Values for content-security-policy: upgrade-insecure-requests 5,411 upgrade-insecure-requests; 3,421 frame-ancestors 'self' 2,185 block-all-mixed-content 1,091 frame-ancestors 'self' http://webvisor.com 689 default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 654 frame-ancestors 'none' 277 frame-ancestors 'self'; 273 default-src * data: 'unsafe-eval' 'unsafe-inline' 255 default-src https: data: 'unsafe-inline' 'unsafe-eval' 230 frame-ancestors 'self' ; 179 158 frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 139 frame-ancestors 'self' https://app.kajabi.com 116 img-src https: data:; upgrade-insecure-requests 107 frame-ancestors 'none'; 106 upgrade-insecure-requests; frame-ancestors 'self' 68 default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 58 frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net 53 report-uri /report-csp-violation 51 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; child-src https: blob: data:; connect-src https: blob: data: wss:; font-src https: blob: data:; img-src https: blob: data:; media-src https: blob: data:; object-src https: blob: data:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: data: 'unsafe-inline'; upgrade-insecure-requests 49 frame-ancestors about: 'self' 42 report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com dev.visualwebsiteoptimizer.com *.adnxs.com *.appier.net *.doubleclick.net *.google.co.uk *.googleadservices.com *.googlesyndication.com *.mathtag.com *.openx.net *.scupio.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com cs.gssprt.jp match.adsrvr.org pixel.rubiconproject.com ps.eyeota.net ssp.adskom.com sync.ad-stir.com sync.adap.tv sync.adaptv.advertising.com tags.clickintext.net tapestry.tapad.com *.semasio.net *.disquscdn.com *.disqus.com disqus.com d17m68fovwmgxj.cloudfront.net apps-cdn.britishcouncil.org embed.scribblelive.com bat.bing.com public.tableau.com *.socdm.com britishcouncil-email.createsend.com *.googleapis.com *.gstatic.com www.google.de www.google.es *.google.com *.salesforceliveagent.com *.qualaroo.com s3.amazonaws.com *.bizographics.com sjs.bizographics.com idsync.rlcdn.com aa.agkn.com stags.bluekai.com sync.crwdcntrl.net loadus.exelator.com ml314.com *.adroll.com ucarecdn.com *.streamamg.com bookeo.com www-2903b.bookeo.com britishcouncil.github.io olc.live.solas.britishcouncil.digital bam.nr-data.net js-agent.newrelic.com *.akamaihd.net x.bidswitch.net *.ads-twitter.com *.twimg.com *.twitter.com *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net *.linkedin.com snap.licdn.com *.sharethis.com vk.com cdn.polyfill.io www.googletagmanager.com sui.britishcouncil.org *.vimeocdn.com player.vimeo.com vimeo.com *.ytimg.com www.youtube.com *.google-analytics.com *.webtrends.com statse.webtrendslive.com *.yahoo.com b92.yahoo.co.jp s.yimg.com britishcouncil.wufoo.com *.instagram.com *.hotjar.com *.stripe.com; 40 * 39 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com verify.agego.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.exoclick.com *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com; 38 default-src 'self'; frame-src 'none'; img-src 'self' *.pbwstatic.com https://*.pbwstatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 37 frame-ancestors https://*.ionos.com/ http://*.ionos.com/ 34 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 33 default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 33 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob:; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 31 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.highwebmedia.com *.chaturbate.com chaturbate.com ajax.googleapis.com cdn.exoticads.com js-agent.newrelic.com cdnjs.cloudflare.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ bam.nr-data.net chaturbateapps.disqus.com *.disquscdn.com disqus.com ; style-src 'self' data: 'unsafe-inline' *.highwebmedia.com cdnjs.cloudflare.com fonts.googleapis.com *.disquscdn.com ; img-src 'self' data: *.highwebmedia.com *.chaturbate.com chaturbate.com www.google-analytics.com https://public.chaturbate.com https://cbpv.chaturbate.com cbphotovideo.s3.amazonaws.com cbphotovideo-eu.s3.amazonaws.com public.chaturbate.com.s3.amazonaws.com wowdvr.s3.amazonaws.com cbvideoupload.s3.amazonaws.com cdnjs.cloudflare.com www.gstatic.com bam.nr-data.net *.disquscdn.com links.services.disqus.com referrer.disqus.com ; font-src 'self' data: *.highwebmedia.com cdnjs.cloudflare.com fonts.gstatic.com ; connect-src 'self' blob: blob *.highwebmedia.com wss://*.highwebmedia.com wss://*.highwebmedia.com:8443 bam.nr-data.net *.chaturbate.com chaturbate.com wss://recommend.chaturbate.com:8443 www.google-analytics.com links.services.disqus.com sentry.io cbvideoupload.s3-accelerate.amazonaws.com https://public.chaturbate.com https://cbpv.chaturbate.com cbphotovideo.s3.amazonaws.com cbphotovideo-eu.s3.amazonaws.com public.chaturbate.com.s3.amazonaws.com wowdvr.s3.amazonaws.com cbvideoupload.s3.amazonaws.com ; media-src 'self' *.highwebmedia.com *.chaturbate.com chaturbate.com mediasource: blob: data: https://public.chaturbate.com https://cbpv.chaturbate.com cbphotovideo.s3.amazonaws.com cbphotovideo-eu.s3.amazonaws.com public.chaturbate.com.s3.amazonaws.com wowdvr.s3.amazonaws.com cbvideoupload.s3.amazonaws.com; object-src 'self' *.highwebmedia.com download.macromedia.com https://public.chaturbate.com https://cbpv.chaturbate.com cbphotovideo.s3.amazonaws.com cbphotovideo-eu.s3.amazonaws.com public.chaturbate.com.s3.amazonaws.com wowdvr.s3.amazonaws.com cbvideoupload.s3.amazonaws.com ; frame-src 'self' *.chaturbate.com chaturbate.com *.highwebmedia.com adserver.exoticads.com www.google.com/recaptcha/ disqus.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' *.chaturbate.com chaturbate.com *.stream.highwebmedia.com www.coinpayments.net wnu.com ; manifest-src 'self' *.highwebmedia.com ; report-uri https://report-uri.highwebmedia.com/r/t/csp/enforce; 30 block-all-mixed-content; 27 frame-ancestors https://*.poki.io http://localhost:1234 25 report-uri //report-csp-violation 25 script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport 24 default-src 'self' blob: wss: data: https:; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 22 frame-ancestors 'self' https://*.impress.ly https://*.dragndropbuilder.com https://*.weeblycloud.com https://*.sitelock.com https://*.mojomarketplace.com https://*.ipage.com https://*.yourhostingaccount.com https://*.ecwid.com 20 frame-ancestors self 20 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 20 upgrade-insecure-requests; block-all-mixed-content; 20 frame-ancestors 'self' godaddy.com *.godaddy.com test-godaddy.com *.test-godaddy.com dev-godaddy.com *.dev-godaddy.com 20 default-src http: data: 'unsafe-inline' 'unsafe-eval' 19 default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'none'; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; 19 frame-ancestors 'self' https://explore.oracle.com 18 self 18 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 18 frame-ancestors https:; 18 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; font-src 'self' data: https:; form-action *; 18 frame-ancestors 'self' https://*.tw.mawebcenters.com 18 frame-ancestors 'self'; upgrade-insecure-requests 17 frame-ancestors 'self' *.espn.com:* *.espnqa.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr http://*.espnqa.com:* http://*.espn.com:* 16 frame-ancestors 'self' https://help.glassdoor.com http://library.glassdoor.com https://library.glassdoor.com http://glassdoor.lookbookhq.com https://glassdoor.lookbookhq.com https://glassdoor2.lookbookhq.com https://howto.glassdoor.com https://apply.indeed.com ; 16 default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' app.optimizely.com apps.facebook.com fonts.googleapis.com 16 default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 16 script-src *; 15 sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=generic 15 referrer origin 15 object-src 'self' 15 frame-ancestors https://www.hk-laisee.com https://www.hk-rewards.com https://www.myopinions.com.au 15 allow 'self'; 15 default-src 'self' 14 upgrade-insecure-requests; base-uri 'self' 14 default-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 14 frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 13 report-uri https://99designs.report-uri.io/r/default/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 13 frame-ancestors 13 default-src * 'unsafe-inline' 'unsafe-eval' data: 13 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; 13 script-src * 'self' 'unsafe-inline' 'unsafe-eval' 13 connect-src * 13 default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 12 frame-ancestors 'self' https://cms.aboutamazon.com 12 ; 12 none 12 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 12 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com 12 default-src https: blob:; frame-ancestors 'self' https://www.ford.com.au https://www.ford.co.th https://www.india.ford.com; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; media-src https: blob:; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'unsafe-inline' https:; base-uri 'self'; 12 upgrade-insecure-requests; block-all-mixed-content 11 default-src 'self' data:; font-src 'self' data: https://fonts.gstatic.com/; media-src 'self' blob:; img-src * data:; style-src 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google-analytics.com/ https://cdn.plaid.com/ data:; frame-src 'self' https://www.google.com/recaptcha/ https://player.vimeo.com/ https://*.privacy.com/ https://*.facebook.com/ https://cdn.plaid.com/; connect-src 'self' https://a.qwepw.com/ 11 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 11 referrer no-referrer 11 policy-definition 11 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 11 default-src https: 'unsafe-inline' 'unsafe-eval' 11 default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 11 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 11 frame-ancestors https://www.freshworks.com 10 default-src 'self'; script-src 'self' 'unsafe-inline' 10 reflected-xss block 10 frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar 10 frame-ancestors http://*.olx.co.cr:* http://*.olx.com:* http://*.olx.com.ar:* http://*.olx.com.bo:* http://*.olx.com.co:* http://*.olx.com.ec:* http://*.olx.com.gt:* http://*.olx.com.ni:* http://*.olx.com.pa:* http://*.olx.com.pe:* http://*.olx.com.py:* http://*.olx.com.sv:* http://*.olx.com.uy:* http://*.olx.com.ve:* http://*.olx.ir:* http://*.mod-tools.com:* https://*.olx.co.cr:* https://*.olx.com:* https://*.olx.com.ar:* https://*.olx.com.bo:* https://*.olx.com.co:* https://*.olx.com.ec:* https://*.olx.com.gt:* https://*.olx.com.ni:* https://*.olx.com.pa:* https://*.olx.com.pe:* https://*.olx.com.py:* https://*.olx.com.sv:* https://*.olx.com.uy:* https://*.olx.com.ve:* https://*.olx.ir:* https://*.mod-tools.com:* 10 default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 10 'self' https://ajax.googleapis.com 10 frame-ancestors 'self' http://*.elsevier.es/ 10 default-src * data: 'unsafe-inline' 'unsafe-eval' 10 default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 10 default-src https: 'unsafe-inline' data: 'unsafe-eval' blob: 10 report-uri /csp-hotline.php; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stackpath.bootstrapcdn.com https://cdn.datatables.net *.mihtool.com https://cdnjs.cloudflare.com https://yastatic.net yastatic.net https://*.yastatic.net *.slus.name https://*.slus.name:3000 *.yastatic.net *.mail.com https://*.gstatic.com *.gstatic.com https://*.google.com *.google.com vk.com *.effad.ru effad.ru *.me-talk.ru disgusting.ru yandex.st *.yadro.ru *.yandex.ru *.ok.ru *.rf-sp.ru https://rf-sp.ru *.tbex.ru *.google-analytics.com *.googleapis.com *.jivosite.com *.jquery.com *.gismeteo.ru *.siteheart.com 38mama.ru me-talk.ru top-fwz1.mail.ru st.top100.ru https://jsconsole.com https://d3js.org; style-src 'self' 'unsafe-inline' *.rf-sp.ru 38mama.ru *.chathelp.ru *.slus.name https://cdnjs.cloudflare.com https://*.gstatic.com *.slus.name:3000 https://cdn.datatables.net https://stackpath.bootstrapcdn.com https://www.google.com https://fonts.googleapis.com; 10 default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 10 default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 10 img-src 'self' data: * 10 upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 9 frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 9 frame-ancestors 'self'; default-src 'self' https://www.stanbicibtcfundsmanagement.com https://dpm.demdex.net https://maps.googleapis.com https://fast.standardbank.demdex.net https://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel https://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: https://ad.doubleclick.net https://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za https://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://cdn.krxd.net https://assets.adobedtm.com https://secure-ds.serving-sys.com https://cdn.krxd.net https://www.googleadservices.com https://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://*.map2.ssl.hwcdn.net; 9 frame-ancestors 'self' azeu.marketing.adobe.com 9 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: *; 9 frame-ancestors 'self' https://*.adobe.com 9 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; object-src 'none'; base-uri 'self'; 9 frame-ancestors 'self' https://*.facebook.com; 9 object-src 'none' 9 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 9 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 9 script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*; object-src 'self' 9 default-src 'self' 'unsafe-inline' * data: blob: 'unsafe-eval'; 9 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; media-src 'self' https: blob:; worker-src 'self' https: blob:; block-all-mixed-content; connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: https://*.trouter.io:443 https://*.trouter.skype.com:443 wss://*.trouter.io:443 wss://*.trouter.skype.com:443; 8 frame-ancestors https://oa.sheincorp.cn http://activity-admin.biz.sheincorp.cn 8 frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 8 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 8 script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 8 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 8 default-src 'self'; frame-src 'self' data: fbrpc://call https://wenzhang.baidu.com https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com; script-src 'self' data: https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://swenzhang.baidu.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://uua1puwkv5-dsn.algolia.net https://*.algolianet.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://cdn.jsdelivr.net/algoliasearch/ https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.postcodeanywhere.co.uk https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https:; style-src 'self' https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://swenzhang.baidu.com https://*.googleapis.com https://*.postcodeanywhere.co.uk 'unsafe-inline'; font-src 'self' data: https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net ; connect-src 'self' https://*.postcodeanywhere.co.uk https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.algolia.net https://*.algolianet.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://c2.mysalec.com https://*.visa.com https://www.paypalobjects.com; report-uri https://headersreporting.mysaleapi.com/Report 8 frame-ancestors 'self' app.optimizely.com 8 default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; worker-src blob:; 8 default-src data: 'self' 'unsafe-eval' 'unsafe-inline' https://* wss://*; frame-src 'self' https://ru.spotscan.com/ https://loreal-webconsultation.modiface.com/ https://makeupstat.ru/ https://skinstat.ru/ https://staticxx.facebook.com/ https://*.doubleclick.net/ https://tag.rutarget.ru/ https://*.criteo.com/ https://*.google.com/ https://www.facebook.com/ https://www.youtube.com/ https://*.googletagmanager.com https://api.flocktory.com/ https://vk.com/ https://*.criteo.net https://rbnt.org https://*.yandex.ru; img-src data: 'self' http://* https://* wss://*; 8 frame-ancestors 'self'; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; default-src * 8 frame-ancestors 'self' https://metrica.yandex.ru/; 8 img-src * data: blob:; 8 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; media-src 'self' data: blob: https:; font-src 'self' data: https:; form-action *; 8 frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com 8 upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 7 default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com customer-stories-feed.github.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com 7 frame-ancestors 'self' http://localhost:* https://*.bustle.com 7 upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 7 frame-src *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se bitdefender.marketing.adobe.com download.bitdefender.com *.facebook.com *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de bitdefender.demdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net assets.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net consentcdn.cookiebot.com recommender.scarabresearch.com *.zenaps.com hal9000.redintelligence.net pixel.xonaz.com static-hello.bitdefender.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com pixel.xonazz.com 7 frame-ancestors 'self' https://www.growingio.com 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' form.lidl.com *.lidl.com *.ccmp.eu *.lidl *.lidl.net *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.googletagmanager.com tagmanager.google.com assets.zendesk.com connect.facebook.net *.cookiebot.com *.secrz.de *.google-analytics.com *.ftrace.com *.soundcloud.com lq.digital.not-perfect.com onlime.bg *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; img-src 'self' data: *.lidl *.lidl.net *.ccmp.eu *.lidl.com *.lidl-flyer.com *.google-analytics.com *.bing.com *.virtualearth.net *.osm.org *.openstreetmap.org *.doubleclick.net s-static.ak.facebook.com assets.zendesk.com *.secrz.de *.google-analytics.com *.ftrace.com *.soundcloud.com lq.digital.not-perfect.com onlime.bg *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; style-src 'self' 'unsafe-inline' form.lidl.com fonts.googleapis.com *.bing.com assets.zendesk.com *.secrz.de *.ftrace.com *.soundcloud.com lq.digital.not-perfect.com onlime.bg *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; font-src 'self' 'unsafe-inline' form.lidl.com data: themes.googleusercontent.com fonts.gstatic.com *.ftrace.com *.soundcloud.com lq.digital.not-perfect.com onlime.bg *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; frame-src 'self' 'unsafe-inline' www.youtube.com www.tamminen.fi www.socialmediatoolz.com form.lidl.com balancechecks.tx-gate.com ats.ccmp.eu app.bee2code.com 3229.4706.m.edge-cdn.net *.zilmo.fi *.tx-gate.com *.socialmediatoolz.com *.lidl-info.com *.lidl.ro *.lidl.pt *.ccmp.eu *.brandkeydigital.com *.lidl *.test *.lidl.net assets.zendesk.com www.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com *.cookiebot.com *.secrz.de lidl.mcxplatform.de *.ftrace.com onlime.bg igraizanagrada.com *.soundcloud.com lq.digital.not-perfect.com *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; connect-src 'self' form.lidl.com *.lidl *.test *.lidl.net *.lidl.com *.bing.com *.ccmp.eu *.virtualearth.net *.osm.org *.openstreetmap.org *.secrz.de *.google-analytics.com *.ftrace.com onlime.bg *.soundcloud.com lq.digital.not-perfect.com *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; frame-ancestors 'self' *.lidl *.ccmp.eu *.lidl.com *.test *.lidl.net *.bing.com *.googletagmanager.com *.secrz.de *.google-analytics.com *.ftrace.com onlime.bg igraizanagrada.com *.soundcloud.com lq.digital.not-perfect.com *.poi-service.de detergents.lidl c01.lidl.ardmore.so sveze-sadje-zelenjava.si *.lidl.ch; 7 frame-ancestors 'self'; report-uri https://thefork.report-uri.com/r/d/csp/enforce; 7 default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'none' 7 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 7 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; 7 default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 7 base-uri 'self' 7 form-action https:; upgrade-insecure-requests 7 frame-ancestors none 7 frame-ancestors 'self' *.imodules.com 7 frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 7 frame-ancestors * 7 default-src 'self' 'unsafe-inline' http://park.101datacenter.net https://*.deviceatlascloud.com/ https://cs-cdn.deviceatlas.com data: 7 frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 7 default-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self';style-src 'unsafe-inline' * data:;form-action 'self' *.twitter.com va.tawk.to https://cp.payguru.com https://www.testgpay.com https://www.gpay.com.tr https://gpay.com.tr https://demo.gpay.com.tr https://www.paytr.com https://www.playanka.com https://test.papara.com https://www.papara.com https://papara.com;frame-ancestors 'self' http://*.livechatinc.com https://*.livechatinc.com http://*.tawk.to https://*.tawk.to https://chat.utechsoft.com.tr 7 frame-ancestors 'self' https://my.siteground.com https://*.concurra.com/ http://*.concurra.com/ 6 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src wss: https: 6 block-all-mixed-content;frame-ancestors *.mail.com 6 frame-ancestors 'self' http://webvisor.com https://webvisor.com 6 default-src * 'unsafe-inline' 'unsafe-eval'; object?src 'none' 6 upgrade-insecure-requests; frame-ancestors 'self'; 6 frame-ancestors 'self' https://encheres.lefigaro.fr 6 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 6 frame-ancestors 'self' http://customer-hornbach.loop21.net https://customer-hornbach.loop21.net http://public-location-hornbach.loop21.net https://public-location-hornbach.loop21.net 6 frame-ancestors https: 'self' *.typetastic.com; child-src https: 'self'; 6 default-src * 'unsafe-inline' 'unsafe-eval' 6 default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline' 6 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.antillephone.com vk.com onesignal.com *.onesignal.com *.cloudflare.com/ajax/libs/webcomponentsjs/ *.hybrid.ai *.ravenjs.com mc.yandex.ru yastatic.net *.gstatic.com glem.io *.google.com *.google-analytics.com *.adroll.com *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net js.gleam.io *.youtube.com mc.yandex.ua mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.ru;img-src 'self' data: blob: *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com.mx *.google.com.ua *.google.com.bd *.google.com.ph *.google.com.ua *.google.com.au *.google.com.ph *.google.com.tw *.google.com.ar *.google.com.pk *.google.com.tr *.google.com.eg *.google.com.co *.google.com.sg *.google.com.vn *.google.com.kh *.google.com.ec *.google.com.hk *.google.com.uy *.google.com.br *.google.co.kr *.google.co.in *.google.co.il *.google.co.ma *.google.co.ve *.google.co.th *.google.co.jp *.google.co.uk *.google.co.id *.google.co.za *.google.com *.google.ru *.google.dz *.google.ae *.google.rs *.google.cl *.google.ee *.google.be *.google.at *.google.gr *.google.sk *.google.fr *.google.am *.google.dk *.google.cz *.google.nl *.google.it *.google.ps *.google.fi *.google.cm *.google.mn *.google.az *.google.is *.google.iq *.google.de *.google.ch *.google.hr *.google.by *.google.ro *.google.kz *.google.pt *.google.no *.google.ge *.google.bg *.google.es *.google.lv *.google.hu *.google.se *.google.pl *.google.lt *.google.ca *.yandex.ru *.yandex.by crossmetrix.com *.linksynergy.com *.digitru.st *.targetix.net *.ytimg.com *.gleam.io *.adform.net *.rubiconproject.com *.advertising.com *.3lift.com *.surfe.be surfe.pro *.pubmatic.com *.casalemedia.com *.outbrain.com *.yahoo.com *.rlcdn.com makesource.cool *.adroll.com *.angsrvr.com pippio.com *.onesignal.com *.antillephone.com *.taboola.com mc.admetrica.ru *.teads.tv countmake.cool *.userapi.com *.opskins.media *.openx.net *.adnxs.com *.adriver.ru *.smartadserver.com *.siliconanalytics.com *.hybrid.ai *.weborama.fr *.1dmp.io *.aidata.io ad.mail.ru *.gravatar.com cardinaldata.net *.betweendigital.com *.bestssp.com *.admixer.net *.doubleclick.net *.facebook.com x.bidswitch.net i.btcoon.com a.23b4.ru *.yadro.ru promclickapp.biz *.capitaller.ru *.vk.com vk.com *.akamaihd.net *.steamstatic.com *.adorable.io d2lomvz2jrw9ac.cloudfront.net de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net tjh8gngtzf.execute-api.us-east-1.amazonaws.com;font-src 'self' data: *.googleapis.com *.gstatic.com;style-src 'self' 'unsafe-inline' onesignal.com *.google.com *.googleapis.com;media-src 'self' de4khei8i4ut2.cloudfront.net din8r827idtuo.cloudfront.net d2lomvz2jrw9ac.cloudfront.net;connect-src 'self' s3.amazonaws.com onesignal.com *.yandex.ru *.webvisor.com *.webvisor.org *.mxpnl.net sentry.io google-analytics.com vk.com *.api4load.com *.adroll.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.demofast.ru *.csgofastbackend.com wss://m.ajdfbkjab.ru wss://*.demofast.ru wss://*.csgofastbackend.com;frame-ancestors 'self' webvisor.com http://webvisor.com;frame-src blob: *.poggiplay.com *.yandex.ru *.webvisor.com *.webvisor.org skytraf.xyz *.facebook.com gleam.io *.1dmp.io onesignal.com *.google.com *.youtube.com *.csgofastbackend.com *.gainskins.com;object-src 'none';report-uri //in.csgofast.com/csp; 6 default-src 'self' https://*; connect-src 'self' https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' https://* blob: data:; img-src 'self' https://* blob: data:; media-src 'self' https://* blob: data:; object-src 'self' https://* blob: data:; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* 'unsafe-inline'; 6 base-uri 'self'; 6 default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 6 default-src 'self' blob:; connect-src 'self' blob: wss: *.zdassets.com *.zendesk.com *.metartnetwork.com *.google-analytics.com *.doubleclick.net; style-src 'self' blob: 'unsafe-inline' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.metartnetwork.com cdn.cookielaw.org; font-src 'self' data: *.zopim.com *.fontawesome.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.metartnetwork.com; script-src 'self' 'unsafe-inline' *.zdassets.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.metartnetwork.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com; frame-src 'self' *.twitter.com *.metartnetwork.com *.youtube.com *.vimeo.com; img-src 'self' data: *.nsimg.net *.twimg.com *.zopim.com *.twitter.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.metartnetwork.com; media-src 'self' data: blob: *.nsimg.net *.metartnetwork.com; worker-src 'self' data: blob: wss:; object-src 'none' 6 default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 6 block-all-mixed-content; report-uri https://de.forumhome.com/cspreport.php 6 frame-ancestors 'self' https://de.page4.com https://en.page4.com; 6 frame-src https:; report-uri /csp-violation-endpoint/ 6 default-src https: data: 'unsafe-inline' 'unsafe-eval'; 6 frame-ancestors 'self' *.onshopbase.com 6 frame-ancestors 'self' https://www.kayak.com https://www.kayak.com.ar https://www.kayak.com.br https://www.kayak.com.co https://www.kayak.cl https://www.kayak.com.pe https://www.kayak.com.mx https://www.es.kayak.com https://www.momondo.com/es/ https://www.momondo.com.br https://www.momondo.mx https://www.mundi.com.br/ http://www.kayak.com http://www.kayak.com.ar http://www.kayak.com.br http://www.kayak.com.co http://www.kayak.cl http://www.kayak.com.pe http://www.kayak.com.mx http://www.es.kayak.com http://www.momondo.com/es/ http://www.momondo.com.br http://www.momondo.mx http://www.mundi.com.br 6 default-src 'self' http: https: data: blob: 'unsafe-inline' 6 script-src 'self' 6 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 5 default-src *.livejournal.com *.livejournal.net tpc.googlesyndication.com; script-src *.livejournal.com *.livejournal.net *.google-analytics.com *.googletagmanager.com *.scorecardresearch.com *.top100.ru *.yandex.ru *.criteo.com yastatic.net *.plista.com *.facebook.com vk.com *.ok.ru *.pingdom.com *.pingdom.net *.vk.com *.twitter.com *.twimg.com *.facebook.net *.instagram.com *.services.livejournal.com *.videos.livejournal.com *.adfox.ru *.exelator.com *.rambler.ru *.rubiconproject.com *.yahooapis.com *.newrelic.com *.nr-data.net *.doubleclick.net googleads.g.doubleclick.net *.lj.ru *.googleapis.com *.youtube.com *.varlamov.me *.varlamov.com *.google.com static.xx.fbcdn.net dsp-rambler.ru openstat.net *.rnet.plus twemoji.maxcdn.com *.googletagservices.com *.googlesyndication.com mc.yandex.ru ymetrica.com telegram.org *.webturn.ru www.dropbox.com *.criteo.net z.moatads.com r.webturn.ru *.pinterest.com *.google.ru ssl.p.jwpcdn.com *.gstatic.com js.mamydirect.com cdn.ampproject.org adservice.google.ca 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src *.livejournal.com *.livejournal.net *.services.livejournal.com *.google-analytics.com ssp.rambler.ru *.yandex.ru *.ssp.rambler.ru lj.stat.eagleplatform.com *.pingdom.net *.googleapis.com kraken.rambler.ru *.twitter.com *.youtube.com googleads.g.doubleclick.net static.xx.fbcdn.net *.lj.ru *.rnet.plus mc.yandex.ru ymetrica.com *.webturn.ru *.criteo.com dsp-rambler.ru *.rambler.ru stats.g.doubleclick.net *.eaglecdn.com wss://www.livejournal.com *.g.doubleclick.net static-mon.yandex.net; report-uri https://livejournal.com/csp_reports; media-src storage.mds.yandex.net http: https: data: 5 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=anonweb 5 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 5 frame-ancestors 'self' http://hybris.com https://hybris.com http://*.hybris.com https://*.hybris.com http://sap.lookbookhq.com https://sap.lookbookhq.com http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn https://www.gigya.com *.lookbookhq.com https://cloudplatform.sap.com https://cal.sap.com https://developers.sap.com ;default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval' github.com api.github.com raw.githubusercontent.com *.liveperson.net http://*.sap.com https://*.sap.com http://*.sap.cn https://*.sap.cn *.demandbase.com *.adobedtm.com *.company-target.com *.omtrdc.net *.w55c.net platform.twitter.com *.siteintercept.qualtrics.com *.doubleclick.net cdnjs.cloudflare.com charts3.equitystory.com http://sap-espresso.com http://*.akamai.net ust-servlet.dataxu.net https://*.cdn.sap.com *.2mdn.net *.2o7.net *.qualtrics.com https://*.akamaihd.net http://*.akamaihd.net *.lpsnmedia.net *.truste.com *.newrelic.com *.nr-data.net https://*.youtube.com https://*.youtu.be https://*.ytimg.com *.twitter.com http://*.twimg.com https://*.twimg.com *.adobe.com *.demdex.net *.liveperson.com *.liveengage.net *.liveengage.com http://livefyre.com *.liveper.sn *.licdn.com *.hana.ondemand.com http://dc1cp8nqqrmxi.cloudfront.net http://*.edgesuite.net https://bcmcps.enter.sap *.d41.co 5 frame-ancestors https://*.ringcentral.com https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://outlook.live.com https://outlook.office365.com https://outlook.office.com 5 frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 5 frame-ancestors https://nurture.solarwinds.com 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la1-c2cs-frf.salesforceliveagent.com d.la1-c2cs-frf.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com d.la1-c2cs-cdg.salesforceliveagent.com d.la1-c1cs-cdg.salesforceliveagent.com c.la1-c2cs-cdg.salesforceliveagent.com c.la1-c1cs-cdg.salesforceliveagent.com d.la1-c2-frf.salesforceliveagent.com fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com 5 block-all-mixed-content; default-src data: https: wss: blob: 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors https://*.marketo.com 5 default-src https: data: 'unsafe-inline' 'unsafe-eval' always; upgrade-insecure-requests 5 frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj 5 script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src * 5 default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; frame-ancestors 'self' online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googlesyndication.com https://suggestqueries.google.com https://pagead2.googlesyndication.com www.google-analytics.com yastatic.net https://relap.io https://ad.mail.ru stat.adlabs.ru mc.yandex.ru *.criteo.com *.googleapis.com luxadv.com *.luxadv.com psma02.com *.betweendigital.com *.doubleclick.net share.pluso.ru w.uptolike.com *.am15.net am15.net psma03.com *.onedmp.com *.eboundservices.com eboundservices.com uk-ads.openx.net *.openx.net *.metabar.ru *.orange81safe.com *.creativecdn.com *.googletagservices.com *.googleadservices.com psma01.com *.atemda.com *.nativeroll.tv *.criteo.net fycapi.ru ijquery5.com acvatic.ru mycpm.ru igithab.com *.yandex.ru franecki.net v.kost.tv *.g.doubleclick.net bnstero.com *.google.ru cdn.onesignal.com *.yakutia.io yakutia.io *.onesignal.com static.amgmedia.net onesignal.com *.sendpulse.com sendpulse.com bnster.com myhappy-news.com *.republer.com 5 block-all-mixed-content; upgrade-insecure-requests; 5 frame-ancestors 'self' https://m-redbus-id.cdn.ampproject.org https://www.google.com https://www.google.co.id https://m.redbus.id https://seocms.redbus.com; default-src 'self' wss://rbpub.redbus.com wss://ssbk2-uk.gsecondscreen.com wss://ssbk4-uk.gsecondscreen.com wss://evbk.gamooga.com https://s3.rdbuz.com https://evbk.gamooga.com https://*.doubleclick.net https://graph.facebook.com https://cdn-jp.gsecondscreen.com https://*.redbus.in https://intldashboard.redbus.com https://www.google-analytics.com http://www.googletagmanager.com https://*.google.com https://www.google.co.in https://connect.facebook.net http://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com http://logs.redbus.com/ https://recorder.sessionstack.com https://o2.mouseflow.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://static.ads-twitter.com https://www.googletagservices.com https://bam.nr-data.net https://securepubads.g.doubleclick.net https://evbk.gamooga.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://*.google.com https://cdn.jsdelivr.net https://sslwidget.criteo.com https://static.criteo.net https://cdn.mouseflow.com https://bat.bing.com https://maps.googleapis.com http://ae.gsecondscreen.com http://sg-pl.vizury.com https://cdnjs.cloudflare.com/ http://cdn-jp.gsecondscreen.com https://googleads.g.doubleclick.net http://www.redbus.in https://www.redbus.in https://adservice.google.co.in https://ssl.google-analytics.com http://www.googleadservices.com https://connect.facebook.net http://pagead2.googlesyndication.com http://www.google-analytics.com https://cdn.sessionstack.com/sessionstack.js http://www.googletagmanager.com http://connect.facebook.net http://www.googleadservices.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com; img-src 'self' data: https://barcode-latam.s3.amazonaws.com https://t.co https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://maps.gstatic.com https://maps.googleapis.com https://s3-ap-southeast-1.amazonaws.com https://*.s3-ap-southeast-1.amazonaws.com https://googleads.g.doubleclick.net https://h.online-metrix.net https://bat.bing.com https://www.google.co.in https://evbk.gamooga.com https://stats.g.doubleclick.net http://origin-st.redbus.in https://pilgrimages-cms.s3-ap-southeast-1.amazonaws.com https://cdn-jp.gsecondscreen.com http://www.redbus.in https://www.redbus.in https://*.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in https://cdn-jp.gsecondscreen.com https://www.facebook.com https://api.midtrans.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://*.google.com https://cdnjs.cloudflare.com https://www.w3schools.com http://fonts.googleapis.com https://fonts.googleapis.com https://*.rdbuz.com https://st.redbus.in http://*.rdbuz.com http://st.redbus.in; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.gstatic.com http://*.rdbuz.com http://st.redbus.in https://fonts.gstatic.com https://*.rdbuz.com https://st.redbus.in; frame-src 'self' https://www.surveymonkey.com https://*.google.com https://isb.au1.qualtrics.com https://www.googletagservices.com/ https://*.redbus.com https://h.online-metrix.net https://checkout.payulatam.com/ https://bid.g.doubleclick.net http://in-tags.vizury.com http://sg-pl.vizury.com https://xds.gsecondscreen.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com/ https://googleads.g.doubleclick.net https://staticxx.facebook.com https://dis.as.criteo.com; object-src 'none' 5 script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com 5 default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.jimdo.com jimdo.com; 5 base-uri https: http:; object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob: 5 default-src *; frame-ancestors 'self' https://optimize.google.com; block-all-mixed-content; base-uri 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.sndcdn.com https://*.soundcloud.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com https://*.soundcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.syndication.twimg.com platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare https://*.twimg.com https://polyfill.io https://*.grantthornton.co.uk https://*.createjs.com https://*.passle.net https://api.userlike.com https://ajax.googleapis.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://nl.wkgt.com https://*.giosg.com https://sjs.bizographics.com https://*.grantthornton.ca https://*.bizographics.com https://*.ads-twitter.com https://*.siteimprove.com https://*.facebook.net https://*.oktopost.com https://*.newscred.com https://*.cloudfront.net https://okt.to https://*.marketo.net https://*.sessioncam.com https://*.linkedin.com https://*.ads.linkedin.com https://*.twitter.com https://*.ceros.com https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.optimizely.com https://code.jquery.com https://*.googletagmanager.com https://*.episerver.net https://*.msecnd.net https://*.getsitecontrol.com https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://*.sndcdn.com https://*.googleadservices.com https://*.webserviceaward.com https://*.upsales.com https://googleads.g.doubleclick.net https://match.adsby.bidtheatre.com https://*.clickdimensions.com https://*.hotjar.com; img-src 'self' data: https://*.grantthornton.co.uk https://www.grantthornton-dc.com https://*.cloudfront.net https://*.passle.net https://api.userlike.com https://*.twitter.com https://giosg-chat-public-eu.s3.amazonaws.com https://*.giosg.com https://*.gstatic.com https://*.licdn.