hu/; style-src 'self' 'unsafe-inline' https://storage.chatbot.elmuemasz.hu/ https://elmurg11chatbot.blob.core.windows.net/ https://maps.googleapis.com https://maps.gstatic.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://chatbot.elmuemasz.hu/; img-src 'self' 'unsafe-inline' data: https://storage.chatbot.elmuemasz.hu/ https://elmurg11chatbot.blob.core.windows.net/ https://i.ibb.co/61frh4q/elmuelek.png https://i.imgur.com/ https://cdn.cai.tools.sap/ https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://ssl.gstatic.com/ https://chatbot.elmuemasz.hu/; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com;connect-src 'self' https://elmu.proebiz.com/ https://api.cai.tools.sap/ https://www.google-analytics.com https://chatbot.elmuemasz.hu/ wss://chatbot.elmuemasz.hu/; frame-src https://www.google.com/recaptcha/ https://www.facebook.com https://staticxx.facebook.com https://docs.google.com/forms/ https://my.matterport.com/show/ https://www.youtube.com/embed/;frame-ancestors 'self'; form-action 'self'; 2
object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://channelconnect.nl/; default-src blob: https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://*.your-jobresponse.com https://vonq.io https://*.heeft-vacatures.nl https://www.youtube.com https://www.facebook.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.mapbox.com; script-src 'self' 'unsafe-inline' blob: https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.twitter.com https://*.ads-twitter.com https://*.linkedin.com https://www.gstatic.com https://js.live.net https://*.mapbox.com https://www.google-analytics.com https://sjs.bizographics.com https://connect.facebook.net https://www.dropbox.com https://apis.google.com; connect-src 'self' https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://www.facebook.com https://*.doubleclick.net https://*.zdassets.com https://www.google-analytics.com https://*.tiles.mapbox.com https://*.mapbox.com wss://*.hotjar.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; frame-src 'self' https://*.google.com/ https://www.youtube.com https://vars.hotjar.com; font-src 'self' https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com https://*.zopim.com; img-src 'self' blob: data: https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://v2assets.zopim.io https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://*.zopim.com https://maps.googleapis.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://*.doubleclick.net; 2
default-src 'self' https://www.youtube.com https://jobs.b-ite.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.google.com https://www.google-analytics.com https://www.googletagmanager.com https://static.b-ite.com https://cs-assets.b-ite.com; img-src 'self' data: https://cs-assets.b-ite.com https://www.studycheck.de https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cs-assets.b-ite.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' 2
frame-ancestors 'self' webvisor.com metrika.yandex.ru mc.yandex.ru *.yandex.tld *.yandex.net webvisor.com; 2
default-src 'self' http: https: data: blob: 'unsafe-inline' blob: 'unsafe-eval' 2
default-src 'self' http: https: ; img-src http: https: data: ; font-src http: https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ; connect-src 'self' https: wss: ; style-src 'unsafe-inline' http: https: ; frame-ancestors 'self' http://*.stage.peri.info https://*.stage.peri.info http://*.live.peri.info https://*.live.peri.info ; child-src 'self' * ;frame-src 'self' * 2
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.google.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net; frame-src 'self' www.gstatic.com www.google.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sompojapan.com.tr *.somposigorta.com.tr *.google.com *.google-analytics.com *.googleapis.com *.facebook.com *.gstatic.com *.facebook.net *.googletagmanager.com *.bootstrapcdn.com *.hotjar.com *.onesignal.com onesignal.com mc.yandex.ru track.adform.net *.googleadservices.com googleads.g.doubleclick.net *.cloudflare.com *.polyfill.io polyfill.io transloadit.edgly.net pisano.com.tr *.pisano.com.tr cdn.jsdelivr.netajax.aspnetcdn.com *.typeform.com jira.spartez.com 2