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://pixel.newscred.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.googletagmanager.com https://*.getsitecontrol.com https://*.marketo.com https://grant-thornton.vuturevx.com https://*.youtube.com https://stats.g.doubleclick.net https://*.grantthornton.sg https://www.facebook.com https://*.global.siteimproveanalytics.io https://*.sessioncam.com https://t.co https://www.google.com.vn https://*.upsales.com; style-src 'self' https://*.passle.net https://*.giosg.com https://*.cloudflare.com https://*.bootstrapcdn.com https://*.jquery.com https://*.grantthornton.ca https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.com 'unsafe-inline' https://*.gtil-dxc.com https://static-src.linkedin.com https://*.licdn.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; font-src 'self' data: https://*.passle.net https://*.cloudfront.net https://*.cloudflare.com https://*.bootstrapcdn.com https://*.jquery.com https://*.grantthornton.ca https://*.gstatic.com https://*.getsitecontrol.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; frame-src https://*.twitter.com https://*.giosg.com https://*.clickdimensions.com/ https://*.google.com https://*.optimizely.com https://*.googletagmanager.com https://*.marketo.com https://*.getsitecontrol.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com tps://*.global.siteimproveanalytics.io https://view.ceros.com https://*.hotjar.com; 5 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 5 frame-ancestors 'self' https://www.tibco.com http://tibco.lookbookhq.com https://tibco.lookbookhq.com https://sso-awsqa.tibco.com https://sso-ext.tibco.com http://library.tibco.com https://library.tibco.com 5 upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 5 default-src 'none'; connect-src 'self' *.mil.ru *.tildacdn.com *.gcdn.co *.mail.ru top100.ru stat.sputnik.ru mc.yandex.ru *.anycaster.tv *.vintera.tv *.cdnvideo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.sputnik.ru *.stat.sputnik.ru tildacdn.com *.tildacdn.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mil.ru *.rambler.ru *.yandex.ru *.mail.ru *.google-analytics.com *.google.com top100.ru *.top100.ru *.tvzvezda.ru tvzvezda.ru *.mail.ru tns-counter.ru *.tns-counter.ru *.googletagmanager.com mil.ru *.mil.ru *.xn--90anlfbebar6i.xn--p1ai; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' mil.ru *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.mil.ru stat.sputnik.ru cnt.sputnik.ru doubleclick.net *.doubleclick.net tns-counter.ru *.tns-counter.ru *.google.com google.com data: counter.yadro.ru *.yandex.net *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' mil.ru *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru tvzvezda.ru *.tvzvezda.ru *.yandex.ru *.yandex.net *.youtube.com youtube.com *.youtu.be youtu.be *.google.com *.vintera.tv *.cdnvideo.ru; font-src 'self' fonts.gstatic.com tildacdn.com *.tildacdn.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru https://youtube.com https://*.youtube.com https://youtu.be https://*.youtu.be; base-uri 'self'; form-action 'self' mil.ru *.mil.ru; 5 default-src blob: https: 'unsafe-eval' 'unsafe-inline'; connect-src https: 'self' https: *.amazonaws.com *.cfauthx.com *.mapbox.com data: *.accesso.com; img-src 'self' https: data: blob:; 5 default-src 'self'; 5 frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.rzrs.de kaufland.staffbase.com 'self' 5 default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.tmaws.eu *.googleapis.com *.monetate.net tagmanager.google.com;img-src 'self' data: *.livenationinternational.com *.tmaws.eu *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com ad.doubleclick.net ads.celtra.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com s3-eu-central-1.amazonaws.com s3-eu-west-1.amazonaws.com tagmanager.google.com track.celtra.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.tmaws.eu *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.quantcount.com *.monetate.net *.universe.com cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com s3-eu-west-1.amazonaws.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com;connect-src 'self' *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.tmol.co *.tmol.io csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com track.celtra.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de;font-src *.livenationinternational.com *.tmaws.eu fonts.gstatic.com widget.ticketmaster.eu;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.monetate.net secureframe.doubleclick.net universe.queue-it.net www.google.com www.universe.com www.youtube.com;worker-src 'self' 5 default-src https: 'unsafe-eval' 'unsafe-inline' 5 img-src * 5 frame-ancestors 'self' *.benjerry.com *.crownpeak.com *.bazaarvoice.com *.adobe.com 5 frame-src 'self' http://onlinetestrunner.etadbir.com; frame-ancestors 'self' http://onlinetestrunner.etadbir.com; 5 default-src *; img-src 'self' data: http://* ;style-src 'self' http://* 'unsafe-inline'; media-src * blob: mediastream: ; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' data: gap: 5 frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.klm.com https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.accorhotels.com https://*.usabilla.com https://*.hotjar.com https://*.decibelinsight.net https://*.google.com https://*.google-analytics.com https://*.iadvize.com https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.optimizely.com 'unsafe-eval' 'unsafe-inline' 5 default-src data: https: 'self' 'unsafe-eval' 'unsafe-inline'; img-src data: https: 'self' 'unsafe-eval' 'unsafe-inline' 5 frame-ancestors 'self' *.tunegenie.com http://127.0.0.1:* https://127.0.0.1:*; 5 frame-ancestors 'self' https://*.mawebcenters.com 5 child-src 'self' emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src https://cdn.snax.one https://api.steem-engine.com https://scot-api.steem-engine.com https://steemitimages.com securepubads.g.doubleclick.net 'self' steemit.com https://api.steemit.com api.blocktrades.us; default-src tpc.googlesyndication.com 'self' emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' googleads.g.doubleclick.net https:; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 5 frame-ancestors 'self' webvisor.com; 5 frame-ancestors 'self' http://webvisor.com; 5 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=frontpage&site=fp®ion=US&lang=en-US&device=desktop&partner=default; 4 default-src * data: blob: about:;script-src 'self' *.vk.com *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com maps.googleapis.com translate.googleapis.com *.google.com google.com *.vkpartner.ru *.moatads.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net galv.hit.gemius.pl 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com ton.twimg.com tagmanager.google.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline';report-uri /csp 4 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://consentmanager.mgr.consensu.org blob:; script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://consentmanager.mgr.consensu.org; worker-src blob: 'self'; connect-src * wss: blob:; font-src * data: blob:; frame-src * blob: 'self'; img-src * data: blob: about:; media-src * data: blob:; object-src *; report-uri /csp/report; 4 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com verify.agego.com z8y8f3q6.ssl.hwcdn.net https://www.xvideos.com https://wg-xvdev.xvideos.com *.trafficfactory.biz fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com www.google-analytics.com *.addthis.com *.addthisedge.com www.iwanttodeliver.com apis.google.com www.google.com www.gstatic.com accounts.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.exoclick.com *.lswcdn.net *.llnwd.net *.hwcdn.net fcm.googleapis.com *.nk-img.com *.camster.com wss://*.camster.com:8443 *.naked.com https://static-dev-xvlive.xvideos.com https://dev-api.naked.com http://dev-api.naked.com wss://dev-chatserver.camster.com wss://staging-chatserver.camster.com wss://m.1ka.com wss://c1.1ka.com wss://c11.1ka.com wss://c12.1ka.com wss://c13.1ka.com wss://c14.1ka.com wss://c15.1ka.com wss://c16.1ka.com wss://c17.1ka.com wss://c18.1ka.com wss://c19.1ka.com wss://c110.1ka.com wss://c111.1ka.com wss://c112.1ka.com wss://c113.1ka.com wss://c114.1ka.com wss://c115.1ka.com wss://c2.1ka.com wss://c21.1ka.com wss://c22.1ka.com wss://c23.1ka.com wss://c24.1ka.com wss://c25.1ka.com wss://c26.1ka.com wss://c27.1ka.com wss://c28.1ka.com wss://c29.1ka.com wss://c210.1ka.com wss://c211.1ka.com wss://c212.1ka.com wss://c213.1ka.com wss://c214.1ka.com wss://c215.1ka.com wss://c3.1ka.com wss://c31.1ka.com wss://c32.1ka.com wss://c33.1ka.com wss://c34.1ka.com wss://c35.1ka.com wss://c36.1ka.com wss://c37.1ka.com wss://c38.1ka.com wss://c39.1ka.com wss://c4.1ka.com wss://c41.1ka.com wss://c42.1ka.com wss://c43.1ka.com wss://c44.1ka.com wss://c45.1ka.com wss://c46.1ka.com wss://c47.1ka.com wss://c48.1ka.com wss://c49.1ka.com wss://c410.1ka.com wss://c411.1ka.com wss://c412.1ka.com wss://c413.1ka.com wss://c414.1ka.com wss://c415.1ka.com wss://c5.1ka.com wss://c51.1ka.com wss://c52.1ka.com wss://c53.1ka.com wss://c54.1ka.com wss://c55.1ka.com wss://c56.1ka.com wss://c57.1ka.com wss://c58.1ka.com wss://c59.1ka.com wss://c510.1ka.com wss://c511.1ka.com wss://c512.1ka.com wss://c513.1ka.com wss://c514.1ka.com wss://c515.1ka.com https://dev-chatserver.camster.com https://staging-chatserver.camster.com https://m.1ka.com https://c1.1ka.com https://c11.1ka.com https://c12.1ka.com https://c13.1ka.com https://c14.1ka.com https://c15.1ka.com https://c16.1ka.com https://c17.1ka.com https://c18.1ka.com https://c19.1ka.com https://c110.1ka.com https://c111.1ka.com https://c112.1ka.com https://c113.1ka.com https://c114.1ka.com https://c115.1ka.com https://c2.1ka.com https://c21.1ka.com https://c22.1ka.com https://c23.1ka.com https://c24.1ka.com https://c25.1ka.com https://c26.1ka.com https://c27.1ka.com https://c28.1ka.com https://c29.1ka.com https://c210.1ka.com https://c211.1ka.com https://c212.1ka.com https://c213.1ka.com https://c214.1ka.com https://c215.1ka.com https://c3.1ka.com https://c31.1ka.com https://c32.1ka.com https://c33.1ka.com https://c34.1ka.com https://c35.1ka.com https://c36.1ka.com https://c37.1ka.com https://c38.1ka.com https://c39.1ka.com https://c4.1ka.com https://c41.1ka.com https://c42.1ka.com https://c43.1ka.com https://c44.1ka.com https://c45.1ka.com https://c46.1ka.com https://c47.1ka.com https://c48.1ka.com https://c49.1ka.com https://c410.1ka.com https://c411.1ka.com https://c412.1ka.com https://c413.1ka.com https://c414.1ka.com https://c415.1ka.com https://c5.1ka.com https://c51.1ka.com https://c52.1ka.com https://c53.1ka.com https://c54.1ka.com https://c55.1ka.com https://c56.1ka.com https://c57.1ka.com https://c58.1ka.com https://c59.1ka.com https://c510.1ka.com https://c511.1ka.com https://c512.1ka.com https://c513.1ka.com https://c514.1ka.com https://c515.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.hwcdn.net *.trafficfactory.biz www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com; 4 script-src 'unsafe-inline' 'unsafe-eval' https: 4 frame-ancestors 'self' http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com ^(http|https)\:\/\/[a-z.-]*\.schwab\.(com|tech)(|\/)$; 4 default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data: 4 frame-ancestors 'self' apps.facebook.com 4 connect-src 'self' *.lmcdn.ru *.flocktory.com *.dynamicyield.com *.livetex.ru *.mail.ru *.yandex.ru *.lamoda.ru *.lamoda.kz *.lamoda.ua *.lamoda.by *.lamoda.test *.google.ru *.google-analytics.com *.googletagmanager.com vk.com stats.g.doubleclick.net px.adhigh.net sentry-js.lamoda.ru fcm.googleapis.com ; manifest-src 'self' *.lamoda.ru *.lamoda.kz *.lamoda.by *.lamoda.ua *.lamoda.test ; default-src 'self' 'unsafe-inline' *.lmcdn.ru *.livetex.ru *.lamoda.test ; font-src 'self' data: *.lmcdn.ru *.flocktory.com *.livetex.ru *.lamoda.test cdn.dynamicyield.com fonts.googleapis.com fonts.gstatic.com ; frame-src 'self' *.criteo.com *.criteo.net *.flocktory.com *.google.by *.google.com *.google.com.ua *.google.kz *.google.ru *.lmcdn.ru *.revo.ru *.revoplus.ru *.yandex.ru bid.g.doubleclick.net demo.revoplus.ru google.com gstatic.com hdeapi.lamoda.ru o2.mail.ru player.vimeo.com sandbox.payture.com tag.rutarget.ru www.facebook.com www.surveygizmo.com ; img-src 'self' data: *.lamoda.test *.creativecdn.com *.criteo.com *.criteo.net *.flocktory.com *.google-analytics.com *.google.by *.google.com *.google.com.ua *.google.kz *.google.ru *.googletagmanager.com *.lamoda.test *.livetex.ru *.lmcdn.ru *.mail.ru *.vk.com *.pp.userapi.com *.wbtrk.net *.webtrekk.net *.yandex.net *.yandex.ru 6093.xg4ken.com adlmerge.com ads.adfox.ru bs.serving-sys.com cdn.dynamicyield.com counter.rambler.ru creativecdn.com fbc.wcfbc.net maps.googleapis.com maps.gstatic.com pixel.everesttech.net pp.userapi.com secure.adnxs.com ssl.luxup.ru t.holder.com.ua vk.com www.facebook.com www.googletagmanager.com x.bidswitch.net x.cnt.my *.adriver.ru *.adscale.de *.contextweb.com *.cssrvsync.com *.doubleclick.net *.gemius.pl *.recreativ.ru recreativ.ru *.weborama.fr *.webvisor.org *.yandex.ua ad.360yield.com ads.betweendigital.com ads.yahoo.com bbnaut.ibillboard.com cm.adform.net dsum-sec.casalemedia.com e1.emxdgt.com e1.emxdgt.com ib.adnxs.com pixel.rubiconproject.com simage2.pubmatic.com ssp-csync.smartadserver.com stat.radar.imgsmail.ru trc.taboola.com us-u.openx.net ; style-src 'self' blob: 'unsafe-inline' *.lmcdn.ru *.dynamicyield.com *.flocktory.com *.lamoda.test cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com tagmanager.google.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.criteo.com *.criteo.net *.dynamicyield.com *.flocktory.com *.google-analytics.com *.google.by *.google.com *.google.com.ua *.google.kz *.google.ru *.googleapis.com *.lamoda.test *.livetex.ru *.lmcdn.ru *.wbtrk.net *.webtrekk.net *.xg4ken.com *.yandex.net *.yandex.ru ad.adriver.ru ajax.googleapis.com bam.nr-data.net cdn.branch.io cdn.rutarget.ru code.jquery.com connect.facebook.net d31j93rd8oukbv.cloudfront.net flocktory.com googleads.g.doubleclick.net googletagmanager.com hdeapi.lamoda.ru js-agent.newrelic.com oauth.mail.ru r.revo.ru r.revoplus.ru rebilly.github.io retarget.smi2.net top-fwz1.mail.ru vk.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.gstatic.com yastatic.net ; worker-src 'self' m.lamoda.ru m.lamoda.kz m.lamoda.ua m.lamoda.by m.lamoda.test flocktory.com ; form-action 'self' connect.facebook.net www.facebook.com ; 4 script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com https://www.youtube.com https://s.ytimg.com *.googletagmanager.com apis.google.com storage.googleapis.com 'strict-dynamic' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-VYh+xiSqo4QzOSUckJBCHDIBNNBdxwG2PIIevxRqeh4=' *.googleapis.com; img-src * data: blob:; default-src 'self' *.gstatic.com; frame-src 'self' www.google.com *.youtube.com accounts.google.com apis.google.com plus.google.com *.doubleclick.net apis.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com; connect-src 'self' plus.google.com www.google-analytics.com apis.google.com; object-src 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com; base-uri 'none' 4 frame-ancestors 'self' http://*.bbt.com https://*.bbt.com; 4 connect-src * 'self' 4 report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.homeaffairs.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.nationalsecurity.gov.au https://*.harmony.gov.au 4 frame-ancestors 'self' https://account.huobi.co https://account.hbg.com https://account.huobi.br.com https://account.huobi.so https://otc.huobi.co https://otc.hbg.com https://otc.huobi.br.com https://otc.huobi.so https://c2c.huobi.co https://c2c.huobi.so https://dm.huobi.co https://dm.hbg.com https://dm.huobi.br.com https://dm.huobi.so https://dm.huobi.com https://www.hbdm.com 4 frame-ancestors 'self' *.ffxblue.com.au *.ffx.io; upgrade-insecure-requests 4 frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 4 frame-ancestors 'self' pf.content.nokia.com; report-uri /report-csp-violation 4 object-src 'none'; base-uri 'none'; require-sri-for script style 4 default-src http: https: wss://allkeyshop.zendesk.com wss://*.zopim.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' 4 default-src * data: 'unsafe-inline' 'unsafe-eval'; 4 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.bigcommerce.com 4 frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; 4 frame-ancestors 'self' https://www.bosoy-online.com 4 default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 4 base-uri 'self'; block-all-mixed-content; form-action https: 4 img-src * data:; 4 default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 4 img-src https: data: 4 default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 4 object-src 'none'; 4 connect-src 'self'; 4 default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 4 script-src 'self' 'unsafe-inline' 'unsafe-eval' 4 default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data:; frame-ancestors 'self' ; base-uri 'self'; 4 frame-ancestors 'self' *.vergic.com 4 default-src 'self' 'unsafe-eval' https://arcgis.sdi.abudhabi.ae https://js.arcgis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.tamm.abudhabi https://js.arcgis.com https://recaptcha.net https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com https://www.youtube.com https://s.ytimg.com; object-src 'self'; img-src 'self' data: *; media-src *; style-src 'self' 'unsafe-inline' https://js.arcgis.com https://translate.googleapis.com https://fonts.googleapis.com; frame-src https://www.youtube.com https://www.instagram.com https://www.google.com; font-src 'self' https://fonts.gstatic.com data: *; worker-src 'self' https://www.tamm.abudhabi blob:; connect-src 'self' https://static.arcgis.com https://services.arcgisonline.com https://translate.googleapis.com https://geocode.arcgis.com https://arcgis.sdi.abudhabi.ae https://js.arcgis.com https:; 4 default-src http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http:; style-src http: 'unsafe-inline'; img-src 'self' data: http:; connect-src http: ws:; 4 frame-ancestors http://webvisor.com 4 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 4 child-src * blob: 4 default-src 'self'; script-src *.nr-data.net *.newrelic.com *.faktor.io *.consensu.org www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'none'; frame-src *.consensu.org *.faktor.io; connect-src *.consensu.org *.faktor.io https://*.nr-data.net https://cdn.contentful.com https://cf.talpa.digital https://cf.talpa.network https://cf-staging.talpa.digital https://*.consent.talpanetwork.com https://consent.talpanetwork.com; img-src https://static.talpanetwork.com https://*.nr-data.net https://images.ctfassets.net https://*.consent.talpanetwork.com https://consent.talpanetwork.com www.google-analytics.com 4 default-src https: 'unsafe-inline' 'unsafe-eval'; 4 frame-ancestors 'self' https://*.etracker.com 4 frame-ancestors 'self' https://*.salesforce.com 4 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 4 default-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self'; img-src * 'self' data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; 4 frame-ancestors https://*.flexera.com https://*.flexerasoftware.com; 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jack.secret-woman.top https://www.google.com.ua https://brdmin.com https://send-notice.com https://threedrive.su https://jkhad.com https://s.beauty-ful.ml https://www.digiseller.ru https://rarenok.biz https://pb-wtf.psh.one https://www.instagram.com https://adservice.google.com.ua https://newans-org.psh.one https://adservice.google.com https://pb.wtf https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://googleads.g.doubleclick.net https://usocial.pro https://d31j93rd8oukbv.cloudfront.net https://ajax.googleapis.com https://universalsrc.com https://goo.gl https://tizer.ssl-services.com http://ruttwind.com https://www.google-analytics.com https://nickhel.com https://ytimgg.com https://stats.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://www.free-kassa.ru https://retarget.ssl-services.com https://cubicmedia.net code.jquery.com www.darii.ru https://api-maps.yandex.ru https://www.gstatic.com pagead2.googlesyndication.com pb.wtf qoo.by ajax.googleapis.com apis.google.com www.google.com https://yandex.ru https://yastatic.net https://site.yandex.net share.yandex.ru clck.yandex.ru sitesuggest.yandex.ru yandex.ru site.yandex.net yastatic.net recreativ.ru yandex.st vk.com mc.yandex.ru; object-src 'self' *.cloudfront.net padsdela.cdnads.com *.youtube.com *.ytimg.com www.youtube.com; style-src 'self' 'unsafe-inline' https://shop.digiseller.ru https://code.jquery.com https://usocial.pro https://fonts.googleapis.com https://ytimgg.com https://yastatic.net recreativ.ru ; img-src 'self' data: *; media-src 'self' https://air.radiorecord.ru:805/bighits_320 http://air.radiorecord.ru:805/symph_320 http://air.radiorecord.ru:805/bighits_320 http://air.radiorecord.ru:805/rr_320 *.yandex.net *.kinopoisk.ru; child-src 'self' https://jack.secret-woman.top/ https://threedrive.su/ http://beta.pobit.xyz/ https://streamguard.cc/ https://moonwalk.co/ https://www.instagram.com/ https://news.yandex.ru/ http://pic1.kartinco.top/ googleads.g.doubleclick.net money.yandex.ru https://www.youtube.com www.google.com coub.com *.youtube.com yastatic.net vk.com; font-src 'self' https://www.digiseller.ru https://usocial.pro https://fonts.gstatic.com; connect-src 'self' https://www.oplata.info https://visearch.info https://api.digiseller.ru https://ymetrica1.com https://ff-input.mxpnl.net https://usocial.pro https://ytimgg.com https://cubicmedia.net https://level1cdn.com yandex.ru *.youtube.com mc.yandex.ru *.gstatic.com 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.sc.pages02.net https://www.google.com http://addshoppers.s3.amazonaws.com http://connect.facebook.net https://www.gstatic.com http://www.rtb123.com http://pixel.quantserve.com http://*.shop.pe http://shop.pe https://googleads.g.doubleclick.net https://code.jquery.com http://tt.mbww.com https://staticxx.facebook.com https://secure.quantserve.com https://tag.bounceexchange.com https://insight.adsrvr.org https://api.bounceexchange.com https://*.cloudfront.net https://*.scdn2.secure.raxcdn.com *.bounceexchange.com http://api.bounceexchange.com https://cdn.optimizely.com/ www.youtube.com s.ytimg.com static.getchute.com qicm.americanexpress.com mpsnare.iesnare.com secure.cmax.americanexpress.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://siteimproveanalytics.com https://tagmanager.google.com optimizely.s3.amazonaws.com app.optimizely.com cdn3.optimizely.com *.rtb123.com *.s3.amazonaws.com https://tt.mbww.com/ https://shop.pe https://m.addthisedge.com https://m.addthis.com https://*.s3.amazonaws.com https://www.googleadservices.com/ https://www.google-analytics.com https://s3.amazonaws.com https://beacon.sojern.com https://*.micpn.com *.bing.com https://tracker.marinsm.com https://cdn.onesignal.com http://cdnjs.cloudflare.com/ *.googleadservices.com/ beacon.sojern.com cdn.onesignal.com *.mathtag.com rules.quantcount.com https://ak1s.abmr.net https://maps.googleapis.com/ https://sc-static.net/ https://translate.google.com/ https://translate.googleapis.com/ https://s.pinimg.com/ https://resources.xg4ken.com/ https://services.xg4ken.com/ *.addthis.com https://home-c11.incontact.com/inContact/ChatClient/js/embed.min.js https://js.adsrvr.org/ https://cdn.quantummetric.com/ https://seaworld-app.quantummetric.com https://members.cj.com ci-mpsnare.iovation.com https://c212.net https://cdn.c212.net https://commercelibs.ibm.com *.queue-it.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com http://*.shop.pe http://addshoppers.s3.amazonaws.com https://*.scdn2.secure.raxcdn.com https://*.cloudfront.net https://*.secure.raxcdn.com https://qicm.americanexpress.com https://secure.cmax.americanexpress.com maxcdn.bootstrapcdn.com tagmanager.google.com *.s3.amazonaws.com https://s3.amazonaws.com https://addstrap-ui.addshoppers.com https://translate.googleapis.com https://members.cj.com ;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com *.shop.pe *.scdn2.secure.raxcdn.com https://*.buschgardens.com https://buschgardens.com *.seaworld.com *.sesameplace.com https://www.sesameplace.com *.cloudfront.net *.secure.raxcdn.com https://www.aexp-static.com https://seaworld.scdn3.secure.raxcdn.com https://maxcdn.bootstrapcdn.com s3.amazonaws.com http://maxcdn.bootstrapcdn.com https://members.cj.com ;frame-src 'self' http://s7.addthis.com https://*.fls.doubleclick.net/ http://*.fls.doubleclick.net/ http://*.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com https://www.seaworldlibrary.com https://docs.google.com https://*.seaworld.com/ https://Commerce.4adventure.com https://*.seaworldparks.com https://*.watercountry.com https://*.Commerce.4adventure.com https://*.adventureisland.com https://*.aquaticabyseaworld.com https://*.sesameplace.com http://6258894.fls.doubleclick.net http://6258894.fls.doubleclick.net http://4174228.fls.doubleclick.net https://4174228.fls.doubleclick.net https://www.googletagmanager.com https://staticxx.facebook.com https://s7.addthis.com https://insight.adsrvr.org https://assets.bounceexchange.com/ https://*.cdn.optimizely.com/ https://www.pages02.net/ https://tt.mbww.com/ https://secure.buschgardens.com https://maps.google.com https://www.google.com/ https://secure.aquatica.com https://*.americanexpress.com/ https://*.bounceexchange.com http://contentz.mkt922.com/ https://pixel.mathtag.com/ https://edge.addthis.com/ https://www.chargerback.com https://*.widencdn.net/ https://*.seaworldlibrary.com https://www.surveygizmo.com/ https://tr.snapchat.com/ https://qa-secure.buschgardens.com https://home-c11.incontact.com/ https://members.cj.com https://survey.seaworldentertainment.com/;connect-src 'self' http://m.addthis.com https://staticxx.facebook.com https://s7.addthis.com https://insight.adsrvr.org https://*.scdn2.secure.raxcdn.com https://logx.optimizely.com https://*.secure.raxcdn.com *.s3.amazonaws.com cache.getchute.com https://online.americanexpress.com https://tapi.optimizely.com https://shopper.shop.pe https://shop.pe https://rtb123.com https://api.getchute.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.as-labs.addshoppers.com/ https://as-labs.addshoppers.com https://s3.amazonaws.com https://www.google.com https://events.bouncex.net https://onesignal.com https://*.optimizely.com https://onesignal.com https://errors.client.optimizely.com https://translate.googleapis.com https://ct.pinterest.com/ https://seaworld-app.quantummetric.com/ https://commercelibs.ibm.com; img-src 'self' data: * ; media-src 'self' https://scontent.cdninstagram.com https://*.as-labs.addshoppers.com/ *.s3.amazonaws.com/ https://s3.amazonaws.com/images/BackgroundImage.jpeg s3.amazonaws.com/ https://seaworld.scdn3.secure.raxcdn.com/ https://stage-media.scdn6.secure.raxcdn.com/; 4 block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q== 4 connect-src 'self' disqus.com *.disqus.com *.disquscdn *.addthis.com *.gstatic.com *.googlesyndication.com 4 default-src https: 'unsafe-inline' 4 default-src data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 4 default-src 'self' https://sc.detecas.com/di/activator.ashx https://sc.detecas.com/di2/activator.ashx https://ws.detecas.com https://sc.starixsoft.com/di2/activator.ashx https://fps.starixsoft.com/ws https://fps.starixsoft.com/di/activator.ashx https://sc.detecas.com/di/ec.ashx https://sc.detecas.com/di/dd.ashx https://pw.detecas.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://sc.detecas.com/di/activator.ashx https://sc.detecas.com/di2/activator.ashx https://ws.detecas.com https://sc.starixsoft.com/di2/activator.ashx https://fps.starixsoft.com/ws https://fps.starixsoft.com/di/activator.ashx https://sc.detecas.com/di/ec.ashx https://sc.detecas.com/di/dd.ashx https://www.google-analytics.com; 4 upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com *.telerain.com:* 4 default-src https: 'self'; font-src https: 'self' data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: data: 'self' 4 default-src https: data: 'self' *.1gamepay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.frankcasino.net frank-auth.com livestatisc.com echo.ecortb.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.sptpub.com *.invisiblesport.com *.playngonetwork.com *.curacao-egaming.com *.google-analytics.com *.casinomodule.com *.onlinetechsupport24.com *.livestatisc.com *.jsdelivr.net track.adform.net *.aventonv.com recaptcha.net www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com *.sptpub.com *.invisiblesport.com *.playngonetwork.com; img-src https: data: blob: 'self'; font-src data: 'self' fonts.gstatic.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.sptpub.com *.invisiblesport.com *.cloudflare.com; connect-src ws: wss: 'self' *.casinomodule.com *.onlinetechsupport24.com *.gs-arcadia.com *.st01-gs-arcadia.com *.sptpub.com *.invisiblesport.com *.playngonetwork.com; 4 default-src * 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:* http://*:*; style-src 'self' 'unsafe-inline' *.google.com:* *.bootstrapcdn.com:* ; img-src data: blob: 'self' *.google.com:* *.bootstrapcdn.com:* http://*:*; connect-src 'self' http://*:* ws://localhost:*; child-src 'self' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:*; frame-src 'self' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:*; frame-ancestors 'self' *.google.com:* *.bootstrapcdn.com:* *.gstatic.com:*; reflected-xss filter; referrer no-referrer-when-downgrade; 4 object-src 'self'; 4 frame-ancestors https://*.authorize.net 'self' 4 script-src 'self' 4 default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 4 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com mc.yandex.ru https://mc.yandex.ru https://mc.webvisor.org https://connect.ok.ru recreativ.ru vk.com mail.ru https://cdn.jsdelivr.net youtube.com googlevideo.com googleapis.com gstatic.com googleusercontent.com google.com https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* yandex.kz yandex.ua https://*.yandex.net:* *.yandex.net:* https://yastatic.net *.recreativ.ru *.ok.ru *.vk.com *.mail.ru *.twitter.com *.webvisor.com *.youtube.com *.googlevideo.com *.googleapis.com https://*.googleapis.com *.gstatic.com advertserve.com *.advertserve.com bannersvideo.com *.bannersvideo.com adbetnet.com *.adbetnet.com *.braun634.com n161adserv.com *.n161adserv.com *.rekvid1.ru rekvid1.ru vak345.com *.vak345.com https://vidroll.ru *.vidroll.ru civilizabetes.com videosmor.com datalock.ru *.videosmor.com push-centr.net push-plus.net zserials.me v.zserials.me https://*.newsforall.biz fonts.gstatic.com *.googleusercontent.com *.google-analytics.com *.google.com https://cse.google.com *.yandex.st *.yandex.kz *.yandex.ua *.yandex.net ymetrica.com *.yastatic.net *.marketgid.com *.adskeeper.co.uk *.tovarro.com etcodes.com block.s2blosh.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: trafmag.com js.hotlog.ru openstat.net mytopf.com fonts.googleapis.com http://cas.criteo.com data; connect-src 'self' https://www.google-analytics.com https://passport.yandex.ua https://*.yandex.net:* *.yandex.net:* https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* https://mc.webvisor.org https://yandex.ua https://mc.yandex.ua https://yandex.fr ymetrica.com datalock.ru https://syndication.twitter.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: etcodes.com:8040 etcodes.com:8040 ws://etcodes.com:8040/4684 ws://etcodes.com:8040/4684; img-src * data: blob:; font-src 'self' http://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com recreativ.ru etcodes.com https://yastatic.net; child-src 'self' *; object-src 'self' *; frame-src 'self' *; form-action 'self'; media-src blob: *; 4 default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 4 default-src 'none' 4 frame-src 'self' yabrowser: data: http://webvisor.com https://ott-widget.yandex.ru https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; 4 default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob: 4 default-src 'self' http: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:;img-src 'self' data: https: http:;font-src 'self' https: http: data:;style-src 'self' https: http: 'unsafe-inline'; frame-src https://www.google.com/ https://www.youtube.com/ https://www.facebook.com/ 4 script-src 'self' http://www.google-analytics.com http://www.googleadservices.com http://www.googletagmanager.com https://tagmanager.google.com/debug https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com https://connect.facebook.net https://media1.admicro.vn https://admicro1.vcmedia.vn https://www.facebook.com https://google.com https://www.google.com.vn https://sohagame.vcmedia.vn https://soap.soha.vn http://beta.soap.soha.vn https://beta.soap.soha.vn https://createjs.com https://pub.mediacdn.vn https://googleads.g.doubleclick.net https://lg1.logging.admicro.vn https://www.youtube.com https://bid.g.doubleclick.net https://fburl.com https://apis.google.com https://widgets.amung.us https://whos.amung.us https://translate.google.com https://s7.addthis.com https://translate.googleapis.com *.fbcdn.net https://*.fbcdn.net https://*.amcdn.vn static.amcdn.vn https://static.amcdn.vn http://static.amcdn.vn http://soap.soha.vn https://deqik.com http://deqik.com https://smsy-fbapi.ycgame.com https://static.xx.fbcdn.net static.xx.fbcdn.net *.xx.fbcdn.net https://saltcdn2.googleapis.com/loader.js https://static.bytedance.com https://s0.ipstatp.com s0.ipstatp.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' 4 default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 4 default-src 'self' https://*.google-analytics.com https://*.googleusercontent.com https://*.gstatic.com; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com 3 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com ; frame-src 'self' *.indeed.com https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 3 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3 frame-ancestors *.nypost.com *.decider.com *.pagesix.com http://www.stumbleupon.com https://www.stumbleupon.com 3 frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 3 upgrade-insecure-requests; connect-src * https:; img-src * data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 3 default-src * 'unsafe-eval' 'unsafe-inline' data:; frame-ancestors 'self' apps.facebook.com app.optimizely.com fonts.googleapis.com cdn.insurads.com *.e-goi.com 3 object-src https://explore.cvent.com http://explore.cvent.com https://www.elitemeetings.com https://www.speedrfp.com https://speedrfp.com https://elitemeetings.com https://www.lanyon.com http://www.lanyon.com; report-uri /report-csp-violation 3 style-src 'self' 'unsafe-inline'; 3 default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; report-uri /content-security-policy-report.php 3 default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.liveperson.net *.sas.com assets.adobedtm.com ssl.google-analytics.com accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net s7.addthis.com ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net insight.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org;img-src * 'self' data: *.google-analytics.com *.doubleclick.net www.google.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com;font-src * 'self' data: *.sas.com fast.fonts.net;connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net *.liveperson.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.twitter.com *.trustarc.com *.facebook.com *.linkedin.com;frame-ancestors *.ci360.sas.com *.gatheriq.analytics *.curriculumpathways.com 3 default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm; 3 default-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.google-analytics.com www.youtube.com https://syndication.twitter.com assets.piraeusbankgroup.com googlevideo.com apis.google.com data: maps.googleapis.com http://rum-collector-2.pingdom.net ; style-src 'self' assets.piraeusbankgroup.com assets.piraeusbank.gr 'unsafe-inline' fonts.googleapis.com platform.twitter.com ton.twimg.com; script-src 'self' assets.piraeusbankgroup.com assets.piraeusbank.gr https://maps.google.com connect.facebook.net platform.twitter.com apis.google.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com seal.thawte.com syndication.twitter.com https://cdn.syndication.twimg.com https://www.youtube.com https://s.ytimg.com http://rum-static.pingdom.net ; font-src data: 'self' fonts.gstatic.com; img-src 'self' data: asset.piraeusbank.gr assets.piraeusbank.gr https://maps.google.com assets.piraeusbankgroup.com http://www.piraeusbank.gr https://www.piraeusbank.gr https://seal.thawte.com www.piraeusbankgroup.com 'unsafe-inline' www.google.com syndication.twitter.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.gr csi.gstatic.com maps.gstatic.com maps.googleapis.com platform.twitter.com pbs.twimg.com o.twimg.com ton.twimg.com googleads.g.doubleclick.net img.youtube.com http://rum-collector.pingdom.net ; frame-src staticxx.facebook.com www.facebook.com accounts.google.com apis.google.com platform.twitter.com syndication.twitter.com 'self' www.youtube.com https://cap.attempts.securecode.com aacsw.3ds.verifiedbyvisa.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 3 frame-ancestors 'self' accounts.lidl.com accounts-stg.lidl.com accounts-uat.lidl.com accounts-qa.lidl.com https://beeem.co; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 3 frame-ancestors 'self' app.contentful.com 3 frame-ancestors learn.arcgis.com *.esri.com 3 style-src 'self' 'unsafe-inline' 3 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3 default-src 'self' *.brightcove.com *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.eloqua.com *.ensighten.com *.experian.com *.experiancs.com *.experiandirect.com *.freecreditreport.com *.googleapis.com *.gstatic.com *.hotjar.com *.iesnare.com *.infogram.com *.linkedin.com *.optmster.com *.optmstr.com *.optnmnstr.co *.optnmnstr.com *.optnmstr.com *.powerreviews.com *.soundcloud.com *.tableau.com *.twitter.com *.twonil.com *.vimeo.com *.yahooapis.com *.youtube.com *.hubapi.com *.hubspot.com *.tt.omtrdc.net adobetag.com api.company-target.com api.experianmarketingservices.com api.instagram.com api.jublo.net api.omniture.com app.optinmonster.com assets.adobedtm.com bat.bing.com businesscreditfacts.com cdn.appdynamics.com cdn.decibelinsight.net cdn.syndication.twimg.com cdn.taboola.com cdnjs.cloudflare.com code.highcharts.com connect.facebook.net contractorcheck.com d.net.google.com d.turn.com dev.visualwebsiteoptimizer.com embed.pscp.tv experianservicescorp.122.2o7.net fbcdn.net forms.hubspot.com freecreditscore.com graph.facebook.com googleapis.com hooks.slack.com img.en25.com info.inbound-bis.com itunes.apple.com js.bizographics.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net jsonip.com js.usemessages.com loadm.exelator.com m.addthis.com m.addthisedge.com maps.google.com maxcdn.bootstrapcdn.com mediaplayer.yahoo.com moodysanalytics.com optinmonster.com pixel.tapad.com play.google.com players.brightcove.net plus.google.com pt.ispot.tv rtd-tm.everesttech.net s.amazon-adsystem.com s.yimg.com s.ytimg.com s7.addthis.com scontent.cdninstagram.com scontent.xx.fbcdn.net scripts.demandbase.com secure.adnxs.com secure.leadback.advertising.com securetracking.adsprotection.com *.xg4ken.com smartbusinessreports.com snap.licdn.com sp.analytics.yahoo.com ssl.google-analytics.com static.ads-twitter.com sync.tidaltv.com tag.demandbase.com tagmanager.google.com trc.taboola.com twemoji.maxcdn.com video.xx.fbcdn.net vjs.zencdn.net widget.surveymonkey.com widgets.outbrain.com https://*.brightfunnel.com http://*.hotjar.com https://*.hotjar.com https://*.hsadspixel.net https://*.jsdelivr.net https://*.mstrlytcs.com https://a.optmnstr.com https://api.optmnstr.com https://autocomplete.demandbase.com http://autocomplete.demandbase.com ws://*.hotjar.com wss://*.hotjar.com wss://cdn.decibelinsight.net www.edq.com www.facebook.com www.google-analytics.com www.google.com http://www.google.com www.googleadservices.com www.googletagmanager.com www.slideshare.net www.youtube.com globalsiteanalytics.com 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:;font-src * data: 3 default-src * blob:; child-src https: data: qa-freeconferencecall: freeconferencecall: qa-startmeeting: startmeeting:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; style-src https: 'unsafe-inline'; worker-src https: blob:; report-uri https://csp-bin.freeconferencecall.com/bins/b56a1d03/ 3 frame-ancestors 'none' ; 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.greenwichcompliance.com; 3 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; report-uri https://huffintl.report-uri.com/r/d/csp/enforce 3 frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com; 3 frame-ancestors https: 3 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 3 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add; 3 child-src unsafe-inline 'self' *.dnc.io *.livechatinc.com *.paypal.com *.google.com 3 default-src 'self' data: blob:; connect-src * blob:; font-src 'self' * 'unsafe-inline' data:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; media-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: *.stripe.com; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; child-src 'self' data: blob: *.stripe.com hotjar.com *.hotjar.com *.google.com headway-widget.net trustpilot.com *.trustpilot.com embed.neomam.com resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl; frame-ancestors 'self' vwo.com *.vwo.com 3 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 3 default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors file: cdvfile: 'self'; 3 default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * ; object-src * ; child-src * ; frame-src * ; worker-src * ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 3 frame-src *; 3 frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com; object-src 'none'; base-uri https://optimize.google.com 3 default-src 'self' https://*.timetrade.com https://676-xrz-296.mktoresp.com https://app-sjf.marketo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://performance.typekit.net/ https://l.sharethis.com https://maxcdn.bootstrapcdn.com; media-src blob: https://*.timetrade.com www.youtube.com timetrade.wistia.com fast.wistia.net; child-src data: https://*.timetrade.com https://timetrade.com https://fast.wistia.com https://fast.wistia.net www.youtube.com https://player.vimeo.com js.driftt.com t.sharethis.com c.sharethis.mgr.consensu.org platform.twitter.com app-sjf.marketo.com syndication.twitter.com static.addtoany.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.timetrade.com https://tagmanager.google.com https://fast.wistia.com https://sjs.bizographics.com www.googletagmanager.com www.google-analytics.com munchkin.marketo.net app-sjf.marketo.com https://js.driftt.com https://cdnjs.cloudflare.com https://px.ads.linkedin.com snap.licdn.com platform-api.sharethis.com https://static.codepen.io https://t.sharethis.com https://count-server.sharethis.com buttons-config.sharethis.com platform.twitter.com static.addtoany.com cdn.syndication.twimg.com https://secure.perk0mean.com https://s.adroll.com https://d.adroll.com https://connect.facebook.net; img-src data: https://*.timetrade.com https://app-sjf.marketo.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://s.w.org https://platform-cdn.sharethis.com secure.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com p.typekit.net www.facebook.com stats.g.doubleclick.net d.adroll.com count-server.sharethis.com *.twimg.com *.twitter.com *.gstatic.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://p.adsymptotic.com https://ads.yahoo.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://pixel.advertising.com https://pixel.rubiconproject.com https://sync.outbrain.com https://fcmatch.google.com https://simage2.pubmatic.com https://trc.taboola.com https://ups.analytics.yahoo.com https://fcmatch.youtube.com; font-src data: https://*.timetrade.com https://fonts.gstatic.com https://use.typekit.net https://maxcdn.bootstrapcdn.com; style-src data: 'unsafe-inline' https://*.timetrade.com https://tagmanager.google.com https://fonts.googleapis.com https://hello.myfonts.net https://platform.twitter.com https://app-sjf.marketo.com https://maxcdn.bootstrapcdn.com; connect-src data: https://*.timetrade.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://distillery.wistia.com https://pipedream.wistia.com https://l.sharethis.com https://676-xrz-296.mktoresp.com; 3 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https: 3 upgrade-insecure-requests; block-all-mixed-content; disown-opener 3 frame-ancestors 'self' *.microfocus.com https://microfocus.lookbookhq.com; 3 upgrade-insecure-requests; base-uri 'self'; 3 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 3 default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https: wss: 3 frame-ancestors 'self';upgrade-insecure-requests 3 font-src * 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.googleapis.com https://id.cashbackworld.com; img-src 'self' https: data:; font-src 'self' data: https://cdn-os.lyoness.tv https://s.lyoness.tv https://fonts.gstatic.com https://maps.googleapis.com 3 default-src 'self' https: *.fibi.co.il; connect-src 'self' https: *.fibi.co.il *.staging.fibi.co.il; style-src https: 'unsafe-inline'; child-src 'self' data: https: *.fibi.co.il *.staging.fibi.co.il https://usa-api.idomoo.com https://idoplayer.idomoo.com; img-src 'self' data: https: 'unsafe-inline' *.fibi.co.il *.staging.fibi.co.il; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.fibi.co.il *.bankotsar.co.il *.bankmassad.co.il *.pagi.co.il *.u-bank.net *.staging.fibi.co.il https://facebook.co.il https://google.co.il https://google.com https://googletagmanager.com https://googleads.g.doubleclick.net https://googleadservices.com https://youtube.com https://facebook.com https://usa-api.idomoo.com https://idoplayer.idomoo.com 3 ;frame-ancestors 'self' 3 frame-ancestors https://www.saseurobonusshop.com/ 'self', frame-ancestors 'self' 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 3 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 3 default-src http: data: blob: 'unsafe-inline' 'unsafe-eval' 3 default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com 3 default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 3 default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 3 default-src 'none'; script-src 'self'; img-src 'self' https://www.google-analytics.com:443 https://*.qbrick.com:443 https://bilder.hemnet.se:443; media-src 'self' https://*.qbrick.com:443; connect-src 'self' https://*.qbrick.com:443; style-src 'self' 'unsafe-inline'; frame-src *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.dk *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com shbdk.millistream.com cphspk01.shbmain.shb.biz www.shb.dk priolaan.dk weblaan.shb.bec.dk web37.prod.bec.dk netbank.shb.dk irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com; font-src 'self' 3 frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.surveymonkey.com https://www.youtube.com; 3 frame-ancestors https://*.dondominio.com https://*.mrdomain.com 3 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data: 3 form-action https: 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' mofa.gov.np *.mofa.gov.np www.google.com.np *.google.com *.gstatic.com cdn.jsdelivr.net code.jquery.com stackpath.bootstrapcdn.com s.ytimg.com *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.mofa.gov.np use.fontawesome.com stackpath.bootstrapcdn.com placehold.it *.facebook.net *.sharethis.com *.youtube.com *.twimg.com cdn.syndication.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: placehold.it mofa.gov.np *.mofa.gov.np *.gstatic.com *.facebook.net *.facebook.com *.sharethis.com lh3.googleusercontent.com *.youtube.com *.twimg.com secure.gravatar.com cdn. *.twitter.com *.twimg.com cdnjs.cloudflare.com maps.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com; media-src 'self'; frame-src 'self' *.youtube.com *.google.com *.facebook.net *.facebook.com syndication.twitter.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' l.sharethis.com 3 default-src * 'unsafe-inline' 'unsafe-eval';img-src * data:; frame-ancestors 'self' app.optimizely.com;font-src * data: 3 frame-ancestors 'self' avatarionmobiliar.ibex.dienstleistungen.ws 3 default-src * data: 'unsafe-inline' 'unsafe-eval' ; 3 default-src 'unsafe-inline' https:; img-src data: https: 3 frame-ancestors 'self' https://explore.cvent.com http://explore.cvent.com 3 default-src wss: https: data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 3 default-src data: http: https: 'unsafe-inline' 'unsafe-eval' 3 frame-ancestors 'self' orange.com *.orange.com *.orange-business.com *.cops-prp.multimediabs.com *.cops-prod.multimediabs.com *.multimediabs.com; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.verbraucherzentrale.de/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.rawgit.com/ckeditor/ https://cdn.rawgit.com/w8tcha cdnjs.cloudflare.com https://cdn.jsdelivr.net https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 3 object-src 'none'; form-action 'self' 3 frame-ancestors 'self' *.fluencycms.co.uk *.finalsite.com *.canford.com; default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 3 upgrade-insecure-requests; default-src * data: 'unsafe-eval' 'unsafe-inline' 3 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com *.googleapis.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com *.clearbit.com *.googleapis.com; img-src 'self' data: pixel.advertising.com *.forcepoint.com analyticsssl.forcepoint.com analyticsnossl.forcepoint.com ssl.google-analytics.com *.marinsm.com *.google-analytics.com s.ml-attr.com *.doubleclick.net *.facebook.com *.adroll.com *.yahoo.com *.google.com *.getsmartcontent.com *.pubmatic.com *.adnxs.com t.co attr.ml-api.io pixel.rubiconproject.com trc.taboola.com sync.outbrain.com *.casalemedia.com idsync.rlcdn.com *.bidswitch.net us-u.openx.net bsw.digitru.st ps.eyeota.net match.adsrvr.org sync-tm.everesttech.net dmp.adform.net i.w55c.net d.turn.com tags.w55c.net sync.tidaltv.com sync.mathtag.com in.v12group.com sync.adap.tv eyeota-sync.dotomi.com p.rfihub.com *.demdex.net *.tealiumiq.com *.vidyard.com *.bing.com s3.amazonaws.com *.s3.amazonaws.com *.driftt.com eb2.3lift.com *.gartner.com *.liadm.com *.krxd.net *.pippio.com *.amazon-adsystem.com *.visualwebsiteoptimizer.com *.cloudfront.net *.cdnwidget.com tags.bluekai.com *.adsymptotic.com cm.everesttech.net pippio.com secure.adnxs.com su.addthis.com lrpush.apxlv.com global.ib-ibi.com bcp.crwdcntrl.net analytics.twitter.com api.bizographics.com sync.placelocal.com segments.company-target.com pixel.tapad.com lrp.mxptint.net match.prod.bidr.io p.univide.com rp.gwallet.com ds.reson8.com dmp.truoptik.com aa.agkn.com bs.serving-sys.com *.entitytag.co.uk token.rubiconproject.com liveramp-eicm-global.dsp.io thrtle.com apolloprogram.io live.rzsync.com *.youtube.com insight.adsrvr.org *.crazyegg.com thematrixstg2.prod.acquia-sites.com thematrixstg3.prod.acquia-sites.com; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io; report-uri /admin/config/system/seckit/csp-report 3 default-src 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com; connect-src *; frame-src *; object-src * data: 'unsafe-eval' 3 default-src * 'unsafe-inline' 'unsafe-eval' data:; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; 3 default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br; connect-src 'self' *.googleapis.com *.rdstation.com.br *.ampproject.org; img-src 'self' data: *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; font-src 'self' data: *.gstatic.com; worker-src https: blob: 3 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://yastatic.net https://www.youtube.com https://s.ytimg.com https://cdn.sendpulse.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://cdn.sendpulse.com https://fonts.googleapis.com https://platform.twitter.com; img-src 'self' data: https://* http://*; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com; 3 script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.snowleader.com *.snowleader.be *.snowleader.ch *.snowleader.de *.snowleader.at *.snowleader.co.uk *.snowleader.es *.google.com *.googleapis.com googleapis.com www.googlecommerce.com www.google-analytics.com www.googleadservices.com *.gstatic.com www.googletagmanager.com *.zopim.com *.criteo.com static.criteo.net tracker.twenga.fr t.c4tw.net api2.reversoform.com *.bazaarvoice.com use.typekit.net mpsnare.iesnare.com connect.facebook.net *.twitter.com cdn.syndication.twimg.com d31qbv1cthcecs.cloudfront.net https://display.ugc.bazaarvoice.com https://apis.google.com https://d31qbv1cthcecs.cloudfront.net https://stg.api.bazaarvoice.com https://mpsnare.iesnare.com https://network-stg.bazaarvoice.com https://network.bazaarvoice.com https://api.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://maps.googleapis.com https://secure.skypeassets.com www.skypeassets.com https://98t4f62uw1.kameleoon.eu https://ewnxky8h6u.kameleoon.eu https://hht0f37q6v.kameleoon.eu https://mm14aijsxz.kameleoon.eu https://74m0rlm9ta.kameleoon.eu *.kameleoon.eu *.kameleoon.com https://mc.yandex.ru https://yastatic.net https://widgets.trustedshops.com https://js-agent.newrelic.com https://bam.nr-data.net http://widgets.trustedshops.com https://www.eoft.eu/ https://player.vimeo.com https://widget.trustpilot.com https://outdoor-ticket.net https://www.outdoor-ticket.net https://js.datadome.co 3 default-src'self' 3 default-src * data:; script-src http: https: *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline' 'unsafe-eval'; style-src http: https: *.myqnapcloud.com *.myqnapcloud.cn 'unsafe-inline'; connect-src http: https: *.myqnapcloud.com *.myqnapcloud.cn fcm.googleapis.com *.google.com 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 3 default-src: https: 3 frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 3 frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 3 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3 form-action 'self' 3 default-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.licdn.com https://*.marketo.net https://*.marketo.com https://*.aws.ean http://*.aws.ean https://*.amazonaws.ean http://*.amazonaws.com https://*.amazonaws.com https://d2yeu2mwujl2s5.cloudfront.net https://931-quh-525.mktoresp.com https://*.doubleclick.net https://js-agent.newrelic.com https://*.linkedin.com https://*.nr-data.net https://*.addthis.com https://*.addthisedge.com https://*.issuu.com https://*.google.co.uk https://*.vimeo.com https://*.cloudflare.com https://*.reachforce.com https://*.googleapis.com data: 'unsafe-eval' 'unsafe-inline' 3 frame-ancestors 'self' https://auth.flock.com https://auth.flock-staging.com https://web.flock.com https://web.flock-staging.com https://updates.flock.co file://* chrome-extension://eaelpbcbablcdbbocfbfnedfmgjaoicj chrome-extension://jaafanpjodcobojibapcmbdcphbafnfc chrome-extension://enfaahabcinohafeakbliimmoholjeip 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com *.google.com *.bing.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.kissmetrics.com *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.googlesyndication.com *; img-src 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'unsafe-inline' 'unsafe-eval' data: *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 3 default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 3 frame-ancestors 'self'; script-src 'self' cdn.segment.com/analytics.js/ 3 frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net 3 default-src 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; frame-src *; media-src *; connect-src *; block-all-mixed-content 3 default-src https: 'unsafe-inline' data: 'unsafe-eval' 3 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' henkel01.wt-eu02.net ir.tools.investis.com irs.tools.investis.com strategyvisual.henkel.com *.edge-cdn.net *.video-cdn.net www.realvision.com www.youtube.com *.twimg.com *.fbcdn.net *.wcfbc.net *.cdninstagram.com *.sprinklr.com *.henkel-life-global.com *.henkel-life-global.com.henkel.stage.babiel.com *.henkel.com *.henkel.com.henkel.stage.babiel.com cdnjs.cloudflare.com netdna.bootstrapcdn.com *.henkel-life-deutschland.de *.henkel-life-deutschland.de.henkel.stage.babiel.com *.henkel.de *.henkel.de.henkel.stage.babiel.com *.henkel.it.henkel.stage.babiel.com www.henkel.ru www.henkel.cn www.henkel.at www.henkel.ar www.henkel.cl www.henkel.co.jp www.henkel.co.kr www.henkel.co.th www.henkel.co.uk www.henkel.com.ar www.henkel.com.au www.henkel.com.br www.henkel.com.co www.henkel.com.tr www.henkel.cz www.henkel.dk www.henkel.es www.henkel.fi www.henkel.fr www.henkel.gr www.henkel.in www.henkel.hr www.henkel.hu www.henkel.it www.henkel.mx www.henkel.no www.henkel.pl www.henkel.pt www.henkel.ro www.henkel.rs www.henkel.se www.henkel.si www.henkel.sk www.henkel.ua www.henkel.tw www.henkel-forscherwelt.de www.henkel-forscherwelt.com www.henkel-ricercamondo.it www.henkel-kesifdunyasi.com www.henkel-education.ru www.henkel-swiatmlodychbadaczy.pl www.mundodepesquisadores.com.br www.henkel-life-global.com www.henkel.co.id www.henkel.be www.henkel.nl www.henkel-life-iberica.es www.henkel-life-iberica.pt www.henkel-gcc.com www.henkel-renntag.de www.henkelna.com www.henkel-ventures.com www.phenion.de www.phenion.com www.phenion-us.com www.kongresroznorodnosci.pl www.henkel-demo.com.babiel.com www.henkel-ap.com henkel.ru henkel.cn henkel.at henkel.ar henkel.cl henkel.co.jp henkel.co.kr henkel.co.th henkel.co.uk henkel.com.ar henkel.com.au henkel.com.br henkel.com.co henkel.com.tr henkel.cz henkel.dk henkel.es henkel.fi henkel.fr henkel.gr henkel.in henkel.hr henkel.hu henkel.it henkel.mx henkel.no henkel.pl henkel.pt henkel.ro henkel.rs henkel.se henkel.si henkel.sk henkel.ua henkel.tw henkel-forscherwelt.de henkel-forscherwelt.com henkel-ricercamondo.it henkel-kesifdunyasi.com henkel-education.ru henkel-swiatmlodychbadaczy.pl mundodepesquisadores.com.br henkel-life-global.com henkel.co.id henkel.be henkel.nl henkel-life-iberica.es henkel-life-iberica.pt henkel-gcc.com henkel-renntag.de henkelna.com www.henkel-northamerica.com henkel-northamerica.com henkel-ventures.com phenion.de phenion.com phenion-us.com kongresroznorodnosci.pl henkel-demo.com.babiel.com henkel-ap.com henkel-na.com www.henkel-na.com henkel.lu www.henkel.lu henkel.ch; 3 default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 3 upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3 manifest-src 'self' 'unsafe-inline' 'unsafe-eval' 3 default-src https: data: ws: wss: 'unsafe-inline' 'unsafe-eval' 3 default-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com blob: http://*.keepital.com https://*.keepital.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://*.doubleclick.net https://*.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://cdn.mxpnl.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://*.paypal.com https://*.paypal.com http://*.paypalobjects.com https://*.paypalobjects.com; script-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com 'unsafe-eval' blob: http://*.keepital.com https://*.keepital.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://*.doubleclick.net https://*.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://cdn.mxpnl.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://*.paypal.com https://*.paypal.com http://*.paypalobjects.com https://*.paypalobjects.com; connect-src * 'self' https://www.google.com/analytics https://cdn.mxpnl.com blob: http://*.keepital.com https://*.keepital.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://*.doubleclick.net https://*.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://cdn.mxpnl.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://*.paypal.com https://*.paypal.com http://*.paypalobjects.com https://*.paypalobjects.com; img-src data: 'self' https://www.google.com/analytics https://cdn.mxpnl.com blob: http://*.keepital.com https://*.keepital.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://*.doubleclick.net https://*.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://cdn.mxpnl.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://*.paypal.com https://*.paypal.com http://*.paypalobjects.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com blob: http://*.keepital.com https://*.keepital.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com http://*.doubleclick.net https://*.doubleclick.net http://*.google-analytics.com https://*.google-analytics.com http://cdn.mxpnl.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://*.paypal.com https://*.paypal.com http://*.paypalobjects.com https://*.paypalobjects.com; 3 frame-ancestors 'self' *.promoplace.com; 3 default-src 'self' * data: 'unsafe-inline' 'unsafe-eval'; 3 frame-ancestors 'none'; default-src https: 'unsafe-inline' 3 script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com http://localhost:8080 https://ssl.google-analytics.com/ga.js https://survey.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net ; base-uri 'self'; object-src 'none'; report-uri /csp 3 default-src * 'unsafe-inline' 'unsafe-eval'; 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagservices.com *.facebook.com https://*.facebook.com *.facebook.net https://connect.facebook.net *.tynt.com *.yandex.net https://site.yandex.net https://yastatic.net yastatic.net an.yandex.ru awaps.yandex.ru vk.com https://vk.com https://*.yandex.ru mc.yandex.ru clck.yandex.ru yandex.st https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://*.google-analytics.com www.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net;object-src 'self' *.googlesyndication.com https://*.googleapis.com www.youtube.com https://www.youtube.com *.gstatic.com; frame-src 'self' *.facebook.com https://*.facebook.com bcp.crwdcntrl.net yastatic.net awaps.yandex.ru vk.com https://vk.com https://login.vk.com yandex.st www.youtube.com https://www.youtube.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com *.google.com mc.yandex.ru www.youtube.com; connect-src 'self' https://mc.yandex.ru mc.yandex.ru www.google-analytics.com https://*.google-analytics.com; 3 frame-ancestors https://portal.punchout2go.com https://qa-portal.punchout2go.com https://dev-portal.punchout2go.com 3 upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.in https://manganime.id 3 default-src * ;report-uri /xp/CSPReport.ashx ;script-src * 'unsafe-inline' 'unsafe-eval' data: about: ;style-src * 'unsafe-inline' ;connect-src * blob: ;font-src * data: ;object-src * ;img-src * data: blob: ;media-src * blob: ;frame-src * data: gsa: ajaxhandler: ;child-src * blob: ;worker-src * blob: ;form-action * javascript: ;frame-ancestors * 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; upgrade-insecure-requests 3 default-src https: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 3 script-src https: 'self' 'unsafe-inline' 'unsafe-eval' www.google.com maps.googleapis.com fonts.googleapis.com ajax.googleapis.com www.gstatic.com fonts.gstatic.com www.google-analytics.com docs.google.com www.googletagmanager.com www.googleadservices.com ajax.cloudflare.com connect.facebook.net 3 frame-ancestors 'self' https://www.cv.lv https://www.cv.ee https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt; 3 base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:; report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 3 connect-src 'self' habboo-a.akamaihd.net *.habbo.com *.g.doubleclick.net https://hb.improvedigital.com https://pub.tunnl.com; img-src 'self' data: habboo-a.akamaihd.net *.habbo.com notify.bugsnag.com habbo-stories-content.s3.amazonaws.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com *.googlesyndication.com *.gstatic.com images.habbogroup.com http://images.habbogroup.com http://*.habbo.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net pay.openbucks.com trck.spoteffects.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com d2wy8f7a9ursnm.cloudfront.net connect.facebook.net www.google-analytics.com www.google.com www.gstatic.com apis.google.com *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com partner.googleadservices.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.nf adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tk adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net https://hb.improvedigital.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' habboo-a.akamaihd.net *.habbo.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net; child-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com https://hb.improvedigital.com; font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com; frame-ancestors 'self' *.idcgames.com http://*.idcgames.com www.funnygames.fi http://www.funnygames.fi www.funnygames.es http://www.funnygames.es www.funnygames.nl http://www.funnygames.nl www.funnygames.fr http://www.funnygames.fr www.funnygames.it http://www.funnygames.it www.funnygames.us http://www.funnygames.us www.funnygames.eu http://www.funnygames.eu www.funnygames.biz http://www.funnygames.biz www.funnygames.com.br http://www.funnygames.com.br *.gamesxl.com http://*.gamesxl.com keygames.com http://keygames.com www.games.co.za http://www.games.co.za www.bgames.com https://www.bgames.com starbie.co.uk https://starbie.co.uk nyckelspel.se https://nyckelspel.se www.elkspel.nl http://www.elkspel.nl www.spele.nl http://www.spele.nl www.spele.be http://www.spele.be www.spelletjesoverzicht.nl http://www.spelletjesoverzicht.nl *.orangegames.com http://*.orangegames.com hyvesgames.nl https://hyvesgames.nl spele.nl http://spele.nl *.giochixl.it http://*.giochixl.it www.1001giochi.it http://www.1001giochi.it minigioco.it https://minigioco.it *.jeuxdelajungle.fr http://*.jeuxdelajungle.fr www.1001games.fr http://www.1001games.fr jouerjouer.com https://jouerjouer.com spele.be http://spele.be oyun.mynet.com http://oyun.mynet.com gamecell.com https://gamecell.com www.gamecell.com https://www.gamecell.com oyungemisi.com https://oyungemisi.com *.1001pelit.com http://*.1001pelit.com pelaaleikkia.com https://pelaaleikkia.com www.isladejuegos.es http://www.isladejuegos.es clavejuegos.com https://clavejuegos.com *.1001spiele.de http://*.1001spiele.de www.jetztspielen.ws http://www.jetztspielen.ws www.spielaffe.de http://www.spielaffe.de *.spielspiele.de http://*.spielspiele.de spielspiele.de https://spielspiele.de *.1001jogos.pt http://*.1001jogos.pt jogojogar.com https://jogojogar.com https://hb.improvedigital.com; frame-src 'self' *.habbo.com *.facebook.com www.google.com *.g.doubleclick.net *.googlesyndication.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com https://hb.improvedigital.com; upgrade-insecure-requests; report-uri /csp/report 3 frame-ancestors 'self' app.vwo.com subs09.app.clicktale.com dev.renovateamerica.com qa.renovateamerica.com stage.renovateamerica.com authoring.renovateamerica.com www.renovateamerica.com training.renovateamerica.com go.renovateamerica.com go.pardot.com 3 default-src * ;report-uri /xp/CSPReport.ashx ;script-src * 'unsafe-inline' 'unsafe-eval' data: about: ;style-src * 'unsafe-inline' ;connect-src * blob: ;font-src * data: ;object-src * ;img-src * data: blob: ;media-src * blob: ;frame-src * data: gsa: ajaxhandler: ;child-src * blob: ;worker-src * blob: ;form-action * javascript: ;frame-ancestors * 3 frame-ancestors scvr.co *.scvr.co 3 font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net ; base-uri 'self'; 3 upgrade-insecure-requests; default-src https: blob:; connect-src https: wss:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; 3 frame-ancestors 'self' agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net elcidsales.latitudeguestservices.com 3 default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' 3 script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3 default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' 3 default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://static.mywebstats.com.au https://www.google-analytics.com 3 http://www.omsar.gov.lb 'unsafe-inline' 3 frame-ancestors 'self' *.sciquest.com *.ariba.com *.nova.edu *.coupahost.com *.covestro.com *.intellecat.com *.bmc.com *.vinimaya.com *.oraclecloud.com *.equallevel.com *.terracon.com *.eplus.com *.pacificorp.us *.punchout2go.com *.STATE.PA.US equallevel.com *.macewan.ca p2p.caci.com *.verian.com *.aquiire.net *.nvenergy.com *.sherwin.com *.fwisd.org *.cchmc.org *.esmsolutions.com *.ocps.* *.pacificorp.us *.oracleoutsourcing.com *.ocps.k12.fl.us *.ivalua.us *.vroozi.com *.varstreet.com *.ocps.net *.edmonton.ca punchoutcommerce.com 3 frame-ancestors 'self' https://military.gillette.com https://gillette.com https://gillette.mybigcommerce.com 3 frame-ancestors *.yandex.ru *.yastatic.net https://webvisor.com http://webvisor.com; 3 script-src: self;https://www.google-analytics.com 3 default-src * data: blob: about:;script-src 'self' *.vk.com *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com maps.googleapis.com translate.googleapis.com *.google.com google.com *.vkpartner.ru *.moatads.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net galv.hit.gemius.pl 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com ton.twimg.com tagmanager.google.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline' 3 default-src 'none'; connect-src 'self' *.mil.ru mc.yandex.ru; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.mil.ru *.xn--90anlfbebar6i.xn--p1ai *.rambler.ru *.yandex.ru *.maps.yandex.net *.mail.ru *.google-analytics.com *.google.com cdnjs.cloudflare.com; object-src 'self' *.mil.ru *.vintera.tv *.cdnvideo.ru *.youtube.com; style-src 'self' 'unsafe-inline' *.mil.ru *.googleapis.com; img-src 'self' mil.ru *.yandex.net *.yadro.ru *.mil.ru data: counter.yadro.ru *.yandex.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.mail.ru *.google-analytics.com *.rambler.ru ; media-src 'self' *.mil.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtu.be *.youtube.com *.xn--90anlfbebar6i.xn--p1ai; frame-src 'self' http://mil.ru/ mil.ru *.mil.ru vk.com *.vk.com ok.ru *.ok.ru *.yandex.net *.yandex.ru *.yadro.ru *.youtube.com *.vintera.tv *.cdnvideo.ru *.youtube.com *.youtu.be *.google.com; font-src 'self' fonts.gstatic.com *.mil.ru *.vintera.tv *.cdnvideo.ru *.mil.ru *.youtube.com *.youtube.com *.youtu.be *.google.com; frame-ancestors 'self' http://mil.ru http://*.mil.ru https://mil.ru https://*.mil.ru; base-uri 'self'; form-action 'self'; 3 report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src https: data:; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests 2 default-src mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.moatads.com *.doubleverify.com *.adsafeprotected.com; script-src 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.odnoklassniki.ru ok.ru *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.moatads.com *.adlooxtracking.com *.adsafeprotected.com *.serving-sys.com; img-src data: blob: *; style-src 'unsafe-inline' 'unsafe-eval' blob: *.mail.ru *.imgsmail.ru *.mradx.net; font-src data: blob: https: *.mail.ru *.imgsmail.ru *.mradx.net; frame-src mail.ru *.mail.ru *.mradx.net *.doubleverify.com *.doubleclick.net ok.ru *.ok.ru; child-src mail.ru *.mail.ru *.mradx.net *.doubleverify.com *.doubleclick.net ok.ru *.ok.ru; report-uri https://cspreport.mail.ru/splash; 2 default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 2 default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.whatsapp.com *.whatsapp.net *.twitter.com;style-src data: blob: 'unsafe-inline' * *.whatsapp.com *.whatsapp.net;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.whatsapp.com *.whatsapp.net *.google-analytics.com;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.google-analytics.com *.fbcdn.net static.xx.fbcdn.net; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 2 frame-ancestors 'self' *.vice.com *.viceland.com viceland.com viceland.nl vicesports.nl vicemoney.nl vicebelgique.com survey18.toluna.com 2 frame-ancestors 'self' *.grammarly.com 2 default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com static.xx.fbcdn.net data:; 2 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamstore-a.akamaihd.net/ https://steamstore-a.akamaihd.net/ *.google-analytics.com https://www.gstatic.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com; 2 frame-ancestors 'self' https://adp.lookbookhq.com http://adp.lookbookhq.com https://discover.adp.com http://discover.adp.com https://*.adp.com http://*.adp.ca https://*.adp.ca; 2 frame-ancestors https://marina.digitalocean.com https://digitaloceaninc.lookbookhq.com 2 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' https://sb.scorecardresearch.com 'unsafe-inline' 'unsafe-eval' data: https: blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.netsuite.com http://consent.truste.com *.trustarc.com *.adroll.com *.bing.com https://*.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://vlog.leadformix.com *.googleapis.com *.ensighten.com *.demandbase.com http://chat.leadformix.com static.atgsvcs.com rules.atgsvcs.com netsuite-salechat.custhelp.com http://netsuite-salechat.widget.custhelp.com www.rnengage.com *.rightnowtech.com https://assets.adobedtm.com http://img.en25.com http://netsuite-www.baynote.net *.facebook.com *.facebook.net *.google.com *.twitter.com *.yahoo.com *.akamaihd.net *.demdex.net *.omtrdc.net https://*.adobetag.com https://*.linkedin.com *.licdn.com https://*.openx.net https://*.rubiconproject.com https://*.gumgum.com https://*.casalemedia.com https://*.media6degrees.com *.company-target.com *.rlcdn.com https://*.pubmatic.com https://*.w55c.net https://*.bidswitch.net https://*.narrative.io *.bidr.io *.2o7.net https://tags.bkrtx.com flex.atdmt.com https://s.yimg.com; style-src 'self' 'unsafe-inline' https://netsuite-salechat.widget.custhelp.com; font-src 'self' data: https://fonts.gstatic.com; img-src * data: ; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.omtrdc.net *.trustarc.com http://chat.leadformix.com https://netsuite-salechat.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com *.demdex.net tags.bluekai.com; connect-src 'self' https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com *.omtrdc.net *.demdex.net http://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://s.yimg.com; media-src 'self' blob: ; report-uri https://system.netsuite.com/app/security/cspreport.nl 2 upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com; 2 default-src 'self' badoo.com eu1.badoo.com us1.badoo.com *.badoo.com *.eu1.badoo.com *.us1.badoo.com badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.agora.io:* wss://*.agora.io:* wss://badoocdn.com:* wss://*.badoocdn.com:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.api.here.com *.instagram.com *.digicert.