default-src 'self'; font-src data: https://assets.dm.de https://cdn.kali.services.dmtech.com; child-src 'self' blob:; script-src 'self' 'unsafe-eval' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.mm.dm.de https://ssl.hurra.com https://*.bazaarvoice.com https://mpsnare.iesnare.com; worker-src 'self' blob:; connect-src 'self' https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://coupon-aktionen.dm.de https://services.dm.de https://products.dm.de https://*.services.dmtech.com https://assets.dm.de https://cdn.kali.services.dmtech.com https://cart.services.dmtech.com https://*.mm.dm.de https://*.services.dmtech.com https://api.mapbox.com https://events.mapbox.com https://ssl.hurra.com https://*.bazaarvoice.com https://browser-http-intake.logs.datadoghq.eu https://login.dm.de https://mpsnare.iesnare.com https://staedtetour.dm-fb2.de; style-src 'self' 'unsafe-inline' https://assets.dm.de https://cdn.kali.services.dmtech.com https://*.bazaarvoice.com https://api.tiles.mapbox.com; img-src 'self' data: blob: https://assets.dm.de https://cdn.kali.services.dmtech.com https://cdn02.dm-static.com https://media.dm-static.com https://*.services.dmtech.com https://ssl.hurra.com  https://*.mm.dm.de https://*.bazaarvoice.com https://i.ytimg.com https://img.youtube.com https://play.google.com https://linkmaker.itunes.apple.com https://d2pqvatijh75rn.cloudfront.net https://a0.modiface.com https://d3s22jwy77sx9i.cloudfront.net; frame-ancestors 'self' https://*.dm.de https://app.datadoghq.eu https://*.lxprod.ka.de.dm-drogeriemarkt.com; frame-src 'self' https://ssl.hurra.com https://*.dm.de https://*.services.dmtech.com https://sandbox.om.dm.de https://*.bazaarvoice.com https://www.youtube-nocookie.com https://configurator.nuk.de/ https://hey-familie.podigee.io https://cdn.podigee.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; form-action 'self' https://login.dm.de https://checkout.dm.de https://*.bazaarvoice.com; manifest-src 'self'; report-uri /__csp-reports__ 2
frame-ancestors 'self' *.highspot.com 2
block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests; 2
frame-ancestors 'self' https://www.facebook.com 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.agricover.com googleads.g.doubleclick.net www.google-analytics.com www.google.com stats.g.doubleclick.net bid.g.doubleclick.net *.adroll.com d.adroll.mgr.consensu.org connect.facebook.net www.facebook.com bat.bing.com sealserver.trustwave.com verify.authorize.net www.paypal.com www.googletagmanager.com cdn.ywxi.net s3-us-west-2.amazonaws.com www.paypalobjects.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com www.w3.org *.authorize.net seal.godaddy.com www.googleadservices.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com sync.taboola.com ads.yahoo.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net www.gstatic.com cm.g.doubleclick.net www.trustedsite.com ups.analytics.yahoo.com www.youtube.com ajax.googleapis.com app.hireology.com careers.hireology.com apply.indeed.com platform.twitter.com syndication.twitter.com www.accesscover.com maps.googleapis.com 2
frame-ancestors alunos.institutoprominas.com.br 'self'; 2
default-src 'self' https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' 'unsafe-inline' http: https: data: blob:; connect-src 'self' https: blob:; worker-src 'self' https: blob: 2
default-src 'self' static.mycity.travel static.aigle-leysin-lesmosses.ch * 'unsafe-inline' 'unsafe-eval' data: blob:; upgrade-insecure-requests; frame-ancestors: 'self' https://static.mycity.travel *; 2
default-src script-src 'unsafe-eval' 'self' wss://*.zopim.com *.outbrain.com *.taboola.com web-material3.yokogawa view.ceros.com *.quantcount.com *.quantserve.com *.addthis.com *.adscience.nl *.akamaized.net *.bit.ly *.crazyegg.com *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.graph.instagram.com *.gstatic.com *.hays.co.uk *.hays.com *.hotjar.* *.hotjar.com *.igodigital.com *.instagram.fbom5-1.fna.fbcdn.net *.linkedin.com *.nccgroup-webperf.com *.onrecruit.net *.optimizely.com *.slideshare.net *.soundcloud.com *.surveymonkey.com *.tealiumiq.com *.tiqcdn.com *.twimg.com *.twitter.com *.typography.com *.vimeo.com *.yahooapis.com *.youtube.com *.zdassets.com *.zopim.com *.zopim.io accessibe.com acsbap.com consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com font-src prefmgr-cookie.truste-svc.net 'self' 'unsafe-inline' hm.baidu.com data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.samson.de 2
frame-ancestors undefined 2
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline' wss:; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net *.yastatic.net tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai *.cloudfront.net *.cloudflare.com *.bootstrapcdn.com *.googleapis.com; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com *.bootstrapcdn.com; img-src 'self' mil.ru *.mil.ru mc.yandex.ru *.mc.yandex.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru *.mil.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru livezvezda.mediacdn.ru *.livezvezda.mediacdn.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ances