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; style-src 'self' 'unsafe-inline' badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: badoocdn.com *.badoocdn.com pd1us.badoocdn.com *.pd1us.badoocdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src * bds: bdp:; prefetch-src 'self' *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; frame-ancestors 'self' apps.facebook.com; report-uri /jss/csp_report.phtml 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.facebook.com *.sociomantic.com *.twitter.com *.google-analytics.com *.youtube.com *.googletagmanager.com *.everestjs.net *.googletagservices.com connect.facebook.net s.ytimg.com *.recreativ.ru userapi.com js-agent.newrelic.com t.trafmag.com code.jquery.com *.olark.com cpa.trafmag.com trafmag.utarget.ru trafmag.com *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com recreativ.ru rozetka.com.ua clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com youtube.com everestjs.net googletagmanager.com google-analytics.com twitter.com sociomantic.com facebook.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com *.bootstrapcdn.com j-mirror.com.ua proschet.branderstudio.com market.darovec.com s.go-mpulse.net paypartslimit.privatbank.ua calc.delta.branderstudio.com ua.tronsmart.com telegram.me ua.ergo-global.com www.film2.com.ua candyhooverbuyandtry.com.ua goo.gl manychat.com gcdn.tranzzo.com krok-ttc.com/zakaz-uslugi.html static.zdassets.com liqpay.ua payparts2.privatbank.ua hyperxstyle.com instagram.com *.rozetka.com.ua *.rozetka.ua rozetka.ua; 2 frame-ancestors potserviceui-gamma.findzen.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com 2 default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline' blob:; img-src * data: blob: 2 frame-ancestors 'self' *.commentcamarche.net *.commentcamarche.com; 2 default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 2 upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 2 frame-ancestors 'self' https://*.eluniverso.com http://*.eluniverso.com https://*.ampproject.net http://*.2mdn.net https://*.2mdn.net 2 script-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com *.ixquick.com 'unsafe-inline'; img-src 'self' data: *.startpage.com *.ixquick.com; frame-ancestors 'self' 2 default-src https:; child-src https:; connect-src https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /ajax/csp-report/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://assets.change.org https://static.change.org https://assets-fe.change.org https://change-production.s3.amazonaws.com https://change-public-stuff.s3.amazonaws.com https://www.google.ca https://www.googleadservices.com https://www.youtube.com https://*.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.twimg.com https://vk.com https://*.vk.com https://ajax.cdnjs.com https://cdnjs.cloudflare.com https://service.force.com https://change.my.salesforce.com https://help.change.org https://*.salesforceliveagent.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://js.stripe.com https://cdn.embedly.com https://player.vimeo.com https://*.pubnub.com https://bat.bing.com https://soundcloud.com https://w.soundcloud.com https://www.instagram.com https://www.flickr.com https://*.staticflickr.com; connect-src 'self' blob: https://*.change.org https://change-production.s3.amazonaws.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net fbrpc://* fb-messenger://* https://*.twitter.com https://*.vk.com https://*.braintreegateway.com https://*.paypal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com https://api.stripe.com https://*.pubnub.com https://api.soundcloud.com https://api.airbrake.io; font-src 'self' data: https://assets.change.org https://static.change.org https://d18kwxxua7ik1y.cloudfront.net https://d22r54gnmuhwmk.cloudfront.net https://fonts.gstatic.com; img-src * blob: data:; form-action 'self'; 2 frame-ancestors https://*.udacity.com 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; child-src https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2 frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 2 connect-src 'self' *.google-analytics.com *.g.doubleclick.net *.datamind.ru assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru *.webim.ru https://api.tinkoff.ru https://rci.tinkoff.ru https://cfg.tinkoff.ru https://business.tinkoff.ru https://api.tinkoffinsurance.ru wss://api.tinkoff.ru wss://cobrowsing.tinkoff.ru wss://cobrowsing.tinkoff.ru:443 *.visualwebsiteoptimizer.com;default-src 'self' www.cdn-tinkoff.ru *.webim.ru *.pool.datamind.ru *.tcsbank.ru *.tinkoff.ru;frame-src api-maps.yandex.ru www.cdn-tinkoff.ru www.youtube.com youtu.be zingaya.com *.omniture.com 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru *.datamind.ru *.visualwebsiteoptimizer.com app.vwo.com *.demdex.net bid.g.doubleclick.net;img-src data: vk.com *.sravni.ru www.facebook.com/tr/ ad.doubleclick.net *.g.doubleclick.net www.googleadservices.com *.google.com www.google.ru www.google-analytics.com www.googletagmanager.com tinkoffcreditsystems.d3.sc.omtrdc.net www.banki.ru *.yandex.ru *.yandex.net *.bugsnag.com *.2o7.net *.visualwebsiteoptimizer.com api.tinkoff.ru 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru www.cdn-tinkoff.ru *.pool.datamind.ru cm.everesttech.net *.demdex.net statad.ru cx.atdmt.com *.googleapis.com *.tinkoffjournal.ru;report-uri https://www.tinkoff.ru/api/front/log/csp-error;script-src 'unsafe-eval' 'unsafe-inline' *.datamind.ru assets.adobedtm.com dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net *.omniture.com *.visualwebsiteoptimizer.com connect.facebook.net api-maps.yandex.ru enterprise.api-maps.yandex.ru suggest-maps.yandex.ru www.youtube.com/iframe_api s.ytimg.com 'self' *.tinkoff.ru *.tcsbank.ru www.cdn-tinkoff.ru *.webim.ru app.vwo.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.ru;style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.webim.ru *.pool.datamind.ru www.cdn-tinkoff.ru app.vwo.com *.visualwebsiteoptimizer.com 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wired 2 frame-ancestors *.cox.net *.cox.com *.coxbusiness.com coxcommunications.experiencecloud.adobe.com *.discovercoxonline.com 2 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellhealth.com *.qa.aws.verywellhealth.com atlas.verywellhealth.com atlas.local.verywellhealth.com https://specials.verywell.com 2 frame-ancestors 'self' www.facebook.com www.messenger.com; report-uri /vsctcspreport 2 frame-ancestors https://ww2.coolmathgames.com https://www.coolmathgames.com http://www.coolmath-games.com https://www.coolmath-games.com 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; child-src *; frame-ancestors *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 2 default-src 'self' blob:; img-src 'self' data: blob: 'unsafe-inline' sitecoremedia.blob.core.windows.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.facebook.com *.google.com *.google.gr *.googletagmanager.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: optimize.google.com *.google-analytics.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com; connect-src 'self' optimize.google.com *.visualstudio.com www.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net; frame-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com; child-src 'self' data: blob: *.youtube.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 2 frame-ancestors http://*.bestbuy.com https://*.bestbuy.com http://*.bestbuy.ca https://*.bestbuy.ca https://*.google.com https://*.gstatic.com https://*.adobemc.com https://*.adobe.com; 2 frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 2 frame-ancestors 'self' https://*.elastic.co https://elasticsandbox.docebosaas.com https://elastic.docebosaas.com; 2 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp-reporter-production.apse2.ffx.nz/ 2 default-src * 'unsafe-inline' 'unsafe-eval';img-src * 'unsafe-inline' 'unsafe-eval' 'self' data:; 2 default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.oculus.com ad.atdmt.com connect.facebook.net www.google-analytics.com static.oculuscdn.com forums.oculusvr.com tags.tiqcdn.com;style-src data: blob: 'unsafe-inline' * *.oculus.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.oculus.com *.oculuscdn.com;font-src *.oculus.com data: *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com;img-src *.oculus.com *.fbcdn.net *.facebook.com *.akamaihd.net *.oculuscdn.com data: blob: www.google-analytics.com stats.g.doubleclick.net ad.atdmt.com www.google.com googleads.g.doubleclick.net media-library.stackla.com img.youtube.com; 2 frame-ancestors 'self' *.sc.com *.standardchartered.com *.standardchartered.co.in *.standardchartered.co.th *.standardchartered.com.hk *.standardchartered.com.my *.standardchartered.com.sg *.standardchartered.co.id *.standardchartered.com.tw 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru *.exist.ru *.exist.parts telegram.org; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru; 2 connect-src 'self' checkout.stripe.com sentry.io api.github.com www.npmjs.com http://gj.track.uc.cn/collect;default-src 'none';img-src * data:;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://static.accountdock.com https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://app.hubspot.com https://optimize.google.com https://js.hs-scripts.com/ http://js.hs-analytics.net/ https://js.hsforms.net/ https://forms.hsforms.com/ https://www.brighttalk.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com/widgets.js https://static.npmjs.com/;style-src https://optimize.google.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.npmjs.com/;frame-src https://www.brighttalk.com/ checkout.stripe.com https://accountdock.com/app https://www.youtube.com/embed/mKMaG0cixXw https://forms.hsforms.com/ https://app.hubspot.com https://optimize.google.com https://static.accountdock.com/;font-src https://fonts.gstatic.com https://static.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com 2 default-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self' v2.zopim.com data:; script-src 'self' www.google-analytics.com www.googletagmanager.com v2.zopim.com widget-mediator.zopim.com static.zdassets.com www.google.com www.gstatic.com ssl.gstatic.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net www.bing.com bat.bing.com www.redditstatic.com; img-src 'self' www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net v2.zopim.com v2.zopim.io v2assets.zopim.io data: www.google.com www.gstatic.com ssl.gstatic.com www.bing.com bat.bing.com www.reddit.com alb.reddit.com; connect-src 'self' wss://v2.zopim.com wss://widget-mediator.zopim.com http://v2.zopim.com https://v2.zopim.com https://widget-mediator.zopim.com https://www.google-analytics.com https://ekr.zdassets.com wss://ekr.zdassets.com; frame-src v2.zopim.com www.google.com; media-src v2.zopim.com 2 font-src 'self' offerswidget.visa.com *.gstatic.com data:; img-src 'self' google-analytics.com offerswidget.visa.com www.visa.com *.gstatic.com *.googleapis.com *.rupay.co.in data:;default-src 'self' *.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' style-src 'self' offerswidget.visa.com script-src 'self' offerswidget.visa.com 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2 default-src 'self'; frame-ancestors 'self' https://*.facebook.com; connect-src 'self' https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://www.google-analytics.com/j/collect https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/; object-src 'none'; report-uri https://secreport.synology.com/csp/report; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.livechatinc.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://optimize.google.com https://www.youtube.com https://www.facebook.com https://staticxx.facebook.com https://secure.livechatinc.com https://player.youku.com/ https://vars.hotjar.com/ https://synoform.synology.com; img-src 'self' https://www.synology.com https://global.download.synology.com https://download.synology.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleapis.com https://*.google.com https://www.google.com.tw https://*.gstatic.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://secure.livechatinc.com https://cdn.livechatinc.com https://www.facebook.com https://wcs.naver.com https://www.facebook.com/tr https://dc.ads.linkedin.com https://alb.reddit.com https://t.co/i/adsct data: blob:; media-src 'self' https://download.synology.com https://cdn.livechatinc.com; script-src 'self' https://demo.synology.com https://demo.synology.de https://www.google-analytics.com https://www.google.com https://clients1.google.com https://www.gstatic.com https://www.googletagmanager.com https://cse.google.com https://www.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com https://optimize.google.com https://connect.facebook.net https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://accounts.livechatinc.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://wcs.naver.net/wcslog.js https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://analytics.twitter.com https://static.ads-twitter.com https://www.redditstatic.com https://static.hotjar.com https://script.hotjar.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://fonts.googleapis.com https://optimize.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.capco.com *.fisglobal.com *.wistia.net *.wistia.com *.addtoany.com *.google-analytics.com *.litix.io *.marketo.net *.googletagmanager.com *.hotjar.com *.yourvoice2us.com *.webtrends.com *.webtrendslive.com *.facebook.net *.oktopost.com *.google.com *.marketo.com okt.to static.addtoany.com *.googleadservices.com *.jquery.com *.googleapis.com *.licdn.com *.linkedin.com *.bizographics.com *.adnxs.com *.cloudflare.com *.ads-twitter.com *.doubleclick.net *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com *.addevent.com *.crazyegg.com *.cloudfront.net *.gstatic.com *.crwdcntrl.net; connect-src 'self' *.capco.com *.fisglobal.com *.wistia.com *.litix.io *.yahooapis.com *.mktoresp.com *.hotjar.com *.akamaihd.net *.facebook.com *.linkedin.com *.marketo.com *.google.com *.twitter.com *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.fisevents.com fisevents.com; img-src 'self' 'unsafe-inline' data: *.capco.com *.fisglobal.com *.wistia.com *.wistia.net *.doubleclick.net *.litix.io *.google-analytics.com capcouat.fisglobal.com fast.wistia.net *.webtrendslive.com *.google.com *.marketo.com *.facebook.com *.akamaihd.net *.googleadservices.com *.gstatic.com *.adnxs.com *.google.co.in t.co *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.capco.com *.fisglobal.com *.wistia.com *.wistia.net *.bootstrapcdn.com *.googleapis.com *.marketo.com *.googleapis.com *.google.com *.cloudflare.com; child-src 'self' 'unsafe-inline' *.capco.com *.fisglobal.com *.sitecore.net *.wistia.com *.wistia.net *.nyceinfomanager.com *.nyceinfomanagerdr.com *.peopleclick.com *.hotjar.com *.fls.doubleclick.net *.youtube.com *.segmint.net *.marketo.com fast.wistia.net *.ceros.com *.fisevents.com http://fisevents.com *.frontarena.com *.facebook.net *.doubleclick.net *.facebook.com *.instagram.com *.twitter.com *.youtube.com *.adwords.google.com *.linkedin.com *.amazonaws.com *.google.com *.crwdcntrl.net; font-src 'self' 'unsafe-inline' data: *.capco.com *.fisglobal.com *.wistia.com *.wistia.net capcouat.fisglobal.com fast.wistia.net *.bootstrapcdn.com *.gstatic.com *.cloudflare.com; media-src 'self' 'unsafe-inline' blob: data: *.capco.com *.fisglobal.com *.wistia.com *.wistia.net capcouat.fisglobal.com fast.wistia.net *.akamaihd.net 2 frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 2 default-src 'self' *.e-point.pl *.adocean.pl *.ingbank.pl *.ing.pl; font-src 'self' *.e-point.pl *.ingbank.pl *.ing.pl themes.googleusercontent.com *.googleapis.com *.gstatic.com tagmanager.google.com data:; style-src 'self' 'unsafe-inline' *.e-point.pl code.jquery.com *.ingbank.pl *.ing.pl *.googleapis.com www.google.com *.gstatic.com tagmanager.google.com https://platform.twitter.com s.ytimg.com https://www.ytimg.com; img-src 'self' data: *.e-point.pl img01-olxpl.akamaized.net apollo-ireland.akamaized.net https://img.youtube.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net tagmanager.google.com *.domy.pl *.hit.gemius.pl *.ingbank.pl https://syndication.twitter.com *.doubleclick.net www.google.com https://d-gr.ppstatic.pl clients1.google.com d-gr.ppstatic.pl www.google.pl https://www.i1.ytimg.com traffic.tgdaudience.com *.google-analytics.com *.gstatic.com https://img1.staticmorizon.com.pl *.ggpht.com ingbankslaski.d3.sc.omtrdc.net *.ing.pl content.ingbank.pl *.googleapis.com *.demdex.net *.twimg.com https://galeria.domiporta.pl https://platform.twitter.com; frame-src 'self' https://tbl.tradedoubler.com *.e-point.pl *.ingbank.pl *.ing.pl *.doubleclick.net *.demdex.net www.google.com traffic.tgdaudience.com www.youtube.com https://www.youtube.com *.hit.gemius.pl https://platform.twitter.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.e-point.pl www.googleadservices.com *.adocean.pl https://www.oauth.googleusercontent.com tagmanager.google.com *.hit.gemius.pl code.jquery.com www.googletagmanager.com *.ingbank.pl https://syndication.twitter.com *.doubleclick.net www.google.com www.youtube.com https://www.fbstatic-a.akamaihd.net https://www.youtube.com s.ytimg.com assets.adobedtm.com *.google-analytics.com *.gstatic.com ingbankslaski.d3.sc.omtrdc.net *.ing.pl *.googleapis.com *.demdex.net https://cdn.syndication.twimg.com cdn.tgdaudience.com https://www.apis.google.com https://platform.twitter.com data:; object-src 'self' *.e-point.pl *.ingbank.pl *.ing.pl; connect-src 'self' *.e-point.pl https://*.twilio.com *.adocean.pl ingbankslaski.d2.sc.omtrdc.net traffic.tgdaudience.com *.google-analytics.com *.hit.gemius.pl ingbankslaski.d3.sc.omtrdc.net *.ingbank.pl *.ing.pl wss://*.twilio.com *.doubleclick.net *.demdex.net; frame-ancestors 'self' *.e-point.pl *.demdex.net *.ingbank.pl *.ing.pl; 2 frame-ancestors http://*.ccf.org https://*.ccf.org https://*.chasepaymentechhostedpay.com https://*.clevelandclinic.org http://*.clevelandclinic.org 2 default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ *.litix.io data: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2 frame-ancestors https://www.facebook.com 2 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com;report-uri https://csp.surveymonkey.com/report?e=true&c=prod&a=cmscache 2 frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 2 default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' piwik.openstreetmap.org https://nominatim.openstreetmap.org/ https://overpass-api.de/api/interpreter https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr piwik.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' piwik.openstreetmap.org; style-src 'self' 'unsafe-inline'; worker-src 'none' 2 default-src 'self' assets.paystack.com https://www.googletagmanager.com https://www.google-analytics.com *.newrelic.com youtube.com *.amplitude.com/ 'unsafe-inline'; frame-src https://www.youtube.com; upgrade-insecure-requests 2 frame-ancestors 'self' http://webvisor.com http://awards.ratingruneta.ru 2 frame-ancestors 'self' *.ally.com; 2 object-src 'none' ; img-src https: http: blob: data: ; frame-src http://* https://* https://www.google.com/recaptcha/ ; font-src 'self' https://marketing-cdn.hightail.com https://* http://* data: ; script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://cdn.heapanalytics.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://cdn.optimizely.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://js.hs-analytics.net/ http://js.hs-scripts.com/ http://js.hsforms.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ data https://marketing-cdn.hightail.com/; 2 default-src 'self' http://tribeca.vidavee.com https://www.facebook.com https://assets.adobedtm.com https://connect.facebook.net https://ad.doubleclick.net https://cdnjs.cloudflare.com https://maps.lightstoneproperty.co.za http://maps.lightstoneproperty.co.za http://*.tt.omtrdc.net http://dpm.demdex.net https://maps.googleapis.com https://www.gstatic.com https://maps.googleapis.com http://fast.standardbank.demdex.net http://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel http://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com https://*.map2.ssl.hwcdn.net; font-src 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://www.homeloans1.standardbank.co.za https://www.homeloans1.standardbank.co.za https://geo0.ggpht.com https://geo1.ggpht.com https://geo2.ggpht.com https://geo3.ggpht.com https://khms1.googleapis.com https://khms0.googleapis.com https://geo0.ggpht.com https://cbks0.googleapis.com https://maps.googleapis.com https://maps.gstatic.com http://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za http://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net http://*.tt.omtrdc.net https://*.map2.ssl.hwcdn.net https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.facebook.com https://www.youtube.com https://connect.facebook.net https://ad.doubleclick.net https://connect.facebook.net https://code.jquery.com https://assets.adobedtm.com https://www.gstatic.com https://maps.googleapis.com http://assets.adobedtm.com https://secure-ds.serving-sys.com http://cdn.krxd.net http://www.googleadservices.com http://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com http://*.tt.omtrdc.net https://geo0.ggpht.com https://*.map2.ssl.hwcdn.net https://tpc.googlesyndication.com https://snap.licdn.com https://px.ads.linkedin.com; style-src 'unsafe-inline' 'self' https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.map2.ssl.hwcdn.net; frame-src *; 2 frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com; 2 img-src data: https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' 'unsafe-eval' https: 2 frame-ancestors https://bande2kings.fr https://*.bande2kings.fr 2 frame-ancestors https://*.cafepress.com https://*.cafepress.co.uk https://*.cafepress.ca https://*.cafepress.com.au ; 2 report-uri /csp-report.php; default-src 'none'; font-src https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.cz https://www.google.sk https://pagead2.googlesyndication.com https://stats.g.doubleclick.net; connect-src 'self' https://ajax.googleapis.com https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://ssl.google-analytics.com; frame-src https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://maps.google.cz https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net; frame-ancestors 'self'; base-uri 'self' 2 base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.hunqz.com *.facebook.com *.gstatic.com *.googlesyndication.com *.planetromeo.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com google.com; frame-ancestors 'none'; frame-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com *.blufm.de blufm.de winq.nl; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.hunqz.com *.googlesyndication.com; 2 script-src 'self' cs.money dev.csgo.trade gleam.io www.am4charts.com translate.google.com translate.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net https://vk.com 'unsafe-inline' top-fwz1.mail.ru 'unsafe-eval' cdn.logrocket.io api.usersnap.com cdn.usersnap.com cs.money staging.empire-dev-building.xyz mc.yandex.ru; worker-src 'self' data: blob: staging.empire-dev-building.xyz; object-src cs.money dota.money; media-src cs.money dota.money; frame-src cs.money dota.money onesignal.com https://*.com https://*.ru https://*.ua http://www.youtube.com 2 frame-ancestors 'self' farmers.marketing.adobe.com 2 frame-ancestors self fasttech.com *.fasttech.com 2 default-src https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; object-src *; font-src * data:; img-src * data:; frame-ancestors 'self' *.ca.com; 2 frame-ancestors *; 2 default-src 'self';object-src 'self' *.cdn.datatables.net cdn.datatables.net;connect-src 'self' *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;img-src 'self' data: i.mt.lv api.tiles.mapbox.com unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;frame-src 'self' youtu.be youtube.com www.youtube.com www.google.com;font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;frame-ancestors 'self'; 2 frame-ancestors *.splunk.com *.touchcast.com, frame-ancestors *.splunk.com *.touchcast.com 2 frame-ancestors 'self' https://solutions.sciquest.com https://usertest.sciquest.com; 2 font-src *;img-src * data:; 2 frame-ancestors https://eu1-ifwe.3dexperience.3ds.com https://eu1-215dsi0708-ifwe.3dexperience.3ds.com http://sw.local:81 http://sw2.local:81 https://sw2.local:4444 https://solidworks.com https://www-dev.itvpc.solidworks.com https://www-qal.itvpc.solidworks.com https://www-ppd.itvpc.solidworks.com https://www-contrib.itvpc.solidworks.com https://www.solidworks.com 2 default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self' 2 frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com; report-uri /report-csp-violation 2 frame-ancestors 'self' investor.cmegroup.com http://investor.cmegroup.com *.quikstrike.net commodex.co.il openexchange.community.cmegroup.com staging.tickertocker.com http://www.straitsfinancial.com www.straitsfinancial.com http://straitsfinancial.com https://datamine.cmegroup.com http://dataminelocal.cmegroup.com https://dataminedev.cmegroup.com https://login.cmegroup.com https://www.home.saxo https://go.cmegroup.com https://app.topsteptrader.com https://help.topsteptrader.com https://staging.topsteptrader.com https://blueeditsitecore.sys.dom https://bluesitecore.sys.dom https://sitecoredev.orange.saxobank.com https://sitecoredev-nocache.orange.saxobank.com https://sitecoredevedit.orange.tst2.dom http://star-website.com https://www.investing.com https://www.benzinga.com https://m.benzinga.com https://amp.benzinga.com https://bz.zingbot.bz https://www.zingbot.bz https://gdcdyn.interactivebrokers.com https://www.interactivebrokers.com https://datamineuat.cmegroup.com www.kgieworld.sg; 2 default-src 'self' *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.company-target.com *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.evenfinancial.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * data:; font-src data: *.transunion.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 2 upgrade-insecure-requests; frame-ancestors 'self' https://mangaku.co https://manganime.id 2 nosniff 2 block-all-mixed-content; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 2 frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 2 media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2 default-src 'self' https://s.hongleongconnect.my https://www.hlb.com.my; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 'unsafe-inline'; img-src 'self' * 'unsafe-inline' data: ; style-src 'self' * 'unsafe-inline'; font-src 'self' * data: ; frame-src 'self' * 2 default-src 'self'; img-src 'self' https://www.google.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; form-action 'self' https://agilemail.createsend.com/ https://www.createsend.com/t/subscribeerror https://www.createsend.com/t/securedsubscribe; frame-src https://www.youtube-nocookie.com/ https://secure.livechatinc.com/; connect-src 'self' https://start.1password.com/ https://start.1password.ca/ https://start.1password.eu/ https://www.google-analytics.com/ https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://www.googleapis.com/ https://createsend.com/t/getsecuresubscribelink; prefetch-src https://a.1password.com/ https://a.1password.ca/ https://a.1password.eu/; frame-ancestors 'none'; 2 default-src 'self' data: gap: https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://c.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://100qrcey9nsltilmpwezagts.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net https://c.go-mpulse.net https://s.go-mpulse.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com; img-src 'self' data: https://*.maersk.com https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://www.weborama.com https://adv.solution.weborama.fr https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://tr.outbrain.com https://fo-api.omnitagjs.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com; frame-src https://*.maersk.com https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com; font-src 'self' data: https://*.maersk.com https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; report-uri /json/csp-violation 2 frame-ancestors https://*.propellerads.com; 2 frame-ancestors 'self' https://apps.facebook.com 2 frame-ancestors *.2checkout.com *.2co.com *.avangate.com 2 script-src 'self'; object-src 'self' 2 script-src 'self' https://www.gstatic.cn *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com https://cdn.datatables.net https://www.google-analytics.com https://www.recaptcha.net https://ajax.aspnetcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.google.com *.googletagmanager.com https://www.gstatic.com https://ajax.googleapis.com https://*.msecnd.net *.acceleratoradmin.com *.mxpnl.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk 'unsafe-inline';style-src 'self' *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.tranedigitalrewards.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk 'unsafe-inline';connect-src 'self' *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com https://www.google-analytics.com *.visualstudio.com *.acceleratoradmin.com api.mixpanel.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk;font-src 'self' https://ajax.aspnetcdn.com *.tranedigitalrewards.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.acceleratoradmin.com;img-src 'self' https://cdnjs.cloudflare.com https://www.google-analytics.com *.acceleratoradmin.com data: data:;frame-src 'self' https://www.recaptcha.net/ https://www.google.com *.acceleratoradmin.com *.adpclientappreciation.com *.lincolnelectricdigitalrewards.com *.boschappliancedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.prepaiddigitalsolutions.com *.purestoragedigitalrewards.com *.thermadorappliancedigitalrewards.com *.tranedigitalrewards.com *.americanstandardairdigitalrewards.com *.myacuvuedigitalrewards.com *.attrecognition.com *.coopervisiondigitalrewards.com *.allglobalcircle-rewards.com *.habcard.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.ultimaterewardsredemption.com *.mystarzrewards.com *.e-rewardsmedicalrewards.com *.recognizingyourewards.com *.kelloggsdigitalrewards.ca *.valvolinedigitalrewards.com *.goodyeardigitalrewards.com *.alconchoicepayments.com *.geappliancesdigitalrewards.com *.topcashbackdigitalsolutions.com *.topcashbackdigitalsolutions.co.uk *.prosper2card.co.uk *.ppdslab.com *.cooperdigitalrewards.com *.youtube.com https://youtu.be https://testcommon.swiftprepaid.com https://common.swiftprepaid.com *.greencompasspay.com *.360digitalpayments.com *.adpclientappreciation.com *.alconchoicepayments.com *.allglobalcircle-rewards.com *.americanstandardairdigitalrewards.com *.attrecognition.com *.bittyadvancecard.com *.bmwrebateredemption.com *.bmwultimaterewardsredemption.com *.boschappliancedigitalrewards.com *.cbdatsbypay.com *.ceomovementpay.com *.cooperdigitalrewards.com *.coopervisiondigitalrewards.com *.digitalwalletdemo.com *.emrispay.com *.e-rewardsmedicalrewards.com *.expectationsrewards.co.uk *.ferrerorecognition.com *.fundkitecard.com *.geappliancesdigitalrewards.com *.gettogether-pjlibraryrewards.org *.goodyeardigitalrewards.com *.greencompasspay.com *.guustodigitalrewards.com *.habcard.com *.healthyhempfarmspay.com *.honey20pay.com *.hoolalifepay.com *.kelloggsdigitalrewards.ca *.leafywellpay.com *.lincolnelectricdigitalrewards.com *.minimotoringredemption.com *.minimotoringrewardsredemption.com *.minirebateredemption.com *.myacuvuedigitalrewards.com *.mygocardspay.com *.myrevealpay.com *.my-rewardcard.com *.mystarzrewards.com *.natureancepay.com *.NNAPartsDigitalRewards.com *.noble8pay.com *.onelogicmoney.com *.perksatworkcard.com *.ppdslab.com *.ppdslabautomation.com *.prepaiddigitalsolutions.com *.prosper2card.co.uk *.purestoragedigitalrewards.com *.pyurlifepay.com *.recognizingyourewards.com *.redgagedirect.com *.sanctuarygirlpay.com *.swiftimplementations.com *.thermadorappliancedigitalrewards.com *.tirestorerewards.com *.topcashbackdigitalsolutions.co.uk *.topcashbackdigitalsolutions.com *.tranedigitalrewards.com *.ultimaterewardsredemption.com *.uulalacard.com *.valvolinedigitalrewards.com *.vsponeprepaidcard.com *.wealthbuilderpay.com *.worldpaymerchantrewards.com *.yourrewardpass.com topcashbackdigitalsolutions.co.uk 2 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2 frame-ancestors 'self' *.talent-soft.com 2 frame-ancestors 'self' http://intacct.lookbookhq.com https://intacct.lookbookhq.com http://go.intacct.com https://go.intacct.com http://go.sageintacct.com https://go.sageintacct.com; 2 frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com; 2 default-src *.chowhound.com *.cbsinteractive.com cbsinteractive.com blob: *.chowhound.com https: 'unsafe-inline' 'unsafe-eval'; script-src blob: *.chowhound.com https: data: 'unsafe-inline' 'unsafe-eval'; media-src http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com http://canhls.cbs.com cbs-hls.akamaized.net blob: *.chowhound.com data: video https:; font-src *.chowstatic.com *.cbsistatic.com vidtech.cbsinteractive.com rev.cbsi.com fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: ; connect-src http://canhls.cbs.com http://ipad.cbs.com.edgesuite.net http://ipad-streaming.cbs.com http://can.cbs.com cbs-hls.akamaized.net https:; img-src https: data: http://thumbnails.cbsig.net; frame-src https:; frame-ancestors *.chowhound.com *.google.com *.ampproject.org; form-action https: http://*.chow.com http://*.chowhound.com; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 2 default-src 'self'; connect-src 'self'; font-src 'self' data:; img-src 'self' csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.googleapis.com https://maps.googleapis.com https://maps.gstatic.com; style-src 'unsafe-inline' 'self'; 2 base-uri self;img-src https: data:; 2 frame-ancestors 'self' https://*.sproutsocial.com; 2 frame-ancestors 'self' https://*.theactivetimes.com https://*.thedailymeal.com https://*.doubleclick.net https://*.deployads.com https://*.googlesyndication.com https://*.rubiconproject.com https://*.adnxs.com https://*.openx.net https://*.criteo.com https://*.casalemedia.com 2 frame-ancestors 'self' https://optimize.google.com/ https://forum.opticsplanet.com 2 default-src 'self' https:; media-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' data:; connect-src 'self' https: wss:; img-src * data: android-webview-video-poster:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.retrip.jp retrip.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.googlesyndication.com *.cloudflare.com *.doubleclick.net *.caprofitx.com *.googleadservices.com *.popin.cc *.treasuredata.com *.amoad.com *.criteo.com *.i-mobile.co.jp *.impact-ad.jp *.yimg.jp *.gmossp-sp.jp *.oct-pass.net *.nend.net *.mtburn.com *.ad-stir.com *.triver.jp *.criteo.net *.adtdp.com *.ca-conv.jp *.rakuten.co.jp *.adjust-net.jp *.gunosy.com *.softbank.jp *.yahoo.co.jp *.openx.net *.socdm.com *.uliza.jp *.genieesspv.jp *.advg.jp *.microad.jp *.rubiconproject.com *.mbww.com *.ampproject.org *.advertising.com *.adroll.com *.mathtag.com *.ladsp.com *.2mdn.net *.gssprt.jp *.zimg.jp *.logly.co.jp *.tapone.jp *.proparm.jp asset: *.appspot.com *.adingo.jp *.zucks.net *.fluct.me *.skyscanner.net *.goldspotmedia.com a248.e.akamai.net *.speee-ad.jp speee-ad.akamaized.net *.google.co.jp *.docomo.ne.jp *.cinarra.com *.flashtalking.com *.apvdr.com *.x-lift.jp *.adsafeprotected.com *.ads-twitter.com *.amazon-adsystem.com bs.serving-sys.com *.bs.serving-sys.com; worker-src 'self' https: blob:; frame-src 'self' https: gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; report-uri https://trippiece.report-uri.io/r/default/csp/enforce; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-ancestors 'self' https://*.blackrock.com https://*.ishares.com; 2 frame-ancestors 'self' blank;object-src 'self' blank; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src ws: https: 'self'; frame-ancestors 'self'; 2 default-src 'self'; style-src 'self' 'unsafe-inline'; 2 frame-ancestors 'self' *.vendhq.com; report-uri https://csp.api.vendhq.com/prod/report; 2 script-src 'self' *.interpublic.com *.google.com *.googleapis.com *.googlecode.com *.google-analytics.com netdna.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com s7.addthis.com m.addthis.com m.addthisedge.com optanon.blob.core.windows.net code.jquery.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.interpublic.com; report-uri /srv/csp/reportUnsafeJS.php?sender=Content-Security-Policy 2 block-all-mixed-content; frame-ancestors 'self' 2 frame-ancestors 'self' u-sleep.umbian.com brightree.net *.u-sleep.umbian.com *.brightree.net 2 frame-ancestors 'self' *.infor.com *.Inforcloudsuite.com *.infor.cn *.infor.de *.infor.es *.infor.fr *.infor.jp *.infor.kr 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; connect-src https: wss: 2 frame-ancestors *.networksolutions.com *.networksolutionsemail.com *.namesecureemail.net 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' ; 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.trustarc.com connect.facebook.net cdnjs.cloudflare.com www.googletagmanager.com tagmanager.google.com https://remote.captcha.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://code.jquery.com ssl.google-analytics.com https://s3.amazonaws.com/scripts-clickmeter-com/js/go.js https://player.vimeo.com https://www.gstatic.com ajax.googleapis.com www.google-analytics.com munchkin.marketo.net snap.licdn.com https://maxcdn.bootstrapcdn.com eu-icon-qa-sf.truste-svc.net consent.truste.com consent.trustarc.com staticxx.facebook.com www.facebook.com googleads.g.doubleclick.net www.googleadservices.com https://platform.linkedin.com https://px.ads.linkedin.com https://www.linkedin.com https://dc.ads.linkedin.com https://ssl-munchkin.marketo.net https://apis.google.com https://platform.twitter.com https://boards.greenhouse.io https://cdn.walkme.com https://d3sbxpiag177w8.cloudfront.net https://translate.google.com https://translate.googleapis.com https://hire.withgoogle.com https://djtflbt20bdde.cloudfront.net; img-src 'self' https://www.trustarc.com http://s3-us-west-1.amazonaws.com https://s3-us-west-1.amazonaws.com https://www.truste.com https://info.trustarc.com http://static.truste.com https://www.googletagmanager.com https://maps.googleapis.com https://maps.google.com https://web.facebook.com https://maps.gstatic.com https://privacy-policy.truste.com https://login.truste.com www.facebook.com www.google.com eu-icon-qa-sf.truste-svc.net consent.trustarc.com www.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://ssl.google-analytics.com https://static.licdn.com data: https://stats.g.doubleclick.net https://www.linkedin.com https://syndication.twitter.com https://ec.walkme.com https://googleads.g.doubleclick.net https://choices.trustarc.com https://translate.googleapis.com https://translate.google.com https://www.google.ca https://secure.gravatar.com; frame-src 'self' https://www.trustarc.com https://player.vimeo.com staticxx.facebook.com https://info.trustarc.com eu-icon-qa-sf.truste-svc.net consent-pref.trustarc.com https://www.youtube.com https://www.google.com https://download.trustarc.com https://platform.twitter.com https://www.facebook.com https://platform.linkedin.com https://apis.google.com https://syndication.twitter.com https://accounts.google.com https://boards.greenhouse.io https://cdn.walkme.com consent-pref.truste.com https://hire.withgoogle.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net/; font-src 'self' data: fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://consent.trustarc.com; style-src 'unsafe-inline' 'self' https://www.trustarc.com fonts.googleapis.com tagmanager.google.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com https://djtflbt20bdde.cloudfront.net; connect-src 'self' 846-llz-652.mktoresp.com https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://ec.walkme.com https://translate.googleapis.com https://trackerapi.trustarc.com https://hire.withgoogle.com https://my.yoast.com; frame-ancestors 'self' https://info.trustarc.com https://download.trustarc.com assess.truste.com assess-stage.truste.com gda-dev.truste-svc.net iapp-doc.trustarc.com; 2 frame-ancestors 'self' *.simons.ca 2 frame-ancestors *.pseg.com *.salesforce.com *.salesforceliveagent.com *.force.com *.psegliny.com; default-src https: data: 'unsafe-inline' 'unsafe-eval' 2 upgrade-insecure-requests; default-src https:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src https:; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: blob: data: http://ad.doubleclick.net; media-src https: data:; frame-src https: data: instagram:; child-src https: data: instagram:; font-src https: data:; connect-src https: wss: blob:; report-uri https://virgindotcom.report-uri.com/r/d/csp/enforce 2 default-src * data: blob:;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com https://static.hotjar.com;frame-src 'self' https://myheritage-container.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://vars.hotjar.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://www.zenaps.com;script-src 'unsafe-eval' 'unsafe-eval' 'unsafe-inline' blob: data: 'self' https://*.myheritage.com https://*.mhcache.com https://cdn.trackjs.com https://tpc.googlesyndication.com https://*.doubleclick.net https://*.google.com https://*.googletagmanager.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://*.google-analytics.com https://www.gstatic.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.mk-sense.com https://optanon.blob.core.windows.net https://code.jquery.com https://cdn.ravenjs.com https://*.hotjar.com https://www.dwin1.com https://www.zenaps.com https://ad.zanox.com;style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://optanon.blob.core.windows.net;connect-src data: 'self' https://*.myheritage.com https://*.mhcache.com https://www.google-analytics.com https://adservice.google.com https://bam.nr-data.net https://sentry.io https://capture.trackjs.com https://*.facebook.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://*.doubleclick.net https://*.mk-sense.com https://privacyportal-eu.onetrust.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 2 default-src blob: data: *.adaraanalytics.com *.adclear.net *.adform.net *.adfox.ru *.adhigh.net *.adkernel.com *.adlooxtracking.com *.admanmedia.com *.admedo.com *.admixer.net *.adnxs.com *.adobe.com *.adriver.ru *.adroll.com *.adspirit.de *.adtriba.com *.adunity.com *.adverline.com *.aidata.io *.akamaihd.net *.amazon-adsystem.com *.amazonaws.com *.amobee.com *.ampproject.net *.ampproject.org *.aniview.com *.appier.net *.appsflyer.com *.appspot.com *.arrivalist.com *.avocet.io *.awin1.com *.bannerflow.com *.belboon.de *.betweendigital.com *.bidtheatre.com *.blismedia.com *.buzzoola.com *.cdnvideo.ru *.celtra.com *.clickonometrics.pl *.cloudflare.com *.cosmo.ru *.cosmopolitan.ru *.coub.com *.creativecdn.com *.criteo.com *.criteo.net *.deepintent.com *.digitaltarget.ru *.doubleclick.net *.doubleverify.com *.e-contenta.com *.ebay.com *.ebaystatic.com *.emerse.com *.engageya.com *.eu.criteo.com *.eulerian.net *.evidon.com *.exactag.com *.exponential.com *.eyereturn.com *.facebook.com *.facebook.net *.flashtalking.com *.g.doubleclick.net *.gemius.pl *.geniusmonkey.com *.getblue.io *.getrockerbox.com *.giphy.com giphy.com *.gnezdo.ru *.google-analytics.com *.google.az *.google.by *.google.co.uz *.google.com *.google.com.ua *.google.kz *.google.ru *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.hpmdnetwork.ru *.hurra.com *.hybrid.ai *.ibillboard.com *.imweb.ru *.innovid.com *.instagram.com *.intelliad.de *.jivox.com *.justpremium.com *.lead-alliance.net *.lkqd.net *.m-counter.ru *.mail.ru *.mds.yandex.net *.media.net *.mediawallahscript.com *.meetrics.net *.mgid.com *.miaozhen.com *.mindbox.ru *.mixmarket.biz *.mobilcom-debitel.de *.mradx.net *.nativeads.com *.ok.ru *.onthe.io *.otm-r.com *.otto.de *.outbrain.com *.parship.ch *.placed.com *.pladform.ru *.pubmatic.com *.rubiconproject.com *.rutarget.ru *.sape.ru *.scoota.com *.seedtag.com *.semasio.net *.sendpulse.com *.sendpulse.com:4434 *.serving-sys.com *.sharethrough.com *.smartadserver.com *.sociomantic.com *.sojern.com *.sonobi.com *.splicky.com *.springserve.com *.ssl-images-amazon.com *.stackadapt.com *.taboola.com *.tacticrealtime.com *.taptapnetworks.com *.tchibo.ch *.teads.tv *.theadex.com *.tns-counter.ru *.tradelab.fr *.trafmag.com *.travelaudience.com *.tripadvisor.ru *.trustarc.com *.turboadv.com *.twimg.com *.twitter.com *.undertone.com *.usemax.de *.verstka.io *.videonow.ru *.viewst.com *.vimeo.com *.viqeo.tv *.weborama.fr *.withcubed.com *.xxxlutz.de *.yandex.by *.yandex.com *.yandex.fr *.yandex.kz *.yandex.md *.yandex.net *.yandex.ru *.yandex.st *.yandex.tm *.yandex.ua *.yandex.uz *.yandexadexchange.net *.youtube.com *.ytimg.com *.zanox.com *.zeotap.com *.zuuvi.com cosmo.ru coub.com im-web.ru s3.feedly.com sarafan.tech sarafanblob.blob.core.windows.net verstka.io vk.com yastatic.net *.createjs.com *.2mdn.net *.teeqer.com *.teeked.com *.nyxcosmetic.ru *.apple.com *.5visions.com *.imgsniper.com cdn.jsdelivr.net 'self' 'unsafe-eval' 'unsafe-inline'; report-uri https://im-web.ru/csp_report.php?host=wwwcosmoru 2 frame-src 'self' https://www.terminland.de *.datev.de *.novomind.com 2 frame-ancestors 'self' https://www.clearslide.com https://www.purdueglobalpresents.com http://upload.clearslide.com 2 default-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src * data:; worker-src 'self' blob:; 2 frame-ancestors 'self' *.optimizely.com optimizely.com http://*.corp.westmarine.com:* https://*.corp.westmarine.com:* http://*.westmarine.net:* http://westmarine.net:* https://*.westmarine.net:* https://westmarine.net:* 2 referrer unsafe-url; 2 frame-ancestors http://*.visitsingapore.com/ http://*.visitsingapore.com.cn/ https://*.visitsingapore.com/ https://*.visitsingapore.com.cn/ 'self'; 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.ine.mx https: 2 frame-ancestors 'self' http://dds-simplicit-prod.s3-website-ap-southeast-2.amazonaws.com http://dds-simplicit-v2-prod.s3-website-ap-southeast-2.amazonaws.com https://test.salesforce.com *.suncorpbank.com.au; 2 frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com 2 worker-src blob: ; default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' http://fireeye.lookbookhq.com https://fireeye.lookbookhq.com http://content.fireeye.com https://content.fireeye.com 2 script-src 'self' https://dqnp8bdp95f7m.cloudfront.net https://www.google.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://api.userlike.com https://userlike-cdn-client.s3-eu-west-1.amazonaws.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://dq4irj27fs462.cloudfront.net; base-uri 'self'; 2 default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com ; frame-ancestors 'self' https://*.belastingdienst.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com data: https://*.belastingdienst.nl ;font-src 'self' https://*.belastingdienst.nl; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://f1-eu.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://*.belastingdienst.nl https://f1-eu.readspeaker.com 'unsafe-inline' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 2 default-src 'self'; connect-src 'self' https://nrpc.olark.com https://keepersecurity.eu https://*.hotjar.com wss://*.hotjar.com; font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.gstatic.com https://*.hotjar.com; frame-ancestors https://start.keeper.io; frame-src 'self' https://static.olark.com https://player.vimeo.com https://www.youtube.com https://www.slideshare.net https://dashboard.monitis.com https://www.googletagmanager.com https://www.google.com https://connect.studentbeans.com https://*.hotjar.com https://forms.hsforms.com/; img-src 'self' https: data:; media-src 'self' https://static.olark.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://static.olark.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.jsdelivr.net https://fonts.googleapis.com; 2 default-src 'self'; media-src 'self' 13.232.2.80 newsonair.nic.in airworldservice.org *.akamaihd.net *.akamaihd-staging.net blob: ; connect-src 'self' *.akamaihd.net *.akamaihd-staging.net ; script-src 'self' 'unsafe-inline' ssl.p.jwpcdn.com www.google-analytics.com ajax.googleapis.com googletagmanager.com content.jwplatform.com platform.twitter.com cdn.syndication.twimg.com maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googleapis.com minisrclink.cool public.tableau.com connect.facebook.net ssl.p.jwpcdn.com; img-src * data: *; style-src 'self' 'unsafe-inline' *.twimg.com *.twitter.com *.w3.org cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; frame-src 'self' *.twitter.com g.jwpsrv.com public.tableau.com *.google.com *.youtube.com *.facebook.com; font-src 'self' use.fontawesome.com ssl.p.jwpcdn.com cdnjs.cloudflare.com fonts.gstatic.com; 2 frame-ancestors 'self' https://www.foxplay.gr https://*.cosmote.gr https://*.ote.gr https://webform.studentactivation.gr https://t-mint.s3.amazonaws.com https://*.youtube.com; 2 default-src 'self'; img-src 'self' data: smetrics.bankaustria.at bs.serving-sys.com track.adform.net img.youtube.com www.facebook.com unicreditgroup.122.2o7.net googleads.g.doubleclick.net www.google.com www.google.at www.google.de f1.eu.readspeaker.com webapps.bankaustria.at maps.gstatic.com maps.googleapis.com cashbackonline.at www.cashbackonline.at www.gstatic.com f1-eu.readspeaker.com http://www.bankaustria.at http://webapps.bankaustria.at media.readspeaker.com collect.tealiumiq.com cdn.tagcommander.com manager.tagcommander.com manager.commander1.com engage.commander1.com sync.commander1.com privacy.commander1.com bankaustria.commander1.com; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com fonts.googleapis.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bankaustria.at www.googleadservices.com googleads.g.doubleclick.net f1-eu.readspeaker.com connect.facebook.net bs.serving-sys.com secure-ds.serving-sys.com maps.googleapis.com ahc-prod.tetralog-it.de track.adform.net s1.adform.net cdn.tagcommander.com bankaustria.commander1.com www.googletagmanager.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com *.bankaustria.at bid.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com service.rs-software.at connect.facebook.net cdn.tagcommander.com; frame-ancestors 'self' *.bankaustria.at; connect-src 'self' webapps.bankaustria.at www.bankaustria.at wss://www.bankaustria.at ahc-prod.tetralog-it.de bs.serving-sys.com www1.emarsys.net; font-src 'self' fonts.gstatic.com data:; media-src 'self' http://www.bankaustria.at rstts-eu.readspeaker.com app-eu.readspeaker.com 2 upgrade-insecure-requests; frame-ancestors 'none'; 2 default-src 'self' www.tranquil.it yoast.com calderaforms.com va.tawk.to *.tawk.to static-v.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com *.linkedin.com www.tranquil.it plugins.tawk.to embed.tawk.to snap.licdn.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com *.twitter.com cdn.syndication.twimg.com www.google.com www.gstatic.com js.stripe.com use.fontawesome.com maps.googleapis.com; img-src 'self' data: *.doubleclick.net t.co http://www.icegram.com www.icegram.com www.google-analytics.com cdn.jsdelivr.net static-v.tawk.to va.tawk.to www.tranquil.it syndication.twitter.com platform.twitter.com pbs.twimg.com secure.gravatar.com calderaforms.com ; style-src 'self' 'unsafe-inline' www.tranquil.it cdn.jsdelivr.net platform.twitter.com fonts.googleapis.com use.fontawesome.com www.gstatic.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.tranquil.it va.tawk.to static-v.tawk.to fonts.gstatic.com use.fontawesome.com ; frame-src 'self' wapt.tranquil.it www.tranquil.it va.tawk.to plugins.tawk.to www.elegantthemes.com www.youtube.com platform.twitter.com syndication.twitter.com www.google.com www.gstatic.com js.stripe.com ; object-src 'self' ; connect-src 'self' *.tawk.to 2 frame-ancestors 'self' *.nosfair.com https://toolbox.gls.de 2 default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.cdsreg.com/ https://*.xpressreg.net/ https://*.xpressleadpro.com/ https://*.xpressleadpro.net/ https://*.xpresspaymentservice.com/ https://xpresspaymentservice.com/ https://*.exhibitoremails.com/ https://*.cdsdatasense.Com/ *.digicert.com/ https://*.twimg.com/ https://*.adroll.com/ https://*.ingo.me/ https://ingo.me/ https://*.facebook.net/ https://*.facebook.com/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.ads-twitter.com/ https://*.olark.com/ https://*.google.com/ https://*.twitter.com/ https://*.googleadservices.com/ https://*.googletagmanager.com/ https://*.feathr.co/ https://ads.yahoo.com/ https://*.adsrvr.org/ https://*.cloudfront.net/ https://*.lytics.io/ https://hotel-widget-files.s3.amazonaws.com/ https://abm-assets.s3.amazonaws.com/ https://s3.amazonaws.com/ https://settings.luckyorange.net/ https://*.onpeak.com/ https://assets.adobedtm.com/ https://*.googletagmanager.com/ https://*.hotjar.com/ https://*.melissadata.net/ https://*.acs.org/ https://js.hs-scripts.com/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://js.hsleadflows.net/ https://js.hs-analytics.net/ https://forms.hubspot.com/ https://*.xpressreg.local/ https://*.hscollectedforms.net/ https://*.marketo.net/ https://*.gstatic.com/ https://*.addthis.com/ https://app.webreg.me/ https://dpm.demdex.net/ https://acswso.tt.omtrdc.net/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.linkedin.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://pixel-a.basis.net/ https://pixel.sitescout.com/ https://*.bing.com/ https://*.simplymeasured.com/ https://*.walkme.com/ https://*.dpmsrv.com/ https://*.marinsm.com/ https://*.prfct.co/ https://*.adnxs.com/ https://*.rlcdn.com/ https://*.youtube.com/ https://tags.tiqcdn.com/ https://*.informz.net/ https://*.omeda.com https://*.googletagservices.com https://*.googlesyndication.com https://*.olark.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net https://*.firebaseio.com https://*.googleapis.com https://invt.io http://teamplanner/; img-src * data:; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2 default-src 'self'; script-src 'self'; 2 frame-ancestors https://www.niagahoster.co.id/ https://panel.niagahoster.co.id/ 2 frame-ancestors 'self' http://www.clarksusa.com/; 2 default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; connect-src 'self' greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net; img-src 'self' greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob:; style-src 'self' 'unsafe-inline' greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com; font-src 'self' data: greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net *.livefyre.com; frame-src 'self' *.facebook.com facebook.com greendot.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net d.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net; 2 default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 2 default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 2 connect-src 'self' metrics-api.dimensions.ai cdn.intechopen.com rccwpbsf6b-1.algolianet.com rccwpbsf6b-2.algolianet.com rccwpbsf6b-3.algolianet.com rccwpbsf6b-dsn.algolia.net hm.baidu.com sentry.io www.google.com; default-src cdn.intechopen.com cdnintech.com uk1.siteimprove.com d1bxh8uas1mnw7.cloudfront.net d1uo4w7k31k5mn.cloudfront.net siteimproveanalytics.com www.google.com cdnjs.cloudflare.com badge.dimensions.ai 'self' metrics-api.dimensions.ai api.altmetric.com mts.intechopen.com api.intechopen.com badges.altmetric.com 'unsafe-eval' sentry.io 'unsafe-inline' rccwpbsf6b-2.algolianet.com rccwpbsf6b-3.algolianet.com rccwpbsf6b-dsn.algolia.net fonts.gstatic.com www.gstatic.com; font-src cdnintech.com cdnjs.cloudflare.com data: 'self' fonts.gstatic.com; img-src 'self' api.intechopen.com badge.dimensions.ai cdn.intechopen.com cdnintech.com d1uo4w7k31k5mn.cloudfront.net mts.intechopen.com uk1.siteimprove.com cdnjs.cloudflare.com privacy-policy.truste.com badges.altmetric.com hm.baidu.com www.gstatic.com assets-bagtheweb.s3.amazonaws.com; manifest-src 'self'; object-src cdn.intechopen.com 127.0.0.1; script-src-elem badge.dimensions.ai cdnintech.com www.google.com cdnjs.cloudflare.com d1bxh8uas1mnw7.cloudfront.net siteimproveanalytics.com api.altmetric.com 'unsafe-inline' 'self' www.gstatic.com www.googletagmanager.com; script-src badge.dimensions.ai cdnintech.com cdnjs.cloudflare.com siteimproveanalytics.com www.google.com d1bxh8uas1mnw7.cloudfront.net api.altmetric.com rccwpbsf6b-dsn.algolia.net 'unsafe-eval' 'unsafe-inline' 'self' www.gstatic.com; style-src-elem badge.dimensions.ai cdnjs.cloudflare.com fonts.googleapis.com d1bxh8uas1mnw7.cloudfront.net 'unsafe-inline' 'self'; style-src badge.dimensions.ai d1bxh8uas1mnw7.cloudfront.net cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; form-action 'self'; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; frame-src www.google.com; report-uri https://bbc8b283fbf6588bc03a3c7c39185f43.report-uri.com/r/d/csp/reportOnly 2 block-all-mixed-content; frame-ancestors 'self' qualys.com *.qualys.com; 2 frame-ancestors 'self' *.svd.se; default-src https: data: blob: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' m.gi.rgsgames.com gamesyses-static.casinomodule.com gamesyses-game.casinomodule.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.marketo.net *.googletagmanager.com *.facebook.net static.ads-twitter.com *.evidon.com www.google-analytics.com sjs.bizographics.com *.bizible.com *.ge.com *.bhge.com *.industrial.ai *.youtube.com *.ytimg.com *.linkedin.com *.twitter.com gateway.zscalertwo.net *.newrelic.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net s.ytimg.com *.demandbase.com data: nasdaqir-prod.apigee.net *.hotjar.com *.zscalertwo.net j.6sc.co bam.nr-data.net fssfed.stage.ge.com cdnjs.cloudflare.com *.kissmetrics.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.gstatic.com s0-azure.assets-yammer.com maps.googleapis.com cdn.syndication.twimg.com addtocalendar.com; media-src 'self' *.vimeo.com *.youtube.com https://gateway.zscalertwo.net https://fpdl.vimeocdn.com data:; frame-src 'self' bhge.acquiadam.com *.webdamdb.com *.zscalertwo.net fssfedpitc.ge.com fssauth.ge.com *.webdamdb.com *.facebook.com *.marketo.com *.youtube.com *.hotjar.com *.adobe.com connect.facebook.net bid.g.doubleclick.net youtu.be *.evidon.com spo-teamsite.ge.com *.google.com spo-teamsite.ge.com fss.gecompany.com https://fss.gecompany.com/ https://ssocentralck.registrar.ge.com/ https://affiliateservices.gecompany.com/ https://ssologin.ssogen2.corporate.ge.com/ https://ssologin.ssogen2.corporate.ge.com/ https://rsologin.ssogen2.corporate.ge.com/ https://smloginmap.ssogen2.corporate.ge.com/ *.yammer.com login.microsoftonline.com fssfedma.o365.ge.com platform.linkedin.com syndication.twitter.com platform.twitter.com www.linkedin.com https://www.gechannelconnect.com/ https://staging60.gechannelconnect.com/; frame-ancestors 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; font-src 'self' data: fonts.gstatic.com *.cloudflare.com; report-uri //report-csp-violation 2 default-src * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 2 default-src 'none'; base-uri 'self' *.adform.net *.seadform.net; connect-src 'self' data: https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: https://nouw.com https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval' *; form-action 'self' http://nouw.com *.facebook.com *.facebook.net https://secure.pay-read.se; frame-ancestors 'self' http://frame.bloglovin.com https://blogkeen.com; frame-src 'self' *.youtube.com *.spotify.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob:; manifest-src 'self'; media-src *; object-src 'none'; report-uri https://nouw.com/api/misc/csp; style-src * blob: 'unsafe-inline'; worker-src 'self'; script-src 'self' https://nouw.com https://cdnjs.cloudflare.com *.facebook.com *.facebook.net https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval' * 2 default-src 'self' *.psprint.com psprint.com *.wistia.com *.wistia.net cdn.widerfunnel.com *.lpsnmedia.net *.demdex.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com *.adobedtm.com track.psprint.com *.optimizely.com www.googletagmanager.com *.quantummetric.com *.cdn.optimizely.com *.psprint.com psprint.com www.google.com *.wistia.com *.wistia.net *.psprint-uat.com psprint-uat.com ajax.googleapis.com *.braintreegateway.com www.googleadservices.com sstats.deluxe.com www.google-analytics.com *.hotjar.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net www.shopperapproved.com www.sc.pages04.net shopperapproved.com *.shopperapproved.com static.addtoany.com lptag.liveperson.net www.googleadservices.com www.sc.pages04.net *.dfsfullcolor-uat.com *.lpsnmedia.net va.v.liveperson.net *.safeguardw2p-uat.com cdn.widerfunnel.com *.braintreegateway.com assets.pinterest.com cdn.widerfunnel.com assets.pinterest.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net; img-src 'self' *.psprint.com psprint.com stats.deluxe.com data: *.wistia.com *.wistia.net www.googletagmanager.com ad.doubleclick.net sstats.deluxe.com embedwistia-a.akamaihd.net bat.bing.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net *.google.com www.google.com.ua googleads.g.doubleclick.net shareasale.com www.pages04.net www.shopperapproved.com shopperapproved.com *.shopperapproved.com 52.45.162.79 *.dfsfullcolor.com *.safeguardw2p.com cdn.widerfunnel.com log.pinterest.com *.dfsfullcolor-uat.com api.safeguardw2p-uat.com safeguardw2p-uat.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.lpsnmedia.net *.qualtrics.com *.tt.omtrdc.net *.demdex.net; style-src 'self' 'unsafe-inline' *.psprint.com psprint.com stats.g.doubleclick.net fonts.googleapis.com *.dfsfullcolor.com *.safeguardw2p.com safeguardw2p-uat.com cdn.widerfunnel.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.demdex.net; font-src 'self' data: *.psprint.com psprint.com fonts.gstatic.com cdn.widerfunnel.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.demdex.net; frame-src 'self' www.google.com *.cdn.optimizely.com *.optimizely.com *.wistia.com *.wistia.net bid.g.doubleclick.net *.hotjar.com www.facebook.com *.braintreegateway.com www.emjcd.com cj.dotomi.com static.addtoany.com www.youtube.com www.emjcd.com *.dfsfullcolor.com www.brainshark.com *.lpsnmedia.net va.v.liveperson.net *.safeguardw2p.com cdn.widerfunnel.com assets.pinterest.com *.psprint.com psprint.com listmodulev3.usadata.com sales.liveperson.net va-e.c.liveperson.net lptag.liveperson.net *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net; connect-src 'self' apis.google.com *.quantummetric.com *.optimizely.com track.psprint.com *.psprint.com psprint.com api.ipify.org *.wistia.com *.wistia.net *.cdn.optimizely.com fg8vvsvnieiv3ej16jby.litix.io ws://files.psprint.com wss://files.psprint.com sstats.deluxe.com stats.g.doubleclick.net www.facebook.com in.hotjar.com api.sandbox.braintreegateway.com origin-analytics-sand.sandbox.braintree-api.com embedwistia-a.akamaihd.net *.dfsfullcolor.com *.safeguardw2p.com *.braintreegateway.com stats.addtoany.com www.google-analytics.com safeguardw2p.com *.cdn.optimizely.com *.adobedtm.com www.googletagmanager.com *.qualtrics.com *.tt.omtrdc.net *.demdex.net; object-src 'none' 2 default-src 'self' blob: data: 'unsafe-inline' *.gstatic.com; img-src 'self' blob: data: 'unsafe-inline' *.google-analytics.com stats.g.doubleclick.net ciencia.iscte-iul.pt px.ads.linkedin.com www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.google-analytics.com www.gstatic.com https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com www.facebook.com; object-src 'self'; connect-src 'self' *.google-analytics.com; frame-src 'self' *.google.com *.soundcloud.com www.youtube.com youtu.be https://sketchfab.com player.vimeo.com; 2 img-src data: blob: *; default-src * blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: * 2 img-src * data: blob: 'unsafe-inline';object-src *;frame-src *; 2 default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline' 2 script-src 'self' maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' fonts.googleapis.com 'unsafe-inline'; report-uri /v2/csp-violations/report 2 frame-ancestors https://www.zyxel.com https://communicasia.zyxel.com/ https://bbwf.zyxel.com https://mwc.zyxel.com https://www12.zyxel.com 2 frame-ancestors https://*.isracard.co.il https://*.americanexpress.co.il https://*.netapoz.com 2 frame-ancestors 'self' *.interactivebrokers.com *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.traderstation-international.com; 2 frame-ancestors 'self'; upgrade-insecure-requests; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 2 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 2 frame-ancestors 'self' *.samash.com *.ecofabric.com 2 frame-ancestors 'self' *.psplugin.com 2 default-src *.marxists.org 'self'; script-src *.marxists.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.marxists.org 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/; connect-src 'self' https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 2 default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com 2 frame-ancestors 'self' http://www.valladolid.es https://www.valladolid.es http://www.valladolid.gob.es https://www.valladolid.gob.es 2 default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cai.tools.sap/ https://tagmanager.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/;img-src 'self' 'unsafe-inline' data: https://i.ibb.co/61frh4q/elmuelek.png https://i.imgur.com/ https://cdn.cai.tools.sap/ https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://ssl.gstatic.com/;font-src 'self' https://cdnjs.cloudflare.com/;connect-src 'self' https://api.cai.tools.sap/ https://www.google-analytics.com;frame-src https://www.google.com/recaptcha/ https://www.facebook.com https://staticxx.facebook.com https://docs.google.com/forms/ https://my.matterport.com/show/ https://www.youtube.com/embed/;frame-ancestors 'self'; form-action 'self'; 2 default-src 'self' 'unsafe-inline' web-2-tel.com *.web-2-tel.com *.doubleclick.net *.optnmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.unitedrentals.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unitedrentals.com *.egain.cloud *.analytics-egain.com *.criteo.net 8f2a3f802cdf2859af9e-51128641de34f0801c2bd5e1e5f0dc25.ssl.cf1.rackcdn.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com bat.bing.com *.quantserve.com *.getsitecontrol.com *.facebook.net *.crazyegg.com *.quantcount.com st.getsitecontrol.com *.yimg.com snap.licdn.com sp.analytics.yahoo.com *.addtoany.com *.ads.linkedin.com *.newrelic.com *.pardot.com *.nr-data.net localhost:8443 web-2-tel.com *.web-2-tel.com *.optnmstr.com *.cloudflare.com *.adnxs.com data: *.acquia.com *.appcues.com *.pragmaticcrm.com *.optmstr.com *.bizographics.com *.criteo.com *.linkedin.com *.optmnstr.com *.nr-data.net wvw.unitedrentals.com *.youtube.com *.vimeo.com *.ytimg.com *.opmnstr.com *.cloudfront.net *.jsdelivr.net https://optimize.google.com *.jsdelivr.net *.marchex.io https://d10lpsik1i8c69.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.optnmstr.com *.google.com *.appcues.com *.egain.cloud *.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' data: *.unitedrentals.com bat.bing.com *.optnmstr.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.com *.google.com *.quantserve.com *.gstatic.com *.adnxs.com *.appcues.com *.optmstr.com res.cloudinary.com *.googletagmanager.com *.linkedin.com *.criteo.com s0.2mdn.net *.egain.cloud https://optimize.google.com *.cloudfront.net *.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' *.appcues.com *.appcues.net *.doubleclick.net *.criteo.com *.egain.cloud *.analytics-egain.com *.vimeo.com *.facebook.com *.facebook.net *.youtube.com https://optimize.google.com https://youtube.com; child-src 'self' *.unitedrentals.com *.googletagmanager.com *.optnmstr.com *.doubleclick.net *.analytics-egain.com *.rackcdn.com *.youtube.com *.appcues.com *.vimeo.com *.egain.cloud blob:; font-src 'self' 'unsafe-inline' *.unitedrentals.com https://fonts.gstatic.com *.jsdelivr.net; connect-src 'self' *.appcues.net wss://*.appcues.net web-2-tel.com *.web-2-tel.com *.egain.cloud *.optnmstr.com *.optmstr.com *.gstatic.com localhost:8443 data: *.acquia.com *.appcues.com *.appcues.net *.nr-data.net *.optmnstr.com *.google.com *.optmnstr.com *.google-analytics.com stats.g.doubleclick.net *.opmnstr.com *.luckyorange.net *.googleapis.com *.visitors.live https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com; report-uri /report-csp-violation 2 connect-src consumer.krxd.net https://connect.facebook.net cgchat.callguide.telia.com 'self' pwe.callguide.telia.com *.usabilla.com www.google.com telia.humany.net chat.ace.teliacompany.com www.google-analytics.com stats.g.doubleclick.net www.google.se; default-src 'self'; font-src https://fonts.gstatic.com 'self' data:; frame-src d6tizftlrpuof.cloudfront.net https://optimize.google.com www.telia.se 'self' cdn.krxd.net *.doubleclick.net https://www.facebook.com www.youtube.com youtube.com go.pardot.com; img-src img.youtube.com https://optimize.google.com 'self' https://www.facebook.com stats.g.doubleclick.net www.google.se beacon.krxd.net d6tizftlrpuof.cloudfront.net *.usabilla.com www.haynespro-assets.com www.google.com www.haynespro-services.com gentle-tor-21016.herokuapp.com data: media.krxd.net www.google-analytics.com; report-uri /.api/csp-report/v1/report?teamId=c7285fd5-e64175ae-358eb00b; script-src consumer.krxd.net https://connect.facebook.net 'unsafe-inline' https://optimize.google.com 'self' cdn.krxd.net https://www.facebook.com beacon.krxd.net d6tizftlrpuof.cloudfront.net www.googletagmanager.com core.dch.got.telia.se *.usabilla.com gentle-tor-21016.herokuapp.com media.krxd.net 'unsafe-eval' www.google-analytics.com; style-src 'unsafe-inline' d6tizftlrpuof.cloudfront.net https://optimize.google.com 'self' core.dch.got.telia.se gentle-tor-21016.herokuapp.com media.krxd.net https://fonts.googleapis.com 2 default-src https: 'unsafe-eval' 'unsafe-inline' data: 2 form-action 'self' https://go.pardot.com; 2 default-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com blob: events.bouncex.net; frame-ancestors https://*.aexp.com https://*.americanexpress.com *.ebates.com *.rakuten.com; img-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com data: omn.americanexpress.com https://amexuat1-merchantgeo.cs42.force.com res.cloudinary.com s1.ticketm.net ad2.adfarm1.adition.com ad4.adfarm1.adition.com p.adbrn.com secure.adnxs.com 20743471p.rfihub.com 20795861p.rfihub.com insight.adsrvr.org aax-eu.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com tag.yieldoptimizer.com ads.avocet.io stags.bluekai.com sandbox.dev.clover.com/v2/image/ sslwidget.criteo.com widget.criteo.com www.facebook.com ad.atdmt.com cnt.fout.jp googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net www.googleadservices.com/pagead/conversion/1029721533 www.googleadservices.com/pagead/conversion/979960899 dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ pixel.mathtag.com s1933033461.t.eloqua.com prf.hn farm.plista.com analytics.twitter.com t.co b92.yahoo.co.jp sp.analytics.yahoo.com img.static-bookatable.com *.sevenrooms.com l.betrad.com cdn.cohesionapps.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ct.pinterest.com/v3/ bat.bing.com/action/ *.flashtalking.com https://pt.ispot.tv https://rs.gwallet.com *.cloudfront.net/receipts/assets/ *.cloudfront.net/assets/sqmarket/ api.tiles.mapbox.com/ s.mzstatic.com/email/images_shared/ t.teads.tv afiliacion.net affleads.latamtracking.com events.bouncex.net; script-src 'unsafe-inline' 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js-cdn.dynatrace.com *.bounceexchange.com; style-src 'self' dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com 'unsafe-inline'; frame-src 'self' dstatic.dev.ipc.us.aexp.com https://*.aexp.com https://*.americanexpress.com https://*.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net events.foreseeresults.com controller.4seeresults.com static.foresee.com health.foresee.com survey.foreseeresults.com cdn5.userzoom.com cdn4.userzoom.com s2.userzoom.com secure.opinionlab.com amexuat1-merchantgeo.cs42.force.com *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com *.yodlee.com js.maxmind.com geoip-js.maxmind.com ads.yahoo.com cdn.optimizely.com logx.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com *.amextravel.com apim.expedia.com zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com uscollector.tealeaf.ibmcloud.com *.bf.dynatrace.com *.sundaysky.com auth.exacttargetapis.com mcf8lgnz926zb1d1klt05rckrpxy.rest.marketingcloudapis.com https://*.idfy.io https://*.idfy.no reportaproblem.apple.com/receipts/ squareup.com/receipt/american-express-only/ https://androidpay.google.com https://pay.sandbox.google.com https://www.youtube.com https://www.google.com/recaptcha/ amex.qumucloud.com *.bounceexchange.com; report-uri https://consumer-travel.americanexpress.com/home/report/security/csp-violation; block-all-mixed-content 2 script-src 'self' stats.waterfox.net cdn.commento.io; frame-src 'self' stats.waterfox.net cdn.commento.io; object-src 'self' 2 frame-ancestors smartoffice.gdc.coop *.aiyellow.com 2 frame-ancestors 'self' blaetterkatalog.musicstore.de ; 2 default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' vietcombank.com.vn *.vietcombank.com.vn *.google-analytics.com *.verisign.com *.norton.com; style-src 'self' 'unsafe-inline' vietcombank.com.vn *.vietcombank.com.vn; img-src * 'self' data: vietcombank.com.vn *.vietcombank.com.vn *.google-analytics.com stats.g.doubleclick.net www.gstatic.com *.verisign.com *.norton.com *.longtailvideo.com; font-src 'self' data: vietcombank.com.vn *.vietcombank.com.vn; connect-src 'self' vietcombank.com.vn *.vietcombank.com.vn; frame-src 'self' gsa://onpageload; form-action *; report-uri /CspReport.ashx 2 default-src 'self' data: *.webasto.com webasto-comfort.com *.webasto-comfort.com *.aticdn.net *.msecnd.net *.xiti.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.clickdimensions.com *.formsite.com *.firebot.io *.galacticweb.net wss://firebot.galacticweb.net *.bootstrapcdn.com *.randomuser.me randomuser.me *.netrk.net s3-eu-west-1.amazonaws.com; style-src 'unsafe-inline' 'self' *.webasto.com *.aticdn.net *.msecnd.net *.xiti.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.clickdimensions.com *.formsite.com *.firebot.io *.galacticweb.net *.bootstrapcdn.com *.randomuser.me *.netrk.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.webasto.com *.aticdn.net *.msecnd.net *.xiti.com *.googleapis.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.clickdimensions.com *.formsite.com *.firebot.io firebot.io *.galacticweb.net *.bootstrapcdn.com *.randomuser.me randomuser.me *.netrk.net 2 default-src 'self' https: http: *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.tweddle.com *.chryslerbrochures.com *.fcacert.com *.youtube.com *.ytimg.com externalservices.mopar.com *.2o7.net data: *.gstatic.com *.googleapis.com *.mopar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bluekai.com *.bkrtx.com *.facebook.net *.ads-twitter.com analytics.twitter.com *.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com *.netmng.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.apcisg.com *.nextgen-technology.net *.fcacert.com www.google-analytics.com *.googleapis.com *.ytimg.com *.youtube.com dpm.demdex.net assets.adobedtm.com tt.mbww.com *.salesforceliveagent.com *.chryslerbrochures.com; connect-src 'self' *.akstat.io *.fcacert.com www.chrysler.com *.dodge.com *.ramtrucks.com *.fiat.com *.jeep.com com-fcagroup.netmng.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.googleapis.com dpm.demdex.net externalservices.mopar.com; style-src 'self' 'unsafe-inline'; 2 script-src https: http: 'unsafe-eval' 'unsafe-inline'; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 2 frame-ancestors 'self' keycontentservice.com *.tescodev.com *.facebook.com tesco.hu itesco.cz tesco.sk tesco.pl 2 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.utconf.ru *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today mc.yandex.ru *.googleapis.com www.google-analytics.com *.facebook.net *.facebook.com stats.g.doubleclick.net www.googletagmanager.com *.gstatic.com vk.com www.google.com px.adhigh.net; 2 frame-ancestors www.newwavecom.com 2 img-src *; 2 frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 2 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ipinfo.io maps.googleapis.com www.youtube.com tags.tiqcdn.com www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net *.leadlab.click *.doubleclick.net *.linkedin.com s.ytimg.com *.wbtrk.net s.stry.tl; connect-src 'self' www.salesviewer.com salesviewer.org *.leadlab.click my.tealiumiq.com dmcpartnersand.demdex.net; img-src 'self' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.google.com www.google.pt www.google.de *.doubleclick.net www.facebook.com ronet01.wt-eu02.net tags.tiqcdn.com http://tags.tiqcdn.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com stats.g.doubleclick.net www.google.com e.stry.tl; font-src 'self' data: fonts.gstatic.com; child-src www.youtube.com connect.facebook.net e.issuu.com issuu.com edit.storytile.net e.stry.tl *.vimeo.com vimeo.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 2 frame-ancestors 'self' ' *.ampproject.org .zdbb.net 2 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 frame-ancestors 'self' *.eur.nl 2 default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.esmeralda-voyance.com; 2 default-src http://*.1-day.co.nz data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src https: wss://*.zopim.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.utsouthwestern.edu https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; connect-src 'self' *.utsouthwestern.edu *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j73&tid=UA-26088679-2&cid=63721755.1556120185&jid=1696534874&gjid=798484853&_gid=1792316821.1557158687&_u=QCCAgAABAAAAAE~&z=1682155712 https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.utsouthwestern.edu *.hotjar.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu 2 frame-ancestors d.pr 2 default-src * 'self' data: 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.icontact.com icontact.com *.addthisedge.com cdn.syndication.twimg.com *.addthis.com platform.twitter.com geolocation.onetrust.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com cdn.cookielaw.org nas.edu www.nas.edu *.nas.edu *.nationalacademies.org; object-src 'self' 'unsafe-eval' *.gstatic.com *.icontact.com icontact.com cdn.syndication.twimg.com *.addthisedge.com *.addthis.com platform.twitter.com *.googleaps.com geolocation.onetrust.com *.googletagmanager.com *.google.com cdn.cookielaw.org nas.edu www.nas.edu *.nas.edu *.nationalacademies.org 2 default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' platform.twitter.com cdn.syndication.twimg.com cdn.tagcommander.com www.google-analytics.com connect.facebook.net t23.intelliad.de www.youtube.com s.ytimg.com track.adform.net server.adform.net www.google.com www.gstatic.com maps.googleapis.com optimize.google.com api.instagram.com; style-src 'self' 'unsafe-inline' platform.twitter.com ton.twimg.com fonts.googleapis.com; img-src data: 'self' 'unsafe-inline' platform.twitter.com *.twimg.com *.yellowmaps.eu map.iib-institut.de syndication.twitter.com www.google-analytics.com sparkassenfinanzportalgmbh.d3.sc.omtrdc.net www.facebook.com maps.gstatic.com maps.googleapis.com manager.tagcommander.com manager.commander1.com antworten.sparkasse.de privacy.commander1.com img.youtube.com t23.intelliad.de scontent.cdninstagram.com engage.commander1.com; media-src api.sparkassen-mediacenter.de youtu.be sparkasse-a.akamaihd.net contentangebote.sparkassen-finanzportal.de cdn.plyr.io detektor.fm www.youtube.com; frame-src track.adform.net server.adform.net compass.pressekompass.net platform.twitter.com syndication.twitter.com *.kameleoon.eu www.google.com www.youtube.com; font-src webfonts.sparkasse.de fonts.gstatic.com; connect-src 'self' www.google-analytics.com cdn.plyr.io proxy-immobilien.sparkasse.de *.kameleoon.com *.yellowmap.de contentangebote.sparkasse.de; object-src 'self'; manifest-src 'self'; 2 default-src https: http://localhost; script-src https: http://localhost *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; font-src https: http://localhost data:; style-src https: http://localhost 'unsafe-inline' data:; img-src https: http://localhost *.google-analytics.com data:; 2 base-uri ; 2 frame-src 'self' 2 default-src 'self' *.utraff.com https://tr.kinopoisk.ru https://*.cdn.yandex.net adfill.me *.stickyadstv.com *.streamrail.com; connect-src 'self' https://fa33659dfaa14021835f.com/ vidroll.ru kinoaction.ru mail.ru 3647.tech *.utraff.com *.3647.tech *.getaim.info *.yandex.ru apptoday.ru *.admixer.net out.pladform.ru adserver.otm-r.com ads.adfox.ru *.kinoclub77.ru moevideo.biz *.adlook.me kodikapi.com vidozzz.com stat.moevideo.net threedrive.su m-shes.ru loadercdn.com admachina.com *.klcheck.com *.zmctrack.net boostervideo.ru *.piguiqproxy.com *.amgload.net *.smcheck.org *.rcdn.pro trustjs.net https://ad.adriver.ru aj1433.online *.bannersvideo.com vidsummer.com greeentea.ru novbrom.com boogieiwoogie.ru https://ytimgg.com/ level1cdn.com *.adhigh.net vidalak.com *.mediawayss.com *.betweendigital.com *.doubleclick.net *.googlesyndication.com https://fseed.ru/ wss://wsp.marketgid.com/ws wss://bgrndi.com:8041/ wss://et-code.ru:7443 *.cdn.yandex.net *.yandex.ua https://mc.yandex.ru/ http://*.onedmp.com https://xdgeph.ru/ d38dub.ru csp-oz66pp.ru; style-src 'self' 'unsafe-inline' *; frame-src 'self' data: *.youtube.com *.webmoney.ru *.googleapis.com *.google.com *.doubleclick.net *.kinotreiler.com pirateplayer.com duvideo.net blob: vidroll.ru vak345.com trailermarket.ru infomovie.ru mirtrailer.ru superfilms.ru *.bannersvideo.com *.advertserve.com serving.adbetclickin.pink bannersvideo.com *.braun634.com *.braun634.com *.adlook.me utraff.com vk.com login.vk.com kodik.info hdrise.com hdlizor.com hdgo.top hdsrch.com vidozzz.com; img-src * data: blob:; object-src 'self' data: *.adlook.me; media-src * data:; font-src 'self' data: https://fonts.gstatic.com https://cdn.mirs.com https://cdn.adskeeper.co.uk/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com *.googlesyndication.com https://mc.yandex.ru https://mc.yandex.ru https://ajax.googleapis.com https://ajax.googleapis.com *.google.com.ua *.google.com *.google.ae *.googletagservices.com *.googleapis.com *.youtube.com an.yandex.ru *.kinotreiler.com vidalak.com apicaller.ru level1cdn.com www.gstatic.com https://yandex.st https://clck.yandex.ru kodik.cc hdrise.com hdlizor.com kodik.info *.hdgo.top hdgo.top hdbaza.com hdsrch.com vidroll.ru vak345.com *.adlook.me octoclick.net serving.adbetclickin.pink *.bannersvideo.com json.bannersvideo.com adbetnet.advertserve.com *.braun634.com *.rocks *.republer.com utarget.ru pbcde.com threedrive.su *.google.md vk.com yastatic.net sombersquirrel.com cdn.ckeditor.com 2 default-src https: 'self' blob:; media-src https: data: blob:; font-src https: data:; img-src https: 'self' 'unsafe-inline' data: about:; style-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors https://*.voyancegratuites.fr; 2 child-src 'self' blob: https://*.tagcommander.com *.tagcommander.com *.overkiz.com *.somfy.com *.somfysystems.pl e.issuu.com projects.perfoweb.fr www.tahomalink.com www.tahomalink.com boutique.somfy.fr www.youtube.com iadvize.com lc.iadvize.com www.googletagmanager.com static.addtoany.com client.alwaysupport.com *.doubleclick.net static.olark.com 212.203.79.55 somfykorea.linux.gabiauser.com shop.somfy.de shop.somfy.es shop.somfy.it easyshop.somfypro.fr tv.connexoon.de tvaktion.connexoon.de tv-at.connexoon.de *.addthis.com *.disqus.com disqus.com www.google.com webdev.abastra.com kartor.eniro.se http://kartor.eniro.se www.somfy-smart.de api.soundcloud.com w.soundcloud.com www.lespetitespierres.org https://giphy.com/upload https://hearthis.at/ https://soundcloud.com/ https://www.youtube.com/ https://www.lespetitespierres.org/ *.rlets.com https://giphy.com/ https://www.franceinter.fr/ *.zohopublic.com *.smartrecruiters.com https://subscriptions.smartrecruiters.com/ marketing.net.elogia.net www.facebook.com https://www.facebook.com https://www.youtube-nocookie.com/ www.123formbuilder.com https://c.imedia.cz/ player.ina.fr https://*.hotjar.com https://*.tfaforms.net *.tfaforms.net 2 frame-ancestors https://*.x-cart.com 2 frame-ancestors 'self' cdn.blueconic.net latt.blueconic.net 2 frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2 default-src https: data: wss://*.hotjar.com ; script-src 'unsafe-eval' 'self' https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src https: data:;media-src https: data: blob: mediastream: 2 base-uri 'none'; connect-src 'self' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbc.com https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://*.vee24.com https://dpm.demdex.net https://www.facebook.com wss://*.vee24.com; default-src 'none'; font-src 'self' data: https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://fonts.googleapis.com https://fonts.gstatic.com https://static.vee24.com; frame-ancestors 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbcgroup.eu https://*.vee24.com https://kbcgroup.experiencecloud.adobe.com https://kbcgroup.marketing.adobe.com; frame-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.omniture.com https://*.vee24.com https://assets.adobedtm.com https://kbcgroup.demdex.net https://uat.serversidegraphics.com https://uk.personalcard.net https://www.google.com/recaptcha/ https://www.youtube-nocookie.com https://*.instagram.com; img-src 'self' data: https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.doubleclick.net https://*.facebook.com https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://action.metaffiliation.com https://*.instagram.com https://scontent.cdninstagram.com https://cbc.azureedge.net https://cm.everesttech.net https://csi.gstatic.com https://dc.ads.linkedin.com https://dpm.demdex.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://maps.googleapis.com https://maps.gstatic.com https://mba.azureedge.net https://mbj.azureedge.net https://pixel.everesttech.net https://secure.adnxs.com https://static.vee24.com https://t.co https://touch.azureedge.net https://www.google.be https://www.google.com https://www.googleadservices.com; media-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cbc.azureedge.net https://edash.azureedge.net https://invest.azureedge.net https://kbc.azureedge.net https://mba.azureedge.net https://mbj.azureedge.net https://touch.azureedge.net; object-src 'self' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be; script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://*.cbc.be https://*.clicktale.com https://*.clicktale.net https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://*.omtrdc.net https://adhese.mediahuis.be https://analytics.twitter.com https://*.instagram.com https://scontent.cdninstagram.com https://assets.adobedtm.com https://connect.facebook.net https://dpm.demdex.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://pixel.everesttech.net https://platform.twitter.com https://s.ytimg.com https://secure.adnxs.com https://snap.licdn.com https://static.ads-twitter.com https://static.vee24.com https://web.vee24.com https://www.everestjs.net https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube-nocookie.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.cbc.be https://*.kbc.be https://*.kbcbrussels.be https://*.kbceconomics.be https://*.kbceconomics.com https://*.kbclease.lu https://*.kching.be https://cdn.tt.omtrdc.net https://fonts.googleapis.com https://static.vee24.com; 2 default-src 'none'; object-src 'self'; media-src blob: https://*.hirslanden.ch https://*.wistia.com https://*.readspeaker.com https://*.medicosearch.ch https://tagboard.com https://*.tagboard.com; font-src 'self' data: https://*.medicosearch.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.doctena.ch https://*.createsend.com https://*.medicosearch.ch https://*.google.ch https://browser-update.org https://www.puls-berufe.ch https://*.gstatic.com https://*.google.com https://*.sprechzimmer.ch https://*.wistia.com https://fast.wistia.net https://src.litix.io https://s.ytimg.com https://www.youtube.com https://tagboard.com https://*.tagboard.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.twitter.com https://ton.twimg.com https://cdn.syndication.twimg.com https://csi.gstatic.com; connect-src 'self' https://blog.hirslanden.ch https://*.wistia.com https://*.litix.io https://*.akamaihd.net https://www.google-analytics.com https://s7.addthis.com https://m.addthis.com https://*.tagboard.com https://tagboard.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://*.medicosearch.ch https://*.sprechzimmer.ch https://*.twitter.com https://ton.twimg.com https://www-prod.hirslanden.ch https://*.tagboard.com https://tagboard.com; frame-src 'self' https://*.createsend.com https://*.google.com https://*.google.ch https://*.doctena.com https://fast.wistia.com https://s7.addthis.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com https://www.youtube.com https://*.sprechzimmer.ch https://www.med-congress.ch https://*.datahouse.ch/ https://*.detailnet.ch https://www2.hirslanden.ch https://vr.zaak.ch https://*.twitter.com https://ton.twimg.com https://staticxx.facebook.com https://www.facebook.com https://tourmake.it https://tools.eurolandir.com https://twitter.com https://www.facebook.com; child-src 'self' blob: https://staticxx.facebook.com https://fast.wistia.com https://s7.addthis.com https://*.twitter.com https://ton.twimg.com https://*.readspeaker.com https://*.tagboard.com https://tagboard.com 2 frame-ancestors https://www.bharatpetroleum.com https://*.bpcl.in 2 default-src 'self' https://derpicdn.net; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://derpicdn.net https://camo.derpicdn.net; block-all-mixed-content 2 frame-ancestors 'self' aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: 2 default-src 'none'; img-src 'self' https://fedoramagazine.org; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src https://fedoramagazine.org https://builds.coreos.fedoraproject.org; 2 default-src 'self'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' *.google-analytics.com *.nzbvortex.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' *.google.com; object-src 'none'; frame-ancestors 'self' 2 default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 2 frame-ancestors 'self' http://quintiles.lookbookhq.com https://quintiles.lookbookhq.com https://lookbook.solutions.iqvia.com http://lookbook.solutions.iqvia.com 2 default-src https: data: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.facebook.com; 2 default-src http: https: data: blob: mediastream: wss:; script-src http: https: data: blob: mediastream: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: blob: mediastream: 'unsafe-inline'; 2 frame-ancestors market.forte.kz goislamic.kz my.fortebank.com forte.bank 2 frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com; 2 Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.pioneerelectronics.com embedded.pricespider.com embeddedcloud.pricespider.com youtube.com www.google.com ajax.googleapis.com; 2 default-src 'self'; connect-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; font-src * data: filesystem:; frame-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; img-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; media-src * data: filesystem: 'unsafe-inline' 'unsafe-eval'; object-src * data: filesystem: blob: 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de; 2 default-src 'self' www.kayak.co.uk www.kayak.es www.kayak.fr www.kayak.it www.kayak.de www.swoodoo.com *.googleadservices.com stats.g.doubleclick.net *.clicktripz.com *.google.com *.twitter.com www.hotelopia.com www.hotelopia.es www.google-analytics.com *.redintelligence.net *.optimizely.com *.tripadvisor.com smct.co *.smct.co *.affilired.com *.hotelcdn.com prf.hn *.doubleclick.net www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn4.hotelopia.com publicws.hotelopia.com *.google.com *.googleapis.com *.google.com/jsapi tags.tiqcdn.com *.google-analytics.com tealium.hs.llnwd.net *.clicktripz.com *.ekomi.de js.logentries.com *.hotelbeds.com *.twitter.com *.gstatic.com smct.co *.optimizely.com www.hotelopia.com www.hotelopia.es *.getclicky.com *.smct.co *.affilired.com emjcd.com www.kayak.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net *.lenmit.com *.asbmit.com *.cooladata.com connect.facebook.net tpc.googlesyndication.com d3c3cq33003psk.cloudfront.net *.amazonaws.com/opentag/ *.amazonaws.com/opentag-dev/; img-src 'self' data: *.hotelbeds.com publicws.hotelopia.com *.tripadvisor.com cdn4.hotelopia.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com/ads *.google.es/ads csi.gstatic.com maps.gstatic.com maps.googleapis.com *.ekomi.de *.clicktripz.com *.activitiesbank.com *.twitter.com *.googleapis.com *.trivago.com smct.co evo.cdnstc.com *.smct.co *.tradedoubler.com *.hotelcdn.com emjcd.com *.skyscnr.com prf.hn www.kayak.com *.affilired.com *.cooladata.com www.facebook.com *.google.es *.emjcd.com cj.dotomi.com *.tradetracker.net shareasale.com lamp.glopss.com www.dwin1.com www.zenaps.com www.awin1.com; style-src 'self' 'unsafe-inline' cdn4.hotelopia.com fonts.googleapis.com *.bootstrapcdn.com smct.co *.smct.co *.affilired.com emjcd.com; media-src 'self' *.cdn4.hotelopia.com *.smct.co smct.co *.affilired.com www.kayak.com; font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.hotelbeds.com *.smct.co smct.co *.amazonaws.com/opentag-dev/; connect-src 'self' *.clicktripz.com js.logentries.com *.hotelbeds.com *.twitter.com *.optimizely.com www.google-analytics.com *.tealiumiq.com *.smct.co smct.co *.doubleclick.net *.qubit.com 2 base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:; report-uri webman/csp_report.cgi; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 2 frame-ancestors 'self' psa.digitalinsight.com; 2 default-src 'self';script-src 'self' nonce-guXj7w7oWwUuGz/RZw2vXUoxt7E 'unsafe-inline' 'unsafe-eval' recreativ.com *.recreativ.com recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com https://browser.sentry-cdn.com;frame-src 'self' recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.doubleclick.net *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com https://www.google.lv;img-src 'self' recreativ.com *.recreativ.com recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru data: blob: https://via.placeholder.com/200x200 *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;font-src 'self' data: recreativ.com *.recreativ.com recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;style-src 'self' 'unsafe-inline' recreativ.com *.recreativ.com recreativ.com *.recreativ.com recreativ.ru *.recreativ.ru *.facebook.net *.facebook.com *.google.com.ua *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com;report-uri //recreativ.com/csp_report.php; 2 frame-ancestors www.globalblue.com www.globalblue.cn www.globalblue.ru secure.globalblue.com 2 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.world4you.com *.world4you.at *.w4y.at *.hostingprovider.at wss://www.world4you.com *.google-analytics.com *.doubleclick.net *.g.doubleclick.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com track.adform.net c1.adform.net server.seadform.net *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cd *.google.cf *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zw *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tm *.google.tn *.google.tt *.spreadshirt.de *.spreadshirt.at *.spreadshirt.net https://*.youtube.com s.ytimg.com;report-uri /redx/ext/contentsecuritypolicy/report.php; 2 default-src 'self'; child-src 'self' *.wistia.com *.wistia.net *.addthis.com *.marketo.com *.marketo.net *.facebook.com *.doubleclick.net *.driftt.com *.olark.com *.hotjar.com; script-src 'self' *.acuityscheduling.com *.ads-twitter.com *.callrail.com *.snapapp.com *.hirebridge.com *.hrjobcenter.com *.g2crowd.com *.capterra.com *.truste.com *.trustarc.com *.hushly.com *.reachforce.com *.addthisedge.com tagmanager.google.com *.wistia.com *.wistia.net *.amazonaws.com *.marketo.com *.marketo.net *.cloudfront.net *.twitter.com *.twimg.com *.terminus.services *.doubleclick.net *.olark.com *.stackadapt.com *.driftt.com *.googleadservices.com *.crazyegg.com *.facebook.net *.hotjar.com *.bing.com *.addthis.com *.googletagmanager.com *.optnmstr.com *.optimizely.com *.google-analytics.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' data: *.acuityscheduling.com *.truste.com *.trustarc.com *.hushly.com tagmanager.google.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.cloudfront.net *.googleapis.com *.twitter.com *.twimg.com *.olark.com 'unsafe-inline'; img-src 'self' data: t.co *.capterra.com *.g2.com *.opmnstr.com hushly.s3.amazonaws.com *.hushly.com driftt.imgix.net *.g2crowd.com *.gstatic.com *.pubmatic.com *.twitter.com *.twimg.com *.stickyadstv.com *.lkqd.net *.smartadserver.com *.districtm.io *.deployads.com *.liadm.com *.outbrain.com *.rubiconproject.com *.googletagmanager.com *.advertising.com *.taboola.com *.akamaihd.net *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.optmnstr.com *.terminus.services *.cloudfront.net *.stackadapt.com *.bing.com *.google.com *.digitru.st *.ml-api.io *.doubleclick.net *.bidswitch.net *.adnxs.com *.facebook.com *.olark.com *.google-analytics.com *.truste.com *.trustarc.com *.optimizely.com; object-src 'self'; font-src 'self' *.hushly.com *.cloudfront.net *.amazonaws.com *.googleapis.com *.gstatic.com *.optimizely.com data:; form-action 'self' *.twitter.com *.facebook.com; base-uri 'self'; connect-src 'self' *.callrail.com *.snapapp.com *.mstrlytcs.com *.opmnstr.com *.hotjar.io *.truste.com *.trustarc.com *.hushly.com *.addthis.com *.wistia.com *.litix.io *.hotjar.com *.facebook.com *.doubleclick.net *.optimizely.com *.olark.com *.stackadapt.com *.optmnstr.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com *.akamaihd.net wss: data:; frame-src 'self' *.acuityscheduling.com *.snapapp.com *.g2.com *.google.com *.truste.com *.trustarc.com *.doubleclick.net *.addthis.com *.hotjar.com *.driftt.com *.olark.com *.wistia.com *.wistia.net *.marketo.com *.marketo.net *.twitter.com *.facebook.com *.youtube.com; frame-ancestors 'self'; media-src 'self' blob: data: *.cloudfront.net *.optimizely.com *.akamaihd.net *.wistia.com *.wistia.net *.olark.com; worker-src 'self' blob: *.wistia.com *.addthis.com *.facebook.com *.doubleclick.net *.driftt.com *.olark.com *.hotjar.com *.marketo.com; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2 frame-ancestors https://*.hearstmags.com:* https://*.condenastdigital.com:* https://staging.readystate.com:* https://airbnbmag.com:* https://hgtvcashsweepstakes.com:* http://hgtvcashsweepstakes.com:* https://*.believemagmedia.com:* http://*.believemagmedia.com:* http://devaws:* http://devawsconde:* http://*.seventeen.com:* https://*.seventeen.com:* http://*.cosmopolitan.com:* https://*.cosmopolitan.com:* http://*.countryliving.com:* https://*.countryliving.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.goodhousekeeping.com:* https://*.goodhousekeeping.com:* http://*.harpersbazaar.com:* https://*.harpersbazaar.com:* http://*.housebeautiful.com:* https://*.housebeautiful.com:* http://*.marieclaire.com:* https://*.marieclaire.com:* http://*.oprah.com:* https://*.oprah.com:* http://*.popularmechanics.com:* https://*.popularmechanics.com:* http://*.redbookmag.com:* https://*.redbookmag.com:* http://*.townandcountrymag.com:* https://*.townandcountrymag.com:* http://*.veranda.com:* https://*.veranda.com:* http://*.delish.com:* https://*.delish.com:* http://*.foodnetwork.com:* https://*.foodnetwork.com:* http://*.hgtvmagazine.com:* https://*.hgtvmagazine.com:* http://*.elledecor.com:* https://*.elledecor.com:* http://*.caranddriver.com:* https://*.caranddriver.com:* http://*.elle.com:* https://*.elle.com:* http://*.womansday.com:* https://*.womansday.com:* http://*.roadandtrack.com:* https://*.roadandtrack.com:* http://*.esquire.com:* https://*.esquire.com:* http://*.doctorozmag.com:* https://*.doctorozmag.com:* http://*.airbnbmag.com:* https://*.airbnbmag.com:* http://*.thepioneerwomanmagazine.com:* https://*.thepioneerwomanmagazine.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.womenshealthmag.com:* https://*.womenshealthmag.com:* http://*.menshealth.com:* https://*.menshealth.com:* http://*.bicycling.com:* https://*.bicycling.com:* http://*.runnersworld.com:* https://*.runnersworld.com:* http://*.prevention.com:* https://*.prevention.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* http://*.rodalebookazines.com:* https://*.rodalebookazines.com:* http://*.hearstproducts.com:* https://*.hearstproducts.com:* 2 frame-ancestors 'self' www.riverbed.com *.riverbed.com *.lookbookhq.com *.pathfactory.com pf.riverbed.com riverbed.lookbookhq.com 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com *.google-analytics.com https://*.mookie1.com http://ib.adnxs.com https://secure.adnxs.com www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://in.taskanalytics.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' * data:;frame-src 'self' *.youtube.com *.vimeo.com *.morningstar.com *.portalbank.no https://id.eika.no https://www.googletagmanager.com https://ir.asp.manamind.com https://ext.mnm.as https://connect.facebook.net *.doubleclick.net https://*.google.se https://*.google.no https://*.google.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com/tr/;report-uri /WebResource.axd?cspReport=true 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: dodopizza.io *.dodopizza.io dodopizza.com *.dodopizza.com dodopizza.ru *.dodopizza.ru msecnd.net *.msecnd.net visualstudio.com *.visualstudio.com windows.net *.windows.net ivideon.com *.ivideon.com extcam.com *.extcam.com dodois.com *.dodois.com dodopizzaru-a.akamaihd.net dodopizza-a.akamaihd.net dodopizzadev-a.akamaihd.net mindbox.ru *.mindbox.ru facebook.com *.facebook.com facebook.net *.facebook.net google.com *.google.com google.ru *.google.ru googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com https://stats.g.doubleclick.net yandex.ru *.yandex.ru dodopizza.kz *.dodopizza.kz dodopizza.co.uk *.dodopizza.co.uk dodopizza.uz *.dodopizza.uz dodopizza.by *.dodopizza.by dodopizza.ro *.dodopizza.ro dodopizza.ee *.dodopizza.ee dodopizza.lt *.dodopizza.lt dodopizza.kg *.dodopizza.kg dodopizza.si *.dodopizza.si https://vk.com/ https://login.vk.com https://downloads.mailchimp.com 2 default-src 'self' www.google-analytics.com; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' www.epic.com www-dev.epic.com data: www.google-analytics.com; frame-src 'self' https://www.youtube.com 2 frame-ancestors 'self' *.ubt.com ubt-beta.wealthcareportal.com ubt.wealthcareportal.com; 2 frame-ancestors https://www.crashplan.com https://www.code42.com https://store.code42.com; 2 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' bp.webhost1.ru api-maps.yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com www.google.com www.gstatic.com connect.facebook.net www.googletagmanager.com tagmanager.google.com *.jivosite.com webhost1.bitrix24.ru *.roistat.com; frame-ancestors 'self' blob: http://webvisor.com https://webvisor.com 2 default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 2 style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' *.classcreator.com *.classconnection.com *.facebook.net *.facebook.com 2 block-all-mixed-content; upgrade-insecure-requests 2 default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval' 2 base-uri 'self'; script-src * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://maxcdn.bootstrapcdn.com/ https://www.gstatic.com/ https://fonts.googleapis.com/ https://tagmanager.google.com/ https://wchat.freshchat.com/; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ data: https://www.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://www.youtube.com/ https://www.gstatic.com/ https://www.google.com https://api.razorpay.com/ https://www.googletagmanager.com/ https://wchat.freshchat.com/ https://165831428292838.webpush.freshchat.com/ https://bid.g.doubleclick.net/ https://my.matterport.com/ https://www.facebook.com; connect-src 'self' https://api.github.com/ https://maps.googleapis.com/ https://stageapi.zolostays.com/ https://testapi.livezelo.com/ https://prodapi.livezelo.com/ https://www.gstatic.com/ https://sentry.io/ https://sokt.io/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ http://rum-static.pingdom.net/ https://a.quora.com/ http://rum-collector-2.pingdom.net/ https://lumberjack.razorpay.com https://api.razorpay.com/ https://o2.mouseflow.com/ https://security.livezelo.com/ https://flash.zolostays.com/playzelo/ https://zolostays.report-uri.com https://cas.avalon.perfdrive.com/; img-src 'self' https: data: https://www.gstatic.com/ https://ssl.gstatic.com/ http://rum-collector-2.pingdom.net/ http://maps.google.com *.googleusercontent.com; object-src 'self'; worker-src 'self'; report-uri /csp-log 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 2 frame-ancestors 'self' corelogic.com.au *.corelogic.com.au elev.io *.elev.io 2 default-src 'none'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net; connect-src https: wss: 'self' www.gov.uk yoast.com *.hotjar.com; img-src https: 'self' data: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com; style-src https: 'self' 'unsafe-inline' djtflbt20bdde.cloudfront.net fonts.googleapis.com; frame-src https: 'self' www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com; font-src https: 'self' data: fonts.gstatic.com; media-src https: 'self' media.nominet.uk; frame-ancestors 'self'; base-uri 'self' *.helpscout.net; form-action 'self' *.theukdomain.uk forms.hsforms.com; object-src 'self' *.cloudfront.net; manifest-src 'self'; 2 frame-ancestors bmr.gov.ua *.bmr.gov.ua berdyansk.travel 2 default-src 'self'; connect-src https:; font-src 'self' data: https:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https: blob:; object-src https:; style-src 'unsafe-inline' https:; worker-src blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://forums.crateentertainment.com https://connect.facebook.net https://*.syndication.twimg.com https://*.twitter.com https://ssl.google-analytics.com https://assets.zendesk.com; img-src 'self' data: https://*.giphy.com https://*.tenor.com https://*.tinypic.com https://*.epvpimg.com https://*.gyazo.com https://*.imgur.com https://imgur.com https://static-cdn.jtvnw.net https://www.grimdawn.com https://*.twimg.com https://*.twitter.com https://*.syndication.twimg.com https://secure.gravatar.com https://ssl.google-analytics.com https://*.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data: https://themes.googleusercontent.com; frame-src https://*.twitch.tv https://*.soundcloud.com https://forums.crateentertainment.com https://www.grimdawn.com https://www.crateentertainment.com https://bandcamp.com https://assets.zendesk.com https://*.facebook.com https://tautt.zendesk.com https://www.youtube.com https://www.humblebundle.com https://*.twitter.com; object-src 'none' 2 default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 2 frame-ancestors 'self' *.google.de *.google.ch *.google.at *.google.nl *.google.cz *.google.sk *.google.com *.google.se *.optimizely.com 2 frame-ancestors 'self' libertystreeteconomics.newyorkfed.org; 2 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';style-src https: 'unsafe-inline';font-src https: data:;img-src https: data: 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; 2 default-src * 'unsafe-inline' 'unsafe-eval' 'self' app.optimizely.com *.hawksearch.com *.hawksearch.net *.americaneagle.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' blob: data: * 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.verticalscreen.com https://maps.googleapis.com https://*.newrelic.com https://pi.pardot.com https://ssl.google-analytics.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com; connect-src 'self' https://*.verticalscreen.com; font-src https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://*.googleapis.com https://ssl.google-analytics.com 2 default-src 'self' *.transunion.com *.transunion.co.za *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com *.passage.ai wss://tars-prod.passage.ai; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net app.trustev.com pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com *.passage.ai blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.comi *.passage.ai wss://tars-prod.passage.ai; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com fonts.gstatic.com *.transunion.co.za api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 2 frame-ancestors 'self' https://sdesk.adeo.pro/ https://adeo.pro/ https://adeopro.ru 2 frame-ancestors https://*.scif.com:* https://*.statefundca.com:* 2 frame-ancestors 'self' planar.com *.planar.com leyard.com *.leyard.com; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net; img-src https: data:; media-src https: blob:; worker-src blob: 2 frame-ancestors 'self' https://content-app.com; 2 worker-src 'self' blob:; media-src 'self' blob: https:; default-src 'self' data: https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https: 2 frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; media-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src https: employment.qualtrics.com siteintercept.qualtrics.com g.jwpsrv.com www.youtube.com; frame-ancestors 'self' www.jobs.gov.au www.employment.gov.au; child-src https: blob: 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com publish.viostream.com themes.googleusercontent.com; report-uri /admin/config/system/seckit/csp-report 2 default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline' https://static.ads-twitter.com https://analytics.twitter.com https://*.albacross.com https://*.quora.com https://*.googleadservices.com https://*.hs-analytics.net https://snap.licdn.com https://*.hscollectedforms.net https://*.ampproject.org https://*.hs-scripts.com https://*.onthe.io/ https://*.facebook.net/ https://*.google-analytics.com/ https://*.intercom.io/ https://*.intercomcdn.com/; style-src 'self' 'unsafe-inline' https://*.onthe.io/ https://iotechnologies.com/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://js.intercomcdn.com; connect-src 'self' https://*.albacross.com https://*.hubspot.com https://*.doubleclick.net https://*.onthe.io/ https://news.c8.net.ua/ https://ws.onthe.io/ https://api-iam.intercom.io/ https://*.intercom.io/ wss://*.intercom.io/ https://www.google-analytics.com; frame-src 'self' https://*.onthe.io https://www.youtube.com/; media-src 'self' https://*.onthe.io https://*.iotechnologies.com https://*.dropboxusercontent.com/ https://*.dropbox.com/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.twitter.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.countingdownto.com *.livehelpnow.net *.xbselect.com zz.connextra.com s.btstatic.com s.thebrighttag.com wss:; img-src * data:; font-src *; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob: 2 frame-ancestors 'self' https://*.backstreetmerch.com https://*.livenationmerch.com https://www.joestrummer.com https://eustore.rogerwaters.com https://www.trailerparkboysmerch.com https://store.niallhoran.com https://shop.thebodycoach.com https://merchandise.footballmanager.com https://shop.little-mix.com https://shop.shanefilan.com https://merch.bulletformyvalentine.com https://merch.raksu-official.com 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: 2 default-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:; script-src 'self' https://www.googletagmanager.com https://maps.googleapis.com https://developers.google.com https://www.googleadservices.com https://cdn.optimizely.com https://www.youtube.com https://platform.linkedin.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://js.adsrvr.org https://rum-static.pingdom.net https://googleads.g.doubleclick.net https://static.ads-twitter.com https://analytics.twitter.com https://snap.licdn.com https://sjs.bizographics.com https://px.ads.linkedin.com https://jobadder.com https://apps.jobadder.com https://s.ytimg.com https://calculators.infochoice.com.au https://www.linkedin.com https://tagmanager.google.com https://*.addthis.com https://*.addthisedge.com https://use.typekit.net data: 'unsafe-inline' 'unsafe-eval'; connect-src *; upgrade-insecure-requests; 2 connect-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com;default-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com;frame-ancestors 'self' ;frame-src https://www.google.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com;img-src 'self' data: blob: https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com;media-src 'none';object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com;style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://www.scdn3.secure.raxcdn.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.youtube.com https://s.ytimg.com https://hypothes.is https://cdn.hypothes.is https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com https://ajax.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.hypothes.is https://platform.twitter.com https://ton.twimg.com;font-src 'self' data: https://fonts.gstatic.com https://cdn.hypothes.is; 2 frame-ancestors *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.insipio.com *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.t-d.se; 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.proworkflow.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.proworkflow.com; img-src 'self' https://ajax.googleapis.com https://www.proworkflow.com; 2 frame-ancestors 'self' https://duerrtablets.tema-hosting.de/ 2 'unsafe-inline'; 2 form-action 'self' https://joomlacontenteditor.us14.list-manage.com/subscribe/post; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.paddle.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://www.paypal.com https://www.paypalobjects.com https://checkout.stripe.com https://cdn.paddle.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.paddle.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'self' 2 frame-ancestors 'self' *.cinradio.org:* *.wvxu.org:* *.wguc.org:*; 2 default-src 'self' https://www.google-analytics.com www.youtube.com fonts.gstatic.com https://storage.googleapis.com fonts.googleapis.com lh3.googleusercontent.com; base-uri 'none'; object-src 'none'; img-src 'unsafe-inline' 'self' https://storage.googleapis.com lh3.googleusercontent.com https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://s.ytimg.com https://www.google-analytics.com/analytics.js https://www.youtube.com/iframe_api https://www.googletagmanager.com/gtag/js ajax.googleapis.com www.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; 2 frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 2 default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-806059fd844e98e2603cbf55bfaf13e229f1311b' https://*.zopim.com https://*.zopim.io https://api-na.geetest.com https://api.geetest.com https://beta.binance.com https://cdn.ampproject.org https://ex.bnbstatic.com https://monitor.geetest.com https://resource.binance.com https://static-file-1259603563.file.myqcloud.com https://static.geetest.com https://static.zdassets.com https://translate.google.com https://translate.googleapis.com https://www.binance.com https://www.google-analytics.com https://www.google.com preprodbin.bnbstatic.com; style-src 'self' 'unsafe-inline' https://beta.binance.com https://ex.bnbstatic.com https://resource.binance.com https://static-file-1259603563.file.myqcloud.com https://static.geetest.com https://translate.googleapis.com https://www.binance.com https://www.gstatic.com preprodbin.bnbstatic.com; font-src 'self' data: https://at.alicdn.com https://beta.binance.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://static-file-1259603563.file.myqcloud.com https://www.binance.com preprodbin.bnbstatic.com; connect-src 'self' *.fdgahl.cn https://*.zopim.com https://beta.binance.com https://binance.zendesk.com https://ekr.zdassets.com https://ex.bnbstatic.com https://frontend-m.binance.cloud/monitor/v1/log https://jpush.binance.im:5000 https://pre-jpush.fdgahl.cn:5000 https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://ss.datasconsole.com https://static-file-1259603563.file.myqcloud.com https://translate.googleapis.com https://www.binance.com https://www.google.com preprodbin.bnbstatic.com wss://*.zopim.com wss://binance.com.zendesk.com wss://jpush.binance.im:5000 wss://margin-stream.binance.com:9443 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' *.fdgahl.cn data: https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://public.bnbstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://static-file-1259603563.file.myqcloud.com https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.binance.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com preprodbin.bnbstatic.com; media-src 'self' *.fdgahl.cn https://public.bnbstatic.com https://static-file-1259603563.file.myqcloud.com https://static.zdassets.com https://v2.zopim.com; frame-src 'self' https://static-file-1259603563.file.myqcloud.com https://static.zdassets.com https://www.google.com; object-src 'none'; base-uri 'self' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sompojapan.com.tr *.google.com *.google-analytics.com *.googleapis.com *.facebook.com *.gstatic.com *.facebook.net *.googletagmanager.com *.bootstrapcdn.com *.hotjar.com *.onesignal.com onesignal.com mc.yandex.ru track.adform.net *.googleadservices.com googleads.g.doubleclick.net *.cloudflare.com *.polyfill.io polyfill.io 2 block-all-mixed-content; frame-ancestors 'none'; default-src 'none'; object-src 'none'; img-src 'self' blob: data: https:; media-src 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; frame-src 'self' https:; connect-src 'self' https:; base-uri 'self'; form-action 'self' https: 2 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 2 frame-ancestors 'self' icrc.org *.icrc.org icrcproject.org *.icrcproject.org forum-icrc.org www.forum-icrc.org 2 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' wss://*.hotjar.com *.learningtree.com *.learningtree.ca *.learningtree.co.uk *.learningtree.se js.calltrk.com *.hotjar.com www.facebook.com prezi.com www.youtube.com *.reembed.com privacyportal.onetrust.com www.google-analytics.com www.google.com www.google.se; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn.reembed.com; frame-ancestors 'none'; img-src 'self' data: ltre-web.azureedge.net www.googletagmanager.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net www.google.com ltre-web-img.azureedge.net img.youtube.com i.ytimg.com cdn.cookielaw.org optanon.blob.core.windows.net bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.calltrk.com *.hotjar.com *.incontact.com s.reembed.com www.googletagmanager.com www.google-analytics.com connect.facebook.net s.ytimg.com *.reembed.com cdn.cookielaw.org www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com bat.bing.com sjs.bizographics.com optanon.blob.core.windows.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.reembed.com cdn.cookielaw.org optanon.blob.core.windows.net; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d2bvjr1tusdgm6.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://www.visitorjs.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://www.google.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; font-src 'self' https://d2bvjr1tusdgm6.cloudfront.net; manifest-src 'self'; connect-src 'self' https://dt-es-proxy.dt-srv.de https://solr.diesel-technic.dt-srv.de https://www.google-analytics.com https://stats.g.doubleclick.net 2 default-src 'self' https://www.stanbicibtcfundsmanagement.com https://dpm.demdex.net https://maps.googleapis.com https://fast.standardbank.demdex.net https://accstandardbank.d1.sc.omtrdc.net https://bid.g.doubleclick.net/xbbe/pixel https://8448999.fls.doubleclick.net https://cdn.krxd.net https://bs.serving-sys.com/Serving https://secure-ds.serving-sys.com https://standardbank.demdex.net https://www.youtube.com/ https://*.map2.ssl.hwcdn.net; font-src 'self';img-src 'self' data: https://ad.doubleclick.net https://accstandardbank.d1.sc.omtrdc.net https://www.google.com https://www.google.co.za https://cm.everesttech.net https://beacon.krxd.net https://jslog.krxd.net https://standardbank.demdex.net https://dpm.demdex.net https://*.map2.ssl.hwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://cdn.krxd.net https://assets.adobedtm.com https://secure-ds.serving-sys.com https://cdn.krxd.net https://www.googleadservices.com https://www.googletagmanager.com https://consumer.krxd.net https://googleads.g.doubleclick.net https://beacon.krxd.net https://tribeca.vidavee.com https://*.map2.ssl.hwcdn.net; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://*.map2.ssl.hwcdn.net; frame-ancestors 'self' https://www.stanbicibtcfundsmanagement.com; 2 default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' www.mega-porno.me mega-porno.me http://img.mega-porno.me megabc.info mega-bc.info *.fcdn.net *.kxcdn.com *.fex.net *.pljs.ru https://fex.net https://n161adserv.com *.advertserve.com advrich.com 69v.club redirect.mpay69.net redirect.mpay69.org redirect.mpay69.info test.test-mp.info http://mp-https.info http://bobi-bobi.info http://mpay3.info http://plpromos.com http://fderty.com promo-bc.com ajx161.online *.n161adserv.com u2bmco.com franecki.net *.cdnbmb.com *.ankunding.biz razdvabm.com *.bongacash.com mibmcbm.com *.vids69.com *.mega-porno.me *.advertserve.com http://counter.rambler.ru my2.imgsmail.ru www.gstatic.com yandex.st an.yandex.ru pagead2.googlesyndication.com www.youtube.com vk.com cdn.connect.mail.ru *.gstatic.com mc.yandex.ru www.google-analytics.com https://www.google-analytics.com https://apis.google.com www.gstatic.com *.xcvgdf.party 'unsafe-inline' 'unsafe-eval' http://www.mega-porno.me http://mega-porno.me data: 0.gravatar.com http://0.gravatar.com/ 1.gravatar.com http://1.gravatar.com/ an.yandex.ru/count http://an.yandex.ru/count/ favicon.yandex.net http://favicon.yandex.net avatars-fast.yandex.net http://avatars-fast.yandex.net/ vk.com yastatic.net counter.rambler.ru top-fwz1.mail.ru www.liveinternet.ru counter.yadro.ru mc.yandex.ru www.google-analytics.com https://www.google-analytics.com yastatic.net http://yastatic.net/ connect.mail.ru an.yandex.ru www.youtube.com googleads.g.doubleclick.net vk.com userapi.com site.yandex.net yastatic.net https://yastatic.net http://site.yandex.net https://site.yandex.net *.gstatic.com https://vk.com fonts.googleapis.com mc.yandex.ru *.gstatic.com 2 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' *.google.com fonts.googleapis.com geowidget.easypack24.net 'unsafe-inline'; object-src 'none'; img-src 'self' https: data:; font-src https: data:; report-uri https://elnino.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 2 frame-ancestors 'self'; object-src 'self' blob:; 2 object-src 'self'; frame-ancestors 'self'; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; upgrade-insecure-requests 2 base-uri ' ' 2 default-src 'unsafe-inline' 'self' https: wss:; object-src 'none' 2 media-src *; 2 default-src 'self'; child-src 'self' https://events.eventzilla.net https://www.youtube.com https://player.vimeo.com; connect-src 'self' https://www.ocimf-mtis.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.ocimf-ovid.org https://events.eventzilla.net https://www.youtube.com https://player.vimeo.com; img-src 'self' data: lib.ocimf.org https://csi.gstatic.com https://gallery.mailchimp.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://code.jquery.com/ https://*.list-manage.com https://maps.googleapis.com https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 2 default-src 'self' *.ncr.com; frame-src 'self' *.ncr.com *.hotjar.com *.hotjar.io *.demdex.net *.springcm.com *.demandbase.com *.callrail.com *.rakuten.com ncrpresalesfundrequest.secure.force.com *.doubleclick.net *.addthis.com *.salesforceliveagent.com www.youtube.com *.typeform.com *.ncrsilver.com calendly.com apisandbox.zuora.com *.artefactscloud.com www.facebook.com www.youtube-nocookie.com *.juicer.io *.linksynergy.com; img-src data: *; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ncr.com data: *.adobedtm.com px.ads.linkedin.com *.salesforceliveagent.com googleads.g.doubleclick.net snap.licdn.com assets.juicer.io s.ytimg.com *.addthis.com *.addthisedge.com connect.facebook.net www.googletagmanager.com www.google-analytics.com sjs.bizographics.com www.googleadservices.com maps.google.com maps.googleapis.com www.youtube.com www.google.com *.hotjar.io *.hotjar.com cdn.schemaapp.com ajax.googleapis.com assets.adobedtm.com cdn.cookielaw.org img.en25.com *.typeform.com use.edgefonts.net *.rakuten.com fullstory.com *.fullstory.com *.demandbase.com *.callrail.com *.linksynergy.com *.bing.com *.cloudfront.net *.calendly.com; style-src 'self' 'unsafe-inline' *.ncr.com assets.juicer.io cdnjs.cloudflare.com fonts.googleapis.com www.youtube.com optanon.blob.core.windows.net *.hotjar.com use.edgefonts.net *.calendly.com *.cloudfront.net; font-src 'self' *.ncr.com data: assets.juicer.io cdnjs.cloudflare.com fonts.gstatic.com *.hotjar.com *.hotjar.io use.edgefonts.net *.cloudfront.net; connect-src 'self' *.ncr.com *.demdex.net *.addthis.com www.juicer.io *.hotjar.com *.hotjar.io data.schemaapp.com *.omtrdc.net wss://*.hotjar.com *.demandbase.com *.callrail.com *.s3.amazonaws.com s3.amazonaws.com api.company-target.com *.fullstory.com; 2 frame-src https://secure.livechatinc.com/ https://metroonlinepk.firebaseapp.com/ https://metro-login.firebaseapp.com/ 2 default-src * 'self' 'unsafe-inline' 'unsafe-eval' about: data: blob:; frame-ancestors https://*.laborum.pe https://*.informes.me https://*.krowdy.com 2 default-src 'self' *.autofactpro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' optimize.google.com script.crazyegg.com user-event-tracker.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/* browser.sentry-cdn.com *.mkt.autofact.cl optimize.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com apis.google.com www.youtube.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' optimize.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; img-src 'self' img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net data: www.google-analytics.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com facebook.com; frame-src 'self' accounts.google.com optimize.google.com *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com www.google.com www.youtube.com www.facebook.com web.facebook.com staticxx.facebook.com accounts.google.com bid.g.doubleclick.net *.culqi.com *.pagoefectivo.pe; object-src 'self' *.autofactpro.com; connect-src 'self' ampcid.google.com sentry.io www.google-analytics.com ampcid.google.com ampcid.google.cl 54.242.242.218 *.mkt.autofact.cl *.ampproject.org *.ampproject.net *.autofactpro.com autofact.cl *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org *.ampproject.net www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com https://plugin.autentia.mb:7777; 2 "img-src 'self' *.google.com *.facebook.com *.google.co.in *.google-analytics.com *.g.doubleclick.net" 2 default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 2 default-src *; font-src * 'self' data:; img-src * 'self' data:; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://search.fwd.com.hk/ *.useinsider.com http://search.fwd.com.hk/ https://fwd.api.useinsider.com/ https://search.fwd.com.ph/ http://search.fwd.com.ph/ https://connect.fwd.co.th https://line.fwd.co.th https://www.gstatic.com https://www.google.com https://maps.googleapis.com www.google-analytics.com tagmanager.google.com *.googleapis.com www.googletagmanager.com *.livechatinc.com connect.facebook.net *.turn.com *.zopim.com *.zopim.io cdn-akamai.mookie1.com tags.tiqcdn.com t.mookie1.com b3.mookie1.com *.zopim.com api.map.baidu.com *.maxmind.com *.map.bdimg.com *.bdstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io *.googleadservices.com *.adnxs.com *.doubleclick.net cloudfront.net *.mimecast.com *.adsrvr.org *.facebook.com *.youtube.com *.ytimg.com *.bing.com/ https://bat.bing.com/bat.js *.yimg.com/wi/ *.visualwebsiteoptimizer.com bs.serving-sys.com https://*.analytics.yahoo.com https://*.yimg.com *.taboola.com *.innity.net *.innity.com; connect-src 'self' https://api.useinsider.com/ https://location.api.useinsider.com/ https://hit.api.useinsider.com https://fwd.api.useinsider.com/ https://surfer.seasonalife.com/* *.surfer.seasonalife.com *.seasonalife.com https://category-collector.api.useinsider.com/ https://image.useinsider.com/ https://*.api.useinsider.com https://search.fwd.com.hk/ wss://directline.botframework.com *.botframework.com http://search.fwd.com.hk/ https://search.fwd.com.ph/ http://search.fwd.com.ph/ https://connect.fwd.co.th https://line.fwd.co.th https://portal.fwd.com.vn wss://*.zopim.com *.maxmind.com api.map.baidu.com *.adnxs.com *.turn.com *.adsrvr.org *.facebook.com *.vimeo.com *.youtube.com *.taboola.com *.yimg.com *.innity.net *.innity.com; 2 frame-ancestors *.adobe.com http://adobe.lookbookhq.com https://adobe.lookbookhq.com http://adobeenterprise.lookbookhq.com https://adobeenterprise.lookbookhq.com 2 frame-ancestors *.sitewebmotors.com.br; 2 upgrade-insecure-requests; frame-ancestors self 2 frame-ancestors 'self' https://sunlifeassurance.experiencecloud.adobe.com https://sunlifeassurance.marketing.adobe.com; 2 frame-ancestors 'self' https://www-mgr.gov.taipei http://www-mgr.gov.taipei 2 base-uri 'none'; object-src 'none'; default-src 'self' 'unsafe-inline' data: https: wss: blob:; report-uri https://ulcm.report-uri.com/r/d/csp/enforce 2 frame-ancestors 'self' mediate.com *.mediate.com ; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com; report-uri /admin/config/system/seckit/csp-report 2 default-src 'self' http: https: 2 Content-Security-Policy-Report-Only 2 frame-ancestors 'self' https://*.teamsupport.com/ 2 default-src='self' 2 default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com code.jquery.com maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com ssl.siteimprove.com www.gstatic.com dl.edge-cdn.net ; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net cloud.typography.com *.twimg.com www.metroag.de; img-src 'self' csi.gstatic.com dl.edge-cdn.net data: maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com ssl.siteimprove.com www.gstatic.com app.miag.com maintenance.metroag.de 1634.global.siteimproveanalytics.io ; frame-src 'self' www.youtube.com irs.tools.investis.com player.admiralcloud.com *.twitter.com www.google.com dev.dieproduktion.de ; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d1azc1qln24ryf.cloudfront.net ; object-src 'none' ; base-uri 'none'; connect-src 'self' dl.edge-cdn.net *.twitter.com www.3dzeitschrift.de ; media-src 'self' jpn.videos.metrosystems.net edge-cdn.net ; report-uri MagReport.csp?cspReport=true 2 frame-ancestors 'self' http://www.quironsalud.es https://www.quironsalud.es http://betaweb.quironsalud.es https://betaweb.quironsalud.es http://intranetfjd.idc.local https://intranetfjd.idc.local http://overweightinstitute.fjd.es https://overweightinstitute.fjd.es http://www.cirujanosdelcorazon.es https://www.cirujanosdelcorazon.es http://www.clinicadelpilar.org https://www.clinicadelpilar.org http://www.clinicavalles.com https://www.clinicavalles.com http://www.cuidamosdelamujer.es https://www.cuidamosdelamujer.es http://www.diverhospital.es https://www.diverhospital.es http://www.e-quironsalud.com https://www.e-quironsalud.com http://www.fjd.es https://www.fjd.es http://www.fundacionquironsalud.org https://www.fundacionquironsalud.org http://www.hgc.es https://www.hgc.es http://www.hgvillalba.es https://www.hgvillalba.es http://www.hope-documental.es https://www.hope-documental.es http://www.hospitalinfantaelena.es https://www.hospitalinfantaelena.es http://www.hospitalpublicocolladovillalba.es https://www.hospitalpublicocolladovillalba.es http://www.hospitalreyjuancarlos.es https://www.hospitalreyjuancarlos.es http://www.hscor.com https://www.hscor.com http://www.idcsaludenfermeria.es https://www.idcsaludenfermeria.es http://www.idcsalud.es https://www.idcsalud.es http://www.jornadaspbp.es https://www.jornadaspbp.es http://www.lungscreen.eu https://www.lungscreen.eu http://www.oncohealth.eu https://www.oncohealth.eu http://www.porquesabeselegir.es https://www.porquesabeselegir.es http://www.quironsalud-hospitals.com https://www.quironsalud-hospitals.com http://www.rare-genomics.com https://www.rare-genomics.com http://www.redneurosalud.es https://www.redneurosalud.es http://www.ruber.es https://www.ruber.es http://www.ruberinternacional.es https://www.ruberinternacional.es http://www.teknonbarcelona.com https://www.teknonbarcelona.com http://www.teknonbarcelona.it https://www.teknonbarcelona.it http://www.teknonbarcelona.ru https://www.teknonbarcelona.ru http://www.teknon.es https://www.teknon.es http://www.tucanaldesalud.es https://www.tucanaldesalud.es 2 default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; connect-src http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https: https://ecs.us1.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://global.vss.twilio.com; media-src mediastream:; 2 default-src 'self' *.sexdesant.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' betnetmed.advertserve.com vadideo.com https://yandex.ru *.yandex.net yastatic.net union-site-data.com xyz0k4gfs.xyz brilliantbc9.club ajax.cloudflare.com *.yandex.ru; img-src 'self' data: union-site-data.com xyz0k4gfs.xyz brilliantbc9.club *; style-src 'self' 'unsafe-inline' fonts.googleapis.com yastatic.net; frame-src 'self' advrich.com xyz0k4gfs.xyz; font-src 'self' fonts.gstatic.com; connect-src 'self' upload.pipiset.com n161adserv.com *.ebalka.me mc.yandex.ru brilliantbc9.club; media-src 'self' data: fex.net cs1.fcdn.net *.sexdesant.com 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https: data:; font-src https: data:; img-src * data:; 2 frame-ancestors 'self' www.nassp.org www.nhs.us www.njhs.us www.nehs.org www.natstuco.org www.principalsmonth.org files.nassp.org; 2 default-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self'; script-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; style-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; img-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' ; 2 base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 2 default-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io data:; script-src 'self' *.bootstrapcdn.com *.cloudflare.com *.jsdelivr.net *.ltts.com *.facebook.com *.jquery.com *.jqueryui.com *.linkedin.com *.hotjar.com *.facebook.net *.licdn.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.youtube.com 'unsafe-inline' 'unsafe-eval' *.hotjar.io data:; img-src * 'self' data:; media-src 'self' *.youtube.com *.ltts.com; frame-src *.ltts.com *.linkedin.com *.youtube.com youtube.com *.facebook.com *.twitter.com www.google.com *.google.com *.hotjar.com; report-uri /report-csp-violation 2 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 2 frame-ancestors https://*.marincounty.org http://*.marinpublic.com https://*.mcera.org https://*.marinmap.org https://*.marinfair.org https://*.marincountyparks.org https://*.marincountyhr.org 2 script-src https://bat.bing.com https://api.clerk.io https://api.coolrunner.dk https://*.criteo.net https://*.criteo.com 'self' data: 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://optimize.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://translate.google.com https://tagmanager.google.com https://widget.intercom.io https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://chimpstatic.com https://*.sleeknote.com https://widget.trustpilot.com; img-src https://bat.bing.com https://*.criteo.net https://*.criteo.com 'self' data: https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://translate.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.dk https://www.google.se https://www.google.no https://www.google.de https://www.google.co.uk https://static.intercomassets.com https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://miljoevenlig-pakning.dk https://www.partner-ads.com https://*.sleeknote.com https://i.ytimg.com; frame-src https://*.criteo.net https://*.criteo.com 'self' https://www1.emarsys.net https://connect.facebook.net https://www.facebook.com https://optimize.google.com/ https://www.google.com https://www.googletagmanager.com https://*.klarna.com https://*.klarnacdn.net https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://*.googleapis.com https://tagmanager.google.com https://*.sleeknote.com; connect-src 'self' https: wss://*.intercom.io; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com; object-src 'self'; media-src https://*.gstatic.com 2 report-uri https://sentry.iddqd.yandex.net/api/388/csp-report/?sentry_key=1915039caf274cfb8dcc6b9ce9aaf948; default-src 'self' yandex.ru eda.yandex beta.eda.yandex yastatic.net *.yandex.net *.yandex.ru *.yandex.net *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.webvisor.com *.webvisor.org *.foodfox.ru *.payture.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru eda.yandex beta.eda.yandex yastatic.net *.yandex.net *.yandex.ru *.yandex.net *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.webvisor.com *.webvisor.org localhost:3101; style-src blob: data: 'self' 'unsafe-inline' yandex.ru eda.yandex beta.eda.yandex yastatic.net *.yandex.ru *.yandex.net *.foodfox.ru; font-src 'self' eda.yandex beta.eda.yandex yastatic.net *.yandex.net; frame-src *; img-src data: * 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' always 2 frame-ancestors 'self' http://www.medscape.com https://www.medscape.com https://www.medscape.com https://business.facebook.com https://www.facebook.com 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' https: 2 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com;style-src 'self' 'unsafe-inline' https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com;frame-src https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com;font-src 'self' https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net;report-uri /WebResource.axd?cspReport=true 2 default-src 'self'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://fullstory.com https://*.fullstory.com cdnjs.cloudflare.com d1aqhv4sn5kxtx.cloudfront.net *.ngpvan.com; style-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com tagmanager.google.com; img-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com/css fonts.gstatic.com fonts.googleapis.com;connect-src 'self' https://*.fullstory.com https://fullstory.com; report-uri https://accounts.ngpvan.com/oidc/csp/report 2 frame-ancestors rbc.rocketsoftware.com rbcint.rocketsoftware.com den-vm-u2bcweb.u2lab.rs.com www3staging.rs.com us-east-1.content-hub.acquia.com truedx.trubiquity.de 2 default-src *; frame-ancestors 'self' https://optimize.google.com; block-all-mixed-content; base-uri 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.sndcdn.com https://*.soundcloud.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com https://*.soundcloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.linkedin.com https://polyfill.io https://*.bizographics.com https://*.datatables.net https://maps.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.google.com https://*.optimizely.com https://code.jquery.com https://*.googletagmanager.com https://*.episerver.net https://*.msecnd.net https://*.getsitecontrol.com https://*.marketo.com https://*.youtube.com https://*.ytimg.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com https://*.sndcdn.com; img-src 'self' data: https://*.datatables.net https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://pixel.newscred.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.googletagmanager.com https://*.marketo.com https://grant-thornton.vuturevx.com https://*.youtube.com https://stats.g.doubleclick.net https://*.grantthornton.sg; style-src 'self' https://*.datatables.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.marketo.com 'unsafe-inline' https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; font-src 'self' data: https://*.gstatic.com https://*.getsitecontrol.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; frame-src https://*.google.com https://*.optimizely.com https://*.googletagmanager.com https://*.marketo.com https://*.getsitecontrol.com https://*.youtube.com https://*.gtil-dxc.com https://*.grantthornton.global https://*.grantthornton.sg https://*.soundcloud.com; 2 script-src 'self' http://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widgetapi.js http://s.ytmig.com https://s.ytimg.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflBy1d5C/www-widget.js https://www.youtube.com/iframe_api http://www.youtube.com/iframe_api https://www.gstatic.com/ https://www.google.com/recaptcha/api.js http://www.google.com/recaptcha/api.js https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://maps.googleapis.com http://maps.googleapis.com https://ssl.google-analytics.com http://ssl.google-analytics.com https://connect.facebook.net http://tagmanager.google.com https://assets.adobedtm.com http://assets.adobedtm.com http://jscdn.appier.net http://track.adform.net https://track.adform.net http://track.omguk.com https://va.ecitizen.gov.sg http://va.ecitizen.gov.sg 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 2 frame-ancestors 'self' *.iza.org; 2 default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; 2 frame-ancestors 'self' www.amway.id admin.amway.id beta.amway.id www.amway.co.th admin.amway.co.th beta.amway.co.th 2 upgrade-insecure-requests; report-uri https://sentry.alboweb.nl/api/90/csp-report/?sentry_key=50677694228d4eb4befdcf33b750247d; 2 default-src *; frame-src 'self' https: http://*.google.com http://*.facebook.com http://*.twitter.com http://*.youtube.com http://*.sharethis.com http://*.googletagmanager.com http://*.vimeo.com http://*.sharpspring.com http://*.googleadservices.com http://*.doubleclick.net http://*.wistia.com http://*.wistia.net https://*.cloudfront.net; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: ; img-src * data: ; report-uri https://19jrymqg65.execute-api.us-east-1.amazonaws.com/default/dgcsp-report-uri; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.natfuel.com *.nationalfuelgas.com nationalfuel.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com player.vimeo.com www.google.com sp.analytics.yahoo.com stats.g.doubleclick.net data: 2 frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src https: blob: mc.yandex.ru jivosite.com; 2 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2 default-src * data: blob:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://s3.amazonaws.com/trk.cetrk.com/f/t.js https://tagmanager.google.com/ https://instafeed.assets.pixlee.com https://www.buzzsprout.com https://api.volunteer.com.au https://volwidget.s3.amazonaws.com https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://fast.wistia.net https://ecn.dev.virtualearth.net https://openlayers.org mapstraction.com https://www.bing.com/ https://vudoo.com https://dme0ih8comzn4.cloudfront.net *.admaxim *.addthis.com https://m.addthisedge.com https://cdnjs.cloudflare.com https://d1ig6folwd6a9s.cloudfront.net https://sample.crazyegg.com https://script.crazyegg.com https://sample-api-v2.crazyegg.com/n/588250/all https://s3.amazonaws.com/trk.cetrk.com/d/t.js https://e.issuu.com/embed.js https://everydayhero.com *.facebook.com *.facebook.net fast.wistia.com https://www.google.com http://www.google-analytics.com *.google-analytics.com *.googleapis.com https://maps.google.com https://optimize.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://s.gravatar.com https://code.jquery.com https://s.c.appier.net https://jscdn.appier.net https://assets.juicer.io/ https://embed.playbuzz.com https://sb.scorecardresearch.com https://mcd-sdk.playbuzz.com https://res-format-story.playbuzz.com https://cdn.playbuzz.com https://widget.surveymonkey.com https://salvos.org.au/ https://www.salvationarmy.org.au/ http://salvationarmy.org.au/ http://src.litix.io/ https://s0.wp.com https://stats.wp.com/ https://public.tableau.com/ *.twitter.com *.twimg.com https://users.dialogfeed.com *.verisign.com http://fast.wistia.com 127.0.0.1:* *.localhost; style-src 'self' https://tagmanager.google.com/debug/css.css https://assets.buzzsprout.com https://volwidget.s3.amazonaws.com https://openlayers.org https://www.bing.com https://dme0ih8comzn4.cloudfront.net https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ data: *.addthis.com *.bootstrapcdn.com https://d1ig6folwd6a9s.cloudfront.net https://fonts.googleapis.com http://fonts.googleapis.com *.googleapis.com *.gstatic.com https://optimize.google.com *.jquery.com https://assets.juicer.io/ *.myfonts.net https://res-format-story.playbuzz.com *.twimg.com *.twitter.com http://s.gravatar.com 'unsafe-inline'; media-src * data:; font-src * data:; connect-src 'self' https://sample-api-v2.crazyegg.com/n/588250/all https://s.c.appier.net https://www.bing.com https://salvos.org.au/ https://www.salvationarmy.org.au/ https://salvationarmy.org.au/ https://anylist.c.appier.net *.addthis.com https://stats.g.doubleclick.net/ *.facebook.com https://www.google-analytics.com https://assets.juicer.io/ http://www.juicer.io https://www.juicer.io https://prd-collector-anon.playbuzz.com https://pixel.playbuzz.com https://mcd-sdk.playbuzz.com https://embed.playbuzz.com https://cdn.playbuzz.com https://syndication.twitter.com *.vimeocdn.com pipedream.wistia.com https://e.issuu.com https://users.dialogfeed.com embed.wistia.com distillery.wistia.com/x; report-uri https://salvos.org.au/csp-reports/ 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; upgrade-insecure-requests; report-uri https://uvinum.report-uri.io/r/default/csp/enforce 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.herokuapp.com *.ravepay.co *.flutterwave.com *.stripe.com *.google.com *.facebook.net *.facebook.com *.facebook.net *.dhru.com ; img-src * data:; font-src * data: 2 default-src 'self' *.bnymellon.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net; style-src 'self' 'unsafe-inline' *.bnymellon.net; img-src 'self' data: *.bnymellon.net *.mainaccount.com *.schwab.com; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com; 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.dentoncounty.gov *.dentoncounty.com *.sitecore.net requirejs.org *.willyweather.com cdnres.willyweather.com *.siteimprove.com *.googlecode.com *.cloudflare.com *.fontawesome.com *.sharethis.com www.google-analytics.com *.google.com *.mailchimp.com; 2 default-src 'none'; script-src 'self' 'sha256-1r2NDw2SL2ljeJ3mdJ1JKRCqfXZ78S0uKAwkGYGzTkM=' 'sha256-HVGtOfE5Hu8a+symT358xlgTICh65E7KfVGx609o+R0=' 'sha256-gJw5MpBqZNzv6rfg+75DddUdk3DYqyOTwLiTp59bh8E=' https://www.google.com http://www.google.com https://www.gstatic.com http://www.gstatic.com https://s.ytimg.com *.youtube.com http://www.youtube.com https://fullstory.com https://www.google-analytics.com http://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://s3.amazonaws.com https://www.google-analytics.com http://www.google-analytics.com *.ytimg.com http://i.ytimg.com https://stats.g.doubleclick.net; connect-src 'self' https://stats.g.doubleclick.net https://rs.fullstory.com https://www.googleapis.com https://www.google-analytics.com; font-src 'self'; object-src 'none'; media-src 'self'; form-action 'self'; frame-src https://www.youtube.com https://www.google.com http://www.google.com; frame-ancestors 'self'; 2 default-src * ; script-src * data: 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; img-src * ; font-src * ; 2 default-src 'self' http://www.cmbwinglungbank.com https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com https://demo02.etwealth.com http://demo02.etwealth.com *.cmbchina.com https://cms.aqumon.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; frame-ancestors 'self' fc10.etwealth.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 2 frame-ancestors https://*.allianz.co.id 2 default-src https:; font-src https: blob: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; worker-src blob:; style-src https: 'unsafe-inline'; img-src https: data:; 2 frame-ancestors 'self' https://*.moody.edu 2 base-uri https://www.namepros.com/ https://namepros.reamaze.io; block-all-mixed-content; frame-ancestors 'self' https://www.domainsherpa.com about:; object-src 'none'; worker-src 'none'; frame-src 'report-sample' 'self' https://www.youtube.com https://imgur.com https://s.imgur.com https://www.dailymotion.com https://player.vimeo.com https://www.liveleak.com https://js.stripe.com https://accounts.google.com https://namepros.reamaze.com https://staticxx.facebook.com https://www.facebook.com https://apis.google.com https://platform.twitter.com https://twitter.com https://syndication.twitter.com https://web.facebook.com; form-action 'report-sample' 'self' https://www.paypal.com https://syndication.twitter.com https://platform.twitter.com; font-src 'report-sample' https://fonts.gstatic.com https://use.fontawesome.com data:; img-src 'report-sample' 'self' www.namepros.com https://nameproscdn.com data: https: blob:; manifest-src 'report-sample' 'self' https://nameproscdn.com; prefetch-src 'report-sample' 'self' https://nameproscdn.com; default-src 'report-sample' 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://namepros.com https://cdn.reamaze.com https://*.pusher.com https://secure.quantserve.com https://rules.quantcount.com https://www.googletagmanager.com https://www.google-analytics.com https://plus.google.com https://apis.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://js.stripe.com https://ajax.googleapis.com https://translate.google.com https://translate.googleapis.com https://s.imgur.com https://connect.facebook.net https://platform.twitter.com https://platform.linkedin.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.reamaze.com https://translate.googleapis.com; connect-src 'report-sample' 'self' https://namepros.reamaze.io https://namepros.reamaze.com wss://ws.reamaze.com wss://ws.pusherapp.com https://*.pusher.com https://www.google-analytics.com https://stats.g.doubleclick.net https://nameproscdn.com https://www.linkedin.com; media-src 'report-sample' 'self' https://cdn.reamaze.com; report-uri https://report.namepros.com/r/g/0/; report-to g 2 connect-src https: wss:; upgrade-insecure-requests 2 default-src http: https:; script-src http: https: 'unsafe-inline' 'unsafe-eval'; style-src http: https: 'unsafe-inline'; img-src data: http: https: 2 media-src 'self' 2 connect-src 'self'; child-src 'self'; font-src 'self'; form-action 'self' data:; frame-ancestors 'self'; frame-src 'self'; img-src data: 'self' https://noc.kolabsys.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://noc.kolabsys.com; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'self'; reflected-xss block; 2 frame-ancestors 'self' www.overbrook.edu *.overbrook.edu *.dominicancampus.org *.stcecilia.edu www.stcecilia.edu; 2 frame-ancestors 'self' https://*.castlery.com https://*.castlery.com.au https://*.castlery.sg 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2 default-src blob: data: https:; script-src blob: https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' 2 font-src * data: 2 style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com platform.twitter.com ton.twimg.com; 2 frame-ancestors 'self' http://www.weathertechwholesale.com http://www.cabelas.com https://www.cabelas.com http://www.calcarcover.com https://www.calcarcover.com http://cabuat01.cabelas.com https://cabuat01.cabelas.com http://cabuat02.cabelas.com https://cabuat02.cabelas.com http://cabuat03.cabelas.com https://cabuat03.cabelas.com https://sandbox-assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://assets.secure.checkout.visa.com https://secure.checkout.visa.com *.intranet.dow.com *.paypal.com *.paypalobjects.com 2 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.youtube.com s.ytimg.com s.acquire.io checkout.culqi.com ws.bluesnap.com www.paypal.com www.paypalobjects.com bitpay.com cdn.ravenjs.com connect.facebook.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com rec.smartlook.com cdn.segment.com cdn.amplitude.com bluesnap.com *.bluesnap.com collectcdn.com; style-src 'self' 'unsafe-inline' checkout.culqi.com static.culqi.com fonts.googleapis.com; img-src 'self' http: https: data: s.acquire.io res.cloudinary.com maps.googleapis.com checkout.culqi.com static.culqi.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com; connect-src 'self' api.qempo.com wss://api.qempo.com app.acquire.io wss://s.acquire.io wss://ws.acquire.io sentry.io www.paypal.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com events-writer.smartlook.com manager.smartlook.com writer.smartlook.com writer-br.smartlook.com writer-sg.smartlook.com writer-us.smartlook.com writer-mobile.smartlook.com api.segment.io api.amplitude.com app.collect.chat api.ipify.org; font-src 'self' fonts.googleapis.com fonts.gstatic.com app.acquire.io; object-src 'self'; media-src 'self' data:; frame-src 'self' s.acquire.io bitpay.com checkout.culqi.com www.facebook.com connect.facebook.net staticxx.facebook.com tagmanager.google.com www.googletagmanager.com www.paypal.com www.youtube.com bluesnap.com *.bluesnap.com ssl.kaptcha.com; report-uri https://sentry.io/api/1353240/security/?sentry_key=b7e07db316a544d993fb1fddc5b5b016 2 frame-ancestors 'self' https://*.gstatic.com http://webvisor.com https://*.webvisor.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ru 2 policy 2 base-uri 'self'; child-src 'self' bid.g.doubleclick.net www.google.com www.youtube.com *.midtrans.com *.googleapis.com; connect-src *; default-src 'self'; font-src 'self' data: cdn.mxpnl.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: csi.gstatic.com maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net i.imgur.com img.youtube.com www.googleadservices.com www.google.com www.google.co.id www.google-analytics.com www.googletagmanager.com placehold.it placeholdit.imgix.net s3.amazonaws.com *.s3.amazonaws.com *.midtrans.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.polyfill.io cdn.mxpnl.com mixpanel.com maps.googleapis.com s.ytimg.com *.crazyegg.com s3.amazonaws.com *.s3.amazonaws.com tagmanager.google.com www.googleadservices.com www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com www.youtube.com *.midtrans.com *.googleapis.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com tagmanager.google.com; frame-src *.midtrans.com www.youtube.com www.google.com 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' * 2 default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2 default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 2 2 default-src 'self'; frame-src avsecure.dev; img-src 'self' *.florastatic.com https://*.florastatic.com www.google-analytics.com https://www.google-analytics.com; media-src 'none'; object-src 'none'; script-src 'self' www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' data: dni.trumeasure.com tag.simpli.fi/sifitag/8138eae0-4801-0136-4942-067f653fa718 *.paypal.com *.paypalobjects.com/api/checkout.js https://www.paypal.com/xoplatform/logger/api/logger maps.googleapis.com www.gstatic.com www.google.com/ unpkg.com www.google-analytics.com ajax.googleapis.com *.hotjar.com *.vision.net *.myswva.com; child-src 'self' *.paypal.com https://www.paypal.com/xoplatform/logger/api/logger *.hotjar.com http://www.excede.com http://www.viasatresidential.com *.vimeo.com *.youtube.com www.google.com livechat.vision.net *.myswva.com https://docs.google.com; 2 frame-ancestors 'self' http://www.degreedeodorant.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 2 default-src 'self' http://www.youtube.com/ https://googleads.g.doubleclick.net/ https://www.youtube.com/ wss://nathetsof.com wss://www.nathetsof.com http://nathetsof.com https://nathetsof.com http://www.nathetsof.com https://www.nathetsof.com wss://www.nathetsof.com wss://nathetsof.com https://nathetsof.com http://nathetsof.com wss://www.reasedoper.pw http://reasedoper.pw https://reasedoper.pw https://pagead2.googlesyndication.com/ http://mtrcss.com/ https://binpartner.com/ http://*.maxtarget.ru/ https://mc.yandex.ru/ http://rb.revolvermaps.com/;style-src 'unsafe-inline' *;img-src * data:;media-src *;font-src *;script-src 'self' blob: http://zstat.org/ http://nathetsof.com/ https://tds.exopay.ru/ http://tds.exopay.ru/ https://gridiogrid.com/ http://nathetsof.com/ http://gridiogrid.com/ http://www.gridiogrid.com/ https://www.gridiogrid.com/ http://tds.movikpro.su/ http://movikpro.su/ http://rigaletto.info/ http://phpbbex.com/ http://listat.org https://listat.org https://static.reasedoper.pw http://static.reasedoper.pw http://mobuli.info http://mobisway.info http://doramobi.info http://uxm.ru/ https://dl.metabar.ru/ http://azbns.com/ http://cdn.mobidea.com/ http://cdn.mobidea.com/ https://cdn.mobidea.com/ http://mytomatosoup.com/ http://mytomatosoup.com/ http://*.facetz.net/ https://bodaybo.net/ https://msrv.su/ http://*.mixmarket.biz/ http://*.adsniper.ru/ http://*.imho.net/ http://*.trafex.net/ http://*.madnet.ru/ http://*.cnt.my/ http://*.adlabs.ru/ http://utarget.ru/ http://luxup.ru/ http://*.morgdm.ru/ http://mxpopad.com/ https://*.metabar.ru/ http://mtrcss.com/ https://*.binpartner.com/ https://binpartner.com/ http://*.maxtarget.ru/ http://*.s1block.com/ https://*.exoclick.com/ http://*.exoclick.com/ http://ma-static.ru/ http://*.criteo.com/ http://webgringo.ru/ http://dancepoisk.ru/ http://*.google.com.ua https://*.google.com.ua https://*.vim100.ru http://*.vim100.ru https://vim100.ru http://vim100.ru http://*.kavanga.ru https://*.kavanga.ru http://dreamcode.pw https://dreamcode.pw https://*.advertur.ru *.advertur.ru http://cdn-rtb.sape.ru/ http://*.sape.ru/ http://wslocker.ru/ http://www.photoshop.in.ua 'self' 'unsafe-inline' 'unsafe-eval' http://code.jquery.com https://oss.maxcdn.com yandex.st *.yandex.st https://*.google-analytics.com http://*.google-analytics.com acint.net www.acint.net http://meelba.com http://*.meelba.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.uptolike.com https://*.uptolike.com *.leadada.com http://*.yandex.ru http://yandex.ru https://yandex.ru https://*.yandex.ru http://*.doubleclick.net https://*.doubleclick.net cepereh.ru promoskiki.ru brandomatic.ru http://info.datacadet.com https://info.datacadet.com http://*.metabar.ru https://*.youtube.com http://*.youtube.com https://*.google.com http://*.google.com http://*.yandex.net https://*.yandex.net http://*.dumedia.ru http://userapi.com https://*.twitter.com http://*.twitter.com https://yastatic.net http://yastatic.net http://*.ya.ru http://*.fbcdn.net http://*.facebook.net https://*.facebook.net http://ad.oyy.ru http://pr-cy.ru http://*.rotaban.ru http://*.addthis.com http://*.mail.ru https://*.mail.ru http://*.adriver.ru https://*.googleapis.com http://*.googleapis.com http://*.reformal.ru https://vk.com http://*.vk.com http://vk.com http://*.vk.com http://estat-translator.com http://*.openstat.net http://openstat.net http://*.hit.ua http://api.cpatext.ru http://disgusting.ru http://counter.rambler.ru http://allskidkimos.ru http://*.acint.net http://*.beeline.ru http://*.smi2.ru https://*.alexa.com http://js-agent.newrelic.com http://*.odnoklassniki.ru http://*.directadvert.ru http://vkontakte.ru http://meteoprog.ua http://*.meteoprog.ua http://*.ok.ru https://*.ok.ru http://api.recaptcha.net http://ulogin.ru http://*.ukr.net http://*.semrash.com http://*.nr-data.net http://*.mgts.ru http://commontools.net http://*.wordpress.com http://informer.name http://*.bigmir.net https://*.bigmir.net http://www.samnews.ru http://adv.rb-edu.ru http://nastart.com.ua http://*.betweendigital.com http://*.google.ru http://*.cloudfront.net http://api.pozvonim.com http://*.24webclock.com https://*.zemanta.com http://disqus.com http://*.gismeteo.ru http://*.spylog.ru http://*.sharethis.com http://*.disqus.com http://*.c8.net.ua http://www.semrush.com http://loginza.ru http://*.redtram.com https://*.facebook.com http://*.facebook.com http://reformal.ru http://mreporter.ru http://n.lcads.ru http://*.leadia.ru http://www.vesti.ru http://*.begun.ru http://google.com.ua https://google.com.ua http://gamebomb.ru https://*.skype.com http://*.contextbar.ru http://*.googleadservices.com https://*.googleadservices.com http://*.lcads.ru http://*.googlevideo.com https://*.googlevideo.com http://*.gstatic.com https://*.gstatic.com https://*.ytimg.com http://*.ytimg.com http://*.yadro.ru https://*.yadro.ru; connect-src 'self' wss://nathetsof.com/ wss://www.nathetsof.com/ wss://www.gridiogrid.com/ https://api.push.world/ https://static.reasedoper.pw/ wss://www.nathetsof.com wss://www.reasedoper.pw/ http://meelba.com/ http://stat.qload.ru http://uxm.ru https://mc.yandex.ru/ https://pagead2.googlesyndication.com 2 default-src 'self' iconic-assets.azureedge.net; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2 form-action 'self' webto.salesforce.com 2 script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 2 default-src * 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* *.gstatic.com:* http://*:*; style-src 'self' 'unsafe-inline' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* ; img-src data: blob: 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* http://*:*; connect-src 'self' http://*:* ws://localhost:*; child-src 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* *.hooshco20170301.myddns.me:* *.gstatic.com:*; frame-src 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* *.hooshco20170301.myddns.me:* *.gstatic.com:*; frame-ancestors 'self' *.google.com:* *.abctools.ir:* *.bootstrapcdn.com:* *.hooshco20170301.myddns.me:* *.gstatic.com:*; reflected-xss filter; referrer no-referrer-when-downgrade; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru http://*.youtube.com; report-uri https://myklad.org/csp-report.php 2 frame-ancestors 'self' *.royalpanda.com *.rpaffiliates.com; 2 script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; base-uri *;connect-src *; style-src 'self' 'unsafe-inline' https:;default-src 'self' https:; img-src 'self' data: https://dc.ads.linkedin.com/ https://www.google.com/ https://www.facebook.com/ https://bat.bing.com/action/ https://track.hubspot.com/ https://cloud.apizee.com/ https://www.google-analytics.com/ https://t.co/i/ https://www.google.fr/ https://stats.g.doubleclick.net/ https://info.digitaleo.fr/hs-fs/hubfs/ https://www.digitaleo.fr/sites/default/files/favicon_0_0.ico; 2 child-src 'self' competency.s3.amazonaws.com *.competency.s3.amazonaws.com *.competency.io *.youtube.com *.vimeo.com *.facebook.com *.google.com *.stripe.com; 2 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/enforce 2 connect-src https: 2 frame-ancestors 'self' https://amdsb-on.safeschools.com/ 2 default-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.gravatar.com https://*.w.org https://*.cloudflare.com https://*.hsforms.net https://*.hsforms.com https://*.jsdelivr.net https://*.hotjar.com/ https://*.hubspot.com https://*.hs-scripts.com https://*.softvision.com https://softvision.com https://*.hsleadflows.net https://*.hs-analytics.net https://*.usemessages.com https://*.bootstrapcdn.com https://*.wpengine.com https://*.cdninstagram.com https://*.googletagmanager.com https://*.driftt.com https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.youtube.com https://*.alicdn.com https://*.amazonaws.com https://linkedin.com https://*.google.com https://*.vimeo.com https://*.drift.com https://*.hotjar.io https://*.hubspot.net https://*.ytimg.com https://*.yoast.com https://yoast.com https://*.github.com https://*.cognizantsoftvision.com https://cognizantsoftvision.com script-src: 'unsafe-inline' 'unsafe-eval' img-src: data: 'self' font-src: 'self' blob: 2 default-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com ; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com 'unsafe-inline'; img-src * data:; font-src 'self' data: *.moneta.ru *.moneta.com *.payanyway.ru *.payanyway.com https://fonts.gstatic.com https://sxt.cdn.skype.com ; frame-src https: ; report-uri /cspreport.htm 2 default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.221.22.202.116.clients.your-server.de; script-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.221.22.202.116.clients.your-server.de; connect-src * 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.221.22.202.116.clients.your-server.de; img-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.221.22.202.116.clients.your-server.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.221.22.202.116.clients.your-server.de; 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.twitter.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com www.googleadservices.com connect.facebook.net platform.twitter.com static.ads-twitter.com; img-src 'self' data: *.absolunet.com *.g.doubleclick.net www.google-analytics.com www.facebook.com www.google.com www.google.ca *.gstatic.com 10tendancesecommerce.com 10ecommercetrends.com t.co 1.gravatar.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.youtube.com *.g.doubleclick.net local.10ecommercetrends.com 10tendancesecommerce.com 10ecommercetrends.com; connect-src 'self' apis.google.com tagmanager.google.com; object-src 'self'; frame-ancestors 'self' 10tendancesecommerce.com 10ecommercetrends.com 2 frame-ancestors 'self' *.roomlynx.net 2 default-src 'self' * 'unsafe-inline' 'unsafe-eval'; font-src 'self' * data:; 2 default-src 'self'; connect-src https://wdpclient-uat-api.azurewebsites.net https://wdpclient-uat-angular.azurewebsites.net https://login.microsoftonline.com 'self' blob:; style-src https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-inline' https://wdpclient-uat-angular.azurewebsites.net; child-src 'none';form-action 'self'; img-src 'self' data: blob:; object-src 'none'; font-src https://use.fontawesome.com https://fonts.gstatic.com; 2 object-src 'self' https://assets.concur.com; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com 2 default-src 'self'; script-src 'self' https: script.crazyegg.com 'unsafe-eval' 'unsafe-inline' *.constantcontact.com oss.maxcdn.com *.googleapis.com maxcdn.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com www.google-analytics.com static.hotjar.com script.hotjar.com cdnjs.cloudflare.com i.simpli.fi *.gstatic.com *.youtube.com *.doubleclick.net static.doubleclick.net s.ytimg.com www.googleadservices.com *.aspnetcdn.com pi-test.sagepay.com *.addthis.com *.addthisedge.com facebook.com *.facebook.com flexiengine.azurewebsites.net *.azureedge.net; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com www.gstatic.com *.azureedge.net flexiengine.azurewebsites.net; img-src 'self' data: gtrk.s3.amazonaws.com mlsvc01-prod.s3.amazonaws.com *.constantcontact.com www.google.com cdnjs.cloudflare.com www.google.co.uk www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net static.doubleclick.net www.gravatar.com i.simpli.fi *.gstatic.com *.googleapis.com maps.googleapis.com *.umbraco.tv umbraco.tv *.zopim.com *.cdn77.org flexiengine.azurewebsites.net *.azureedge.net; font-src 'self' data: *.zopim.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com flexibookings.azurewebsites.net flexiengine.azurewebsites.net *.azureedge.net; connect-src 'self' https: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net insights.hotjar.com pi-test.sagepay.com *.zopim.com wss://*.zopim.com; frame-src 'self' https: vars.hotjar.com *.youtube.com *.addthis.com flexibookings.azurewebsites.net tockify.com; media-src 'self' gcs-vimeo.akamaized.net player.vimeo.com *.vimeocdn.com 2 default-src https: data: 'unsafe-eval' 'unsafe-inline' 2 frame-ancestors ad.admitad.com webvisor.com 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' authentication.me *.authentication.me installpack.net *.installpack.net *.addthis.com addthis.com https://m.addthisedge.com *.googlesyndication.com https://*.googlesyndication.com https://googlesyndication.com googlesyndication.com *.googletagservices.com https://*.googletagservices.com https://googletagservices.com googletagservices.com *.googleadservices.com https://*.googleadservices.com https://googleadservices.com googleadservices.com *.gstatic.com https://*.gstatic.com https://gstatic.com gstatic.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com google-analytics.com *.publisherconsole.appspot.com https://*.publisherconsole.appspot.com https://publisherconsole.appspot.com publisherconsole.appspot.com *.google.com https://*.google.com https://google.com google.com *.googletagmanager.com https://fonts.googleapis.com https://ajax.googleapis.com https://vk.com https://www.odnoklassniki.ru https://connect.ok.ru https://graph.facebook.com https://widgets.pinterest.com ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://ajax.googleapis.com data: * ; img-src 'self' 'unsafe-inline' 'unsafe-eval' installpack.net *.installpack.net secure.gravatar.com data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' installpack.net *.installpack.net mediastream: *; report-uri /csp 2 base-uri 'self'; frame-src 'self' elfsight.ticksy.com; connect-src 'self' *.google-analytics.com data:; font-src 'self' *.googleapis.com *.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com *.cloudflare.com blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' *.googleapis.com *.gstatic.com *.google-analytics.com s.w.org ps.w.org secure.gravatar.com *.cdninstagram.com *.googleusercontent.com data:; media-src 'self' *.cdninstagram.com; object-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'none' 2 default-src 'self' https:; connect-src 'self' blob: https:; font-src 'self' blob: data: https: https://fonts.googleapis.com https://fonts.gstatic.com https://player.cloud.wowza.com/ https://player.sky.com https://s3.amazonaws.com/; img-src 'self' 'unsafe-inline' data: https: https://gg.google.com https://lh6.googleusercontent.com https://maps.google.com https://maps.gstatic.com https://player.cloud.wowza.com/ https://player.sky.com https://proxy.video.sky.com https://s3.amazonaws.com/ https://smetrics.sky.com https://static.video.sky.com https://stats.g.doubleclick.net/ https://vlog.leadformix.com/bf https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.youtube.com; media-src 'self' blob: http://ampdemo.azureedge.net/ http://az416426.vo.msecnd.net http://azure.net/ http://hatch.streaming.mediaservices.windows.net/ https: https://player.cloud.wowza.com/ https://s3.amazonaws.com/ https://static.video.sky.com/ https://wowzaprod102-i.akamaihd.net/ https://www.google.com https://www.youtube.com https://youtube.com https://zap.cloud.wowza.com/; object-src 'self' blob: https: https://s3.amazonaws.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ampdemo.azureedge.net/ http://az416426.vo.msecnd.net http://azure.net/ http://hatch.streaming.mediaservices.windows.net/ https: https://ajax.googleapis.com https://graph.facebook.com/ https://maps.googleapis.com https://mozbar.moz.com/ https://notify.bugsnag.com https://player.cloud.wowza.com/ https://player.sky.com https://proxy.video.sky.com https://public.newsharecounts.com https://public.newsharecounts.com/ https://s.ytimg.com/ https://s3.amazonaws.com/ https://stats.g.doubleclick.net/ https://vlog.leadformix.com/bf/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.linkedin.com/ https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https: https://player.cloud.wowza.com/ https://player.sky.com/ https://s.ytimg.com/ https://s3.amazonaws.com/ https://www.google.com https://www.gstatic.com https://www.youtube.com https://youtube.com; frame-src 'self' 'unsafe-inline' http://ampdemo.azureedge.net/ http://az416426.vo.msecnd.net http://azure.net/ http://hatch.streaming.mediaservices.windows.net/ https: https://docs.google.com/ https://graph.facebook.com/ https://notify.bugsnag.com https://player.cloud.wowza.com/ https://player.sky.com/ https://proxy.video.sky.com/ https://public.newsharecounts.com/ https://s.ytimg.com/ https://s3.amazonaws.com/ https://static.video.sky.com/ https://stats.g.doubleclick.net/ https://view.officeapps.live.com/ https://wowzaprod102-i.akamaihd.net/ https://www.google.com https://www.linkedin.com/ https://www.youtube.com https://youtube.com https://zap.cloud.wowza.com/ 2 default-src 'self' *.google-analytics.com *.google.com *.facebook.net *.facebook.com *.youtube.com wantwincash.com luxusphere.com *.zopim.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' *.google-analytics.com *.google.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.facebook.net *.facebook.com *.datatables.net *.jquery.com certify.gpwa.org luxusphere.com *.jsdelivr.net *.zopim.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net; style-src 'unsafe-inline' 'self' *.google-analytics.com *.googleapis.com *.facebook.net *.datatables.net *.zopim.com; font-src 'unsafe-inline' 'self' data: *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com *.zopim.com; img-src * data:; connect-src 'unsafe-inline' 'self' *.facebook.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net wss://*.zopim.com 2 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' http: https: data:; style-src * 'unsafe-inline'; img-src 'self' https: data:; font-src https: data:; connect-src *; object-src 'none'; child-src discordapp.com; frame-src https:; worker-src blob:; base-uri 'none' 2 default-src https: data: 'self' *.1gamepay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.frankcasino.net frank-auth.com livestatisc.com echo.ecortb.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.sptpub.com *.invisiblesport.com *.playngonetwork.com *.curacao-egaming.com *.google-analytics.com *.casinomodule.com *.onlinetechsupport24.com *.livestatisc.com *.jsdelivr.net track.adform.net *.aventonv.com recaptcha.net www.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.cloudflare.com *.sptpub.com *.invisiblesport.com *.playngonetwork.com; img-src https: data: blob: 'self'; font-src data: 'self' fonts.gstatic.com cdn.gs-arcadia.com cdn.st01-gs-arcadia.com *.sptpub.com *.invisiblesport.com *.cloudflare.com; connect-src ws: wss: 'self' *.casinomodule.com *.onlinetechsupport24.com *.sptpub.com *.invisiblesport.com *.gs-arcadia.com *.st01-gs-arcadia.com *.playngonetwork.com; 2 default-src *;img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' * 2 media-src 'self'; object-src 'self' 2 default-src 'self' http: bott-tc.nautilus https: *.bosch-thermotechnology.com s.webtrends.com *.boschtt-documents.com www.bimstore.co.uk services.kittelberger.net *.mycliplister.com bott-tc.nautilus; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' fonts.gstatic.com; object-src data: 'self'; img-src https: data: blob:; style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com; frame-ancestors 'self' https: bosch.mi4biz.net http://bott-fs.kittelberger.net 2 frame-ancestors 'self' http://acpmonitor/*; 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; 2 default-src *; script-src 'self' https://www.homebank.kz https://cdn.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data: 2 default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' data: https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https:; 2 default-src * data: blob:;script-src 'self' static4.sodonsolution.org static.portal4new.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.gstatic.com maps.gstatic.com maps.googleapis.com static.whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net certify-js.alexametrics.com cdnjs.cloudflare.com platform.twitter.com www.youtube.com/iframe_api s.ytimg.com cse.google.com www.google.com;style-src 'self' static4.sodonsolution.org static.portal4new.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' www.gstatic.com static.whatshelp.io cse.google.com www.google.com;connect-src 'self' www.google-analytics.com whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net staticxx.facebook.com graph.facebook.com;object-src 'self'; 2 default-src https: 'unsafe-eval' 'unsafe-inline' img-src 'self' data: * 2 frame-ancestors 'self'; base-uri 'self'; 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to *.cloudflare.com *.google-analytics.com wss://*.tawk.to https://cjshare.com *.cjshare.com *.cleverjump.org *.jsdelivr.net https://sharebutton.net *.sharebutton.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net; img-src data: *; object-src 'self' 2 frame-ancestors 'self' http://mash-5101648.hs-sites.com https://app.hubspot.com https://www.mash.com 2 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2 script-src 'self' 'unsafe-inline' https://cdn.bitrix24.ru https://www.googletagmanager.com https://cdn.onesignal.com https://onesignal.com https://*.googleapis.com https://mst.agency https://mstagency.ru https://www.google-analytics.com https://mc.yandex.ru https://www.google.com https://www.gstatic.com https://*.youtube.com https://s.ytimg.com http://localhost http://localhost:3001; img-src http://localhost:3000 http://localhost:3001 https: data: blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 2 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.utconf.ru *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today ; 2 default-src https:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; 2 default.src https: data: 'unsafe-inline' 'unsafe-eval' 2 default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self'; manifest-src 'self'; form-action 'self'; frame-ancestors 'none'; base-uri 'none' 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; base-uri 'self'; form-action 'self'; object-src 'none'; media-src 'none'; font-src 'self' fonts.gstatic.com; child-src 'none'; frame-ancestors 'none'; 2 script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 2 img-src blob: https: data:; upgrade-insecure-requests 2 default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'none'; 2 frame-ancestors 'self' http://www.mobility-room.com:3000 http://mobility-room.com:3000; 2 default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2 default-src 'self'; connect-src 'self' https://www.google-analytics.com https://places-dsn.algolia.net https://places-3.algolianet.com; frame-src 'self'; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.fr https://www.google.com; font-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ 2 default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src data: https://* 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 2 frame-ancestors https://*.facebook.com http://*.facebook.com 2 default-src * data: blob:;script-src 'self' static4.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.gstatic.com maps.gstatic.com maps.googleapis.com static.whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net certify-js.alexametrics.com cdnjs.cloudflare.com platform.twitter.com www.youtube.com/iframe_api s.ytimg.com cse.google.com www.google.com;style-src 'self' static4.sodonsolution.org static4.cdn.sodonsolution.org 'unsafe-inline' www.gstatic.com static.whatshelp.io cse.google.com www.google.com;connect-src 'self' www.google-analytics.com whatshelp.io www.adshark.mn siskin.sodonsolution.com connect.facebook.net staticxx.facebook.com graph.facebook.com;object-src 'self'; 2 default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com;' 2 frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com 2 https: 'unsafe-inline' 'unsafe-eval'; 2 font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss:; 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; font-src * data: 'unsafe-eval' 'unsafe-inline'; 2 script-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.zdassets.com *.googletagmanager.com; object-src 'self'; frame-src 'self' 'unsafe-inline' *.google.com; frame-ancestors 'self' 'unsafe-inline' *.google.com 2 default-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.zdassets.com s.ytimg.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com disqus.com *.disquscdn.com *.disqus.com; style-src * data: blob: 'unsafe-inline' 2 default-src 'self' https: data: blob:; script-src 'unsafe-eval' 'self' *.wikihoster.net 'unsafe-inline'; style-src 'self' data: blob: 'unsafe-inline'; img-src 'self' data: https:; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ 2 img-src 'self' http://www.trimegah.com http://www.google-analytics.com; 2 frame-ancestors 'self' weleda.sabio.de 2 frame-ancestors www-preprod.vegatele.com cabinet.vegatele.com vega.ua my.vega.ua; script-src 'unsafe-eval' 'unsafe-inline' 'self' cdn.smile-soft.com static.hotjar.com script.hotjar.com vega.pbx.vega.ua connect.facebook.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com vega.phonet.com.ua; block-all-mixed-content; 2 frame-ancestors http://webvisor.com; 2 default-src 'self'; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' https: www.google-analytics.com https: *.googleapis.com https: www.googletagmanager.com https: *.google.com https: *.gstatic.com https: *.cloudfront.net https: *.youtube.com https: *.ytimg.com https: *.usercentrics.eu; style-src https: 'self' 'unsafe-inline' https: *.cloudfront.net; img-src data: 'self' https: *.grawe.at https: *.cloudfront.net https: *.cdninstagram.com https: *.youtube.com; frame-src 'self' http: *.grawe.hu *.grawe.bg https: *.google.com https: *.youtube.com; connect-src 'self' https: *.grawe.at; font-src 'self' data: *.cloudfront.net *.gstatic.com *.grawe.at *.usercentrics.eu; media-src 'self' https: *.grawe.at https: *.cloudfront.net https: *.cdninstagram.com 2 default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; object-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; media-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; font-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 2 script-src https://ssl.google-analytics.com https://twitter.com 'unsafe-eval' https://*.twimg.com https://api.twitter.com 'nonce-MiYNNM4rvBKxd4PeOLTM5w==' https://analytics.twitter.com https://publish.twitter.com https://ton.twitter.com https://syndication.twitter.com https://www.google.com https://platform.twitter.com https://www.google-analytics.com blob: 'self'; frame-ancestors 'self'; font-src https://twitter.com https://*.twimg.com data: https://ton.twitter.com 'self'; media-src https://rmpdhdsnappytv-vh.akamaihd.net https://prod-video-eu-central-1.pscp.tv https://prod-video-ap-south-1.pscp.tv https://v.cdn.vine.co https://dwo3ckksxlb0v.cloudfront.net https://twitter.com https://prod-video-us-east-2.pscp.tv https://prod-video-cn-north-1.pscp.tv https://amp.twimg.com https://smmdhdsnappytv-vh.akamaihd.net https://*.twimg.com https://prod-video-eu-west-1.pscp.tv https://*.video.pscp.tv https://rmmdhdsnappytv-vh.akamaihd.net https://clips-media-assets.twitch.tv https://prod-video-ap-northeast-2.pscp.tv https://prod-video-us-west-2.pscp.tv https://prod-video-us-west-1.pscp.tv https://prod-video-ap-northeast-1.pscp.tv https://smdhdsnappytv-vh.akamaihd.net https://ton.twitter.com https://prod-video-eu-west-3.pscp.tv https://rmdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://prod-video-ca-central-1.pscp.tv https://smpdhdsnappytv-vh.akamaihd.net https://prod-video-sa-east-1.pscp.tv https://mdhdsnappytv-vh.akamaihd.net https://prod-video-ap-southeast-2.pscp.tv https://mtc.cdn.vine.co https://prod-video-cn-northwest-1.pscp.tv https://prod-video-eu-west-2.pscp.tv https://canary-video-us-east-1.pscp.tv https://dev-video-us-west-2.pscp.tv https://prod-video-us-east-1.pscp.tv blob: 'self' https://prod-video-ap-northeast-3.pscp.tv https://prod-video-ap-southeast-1.pscp.tv https://mpdhdsnappytv-vh.akamaihd.net https://dev-video-eu-west-1.pscp.tv; connect-src https://rmpdhdsnappytv-vh.akamaihd.net https://prod-video-eu-central-1.pscp.tv https://prod-video-ap-south-1.pscp.tv https://*.giphy.com https://dwo3ckksxlb0v.cloudfront.net https://prod-video-us-east-2.pscp.tv https://prod-video-cn-north-1.pscp.tv https://vmaprel.snappytv.com https://smmdhdsnappytv-vh.akamaihd.net https://*.twimg.com https://embed.pscp.tv https://api.twitter.com https://prod-video-eu-west-1.pscp.tv https://*.video.pscp.tv https://rmmdhdsnappytv-vh.akamaihd.net https://clips-media-assets.twitch.tv https://prod-video-ap-northeast-2.pscp.tv https://prod-video-us-west-2.pscp.tv https://pay.twitter.com https://prod-video-us-west-1.pscp.tv https://analytics.twitter.com https://vmap.snappytv.com https://*.twprobe.net https://prod-video-ap-northeast-1.pscp.tv https://smdhdsnappytv-vh.akamaihd.net https://prod-video-eu-west-3.pscp.tv https://syndication.twitter.com https://sentry.io https://rmdhdsnappytv-vh.akamaihd.net https://media.riffsy.com https://mmdhdsnappytv-vh.akamaihd.net https://prod-video-ca-central-1.pscp.tv https://embed.periscope.tv https://smpdhdsnappytv-vh.akamaihd.net https://prod-video-sa-east-1.pscp.tv https://vmapstage.snappytv.com https://upload.twitter.com https://proxsee.pscp.tv https://mdhdsnappytv-vh.akamaihd.net https://prod-video-ap-southeast-2.pscp.tv https://prod-video-cn-northwest-1.pscp.tv https://prod-video-eu-west-2.pscp.tv https://canary-video-us-east-1.pscp.tv https://dev-video-us-west-2.pscp.tv https://prod-video-us-east-1.pscp.tv blob: 'self' https://prod-video-ap-northeast-3.pscp.tv https://vmap.grabyo.com https://prod-video-ap-southeast-1.pscp.tv https://mpdhdsnappytv-vh.akamaihd.net https://dev-video-eu-west-1.pscp.tv; style-src https://fonts.googleapis.com https://twitter.com https://*.twimg.com https://translate.googleapis.com https://ton.twitter.com 'unsafe-inline' https://platform.twitter.com 'self'; object-src https://twitter.com https://pbs.twimg.com; default-src 'self' blob:; frame-src https://twitter.com https://*.twimg.com https://player.vimeo.com https://pay.twitter.com https://ton.twitter.com https://syndication.twitter.com https://vine.co twitter: https://www.youtube.com https://platform.twitter.com https://upload.twitter.com 'self'; img-src https://*.giphy.com https://*.pscp.tv https://twitter.com https://*.twimg.com data: https://clips-media-assets.twitch.tv https://lumiere-a.akamaihd.net https://ton.twitter.com https://syndication.twitter.com https://media.riffsy.com https://www.google.com https://platform.twitter.com https://api.mapbox.com https://www.google-analytics.com blob: https://*.periscope.tv 'self'; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false; 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1566522806.24158.140453.130956&h=man2-5924-f16-man-portal-morda-29675&csp=old&date=20190823&yandexuid=9500175811566522806; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru zen.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 script-src 'unsafe-eval' 'strict-dynamic' 'nonce-8YMwh8EDm1mee744bPaH' 'nonce-2yqpVcK1VJHf/t+nEGli' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic 1 default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l 1 frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 1 frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=9bff26ee-02e8-4c29-839f-de58ffe2aa5f 1 script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-zhmXPqtx5jm0U0E2QlZsj2IAMQ' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1 frame-ancestors 'self' https://*.spotify.com https://*.spotify.net 1 default-src 'self' blob: https://*.cnn.com:* http://*.cnn.com:* *.cnn.io:* *.cnn.net:* *.turner.com:* *.turner.io:* *.ugdturner.com:* courageousstudio.com *.vgtf.net:*; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' blob: *; child-src 'self' blob: *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: blob: *; media-src 'self' data: blob: *; font-src 'self' data: *; connect-src 'self' *; frame-ancestors 'self' https://*.cnn.com:* http://*.cnn.com https://*.cnn.io:* http://*.cnn.io:* *.turner.com:* courageousstudio.com; 1 default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://www.wootag.com; script-src 'nonce-S191KtdN4NYNrqEBHOIyNTp1xd03Uh464WZNQkeB89g1OleR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://*.brighttalk.com https://*.sperse.io https://*.dialogtech.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com https://*.salesforce.com https://*.eloqua.com https://secure.opinionlab.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; block-all-mixed-content; report-uri https://www.paypal.com/csplog/api/log/csp 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-UkyYhfMwuc' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 script-src 'self' 'unsafe-eval' https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://dpm.demdex.net https://sslwidget.criteo.com https://widget.as.criteo.com https://tnc.phonepe.com 'nonce-9470025675786745001'; style-src 'self' 'unsafe-inline' https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; img-src 'self' data: blob: https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://www.facebook.com https://*.fkapi.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://www.payzippy.com https://tnc.phonepe.com; font-src 'self' data: https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; frame-src 'self' https://*.flipkart.com http://*.flipkart.com https://*.youtube.com https://youtube.com https://*.vimeo.com https://dis.as.criteo.com https://gum.criteo.com https://www.payzippy.com https://tnc.phonepe.com https://cdemux.appspot.com 'nonce-9470025675786745001'; worker-src 'self' https://*.flipkart.com blob:; child-src 'self' https://*.flipkart.com 'nonce-9470025675786745001'; connect-src 'self' *; object-src 'none'; base-uri 'self'; report-uri https://sentry.flipkart.com/api/2/security/?sentry_key=b2fe488e344a47eda53b8d306edec9b7&sentry_release=3.45.0 1 frame-ancestors 'self' *.cnet.com *.ampproject.org *.amp.cloudflare.com *.bing-amp.com; default-src https: blob: about: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: blob: android-webview-video-poster: about:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 1 default-src 'self'; script-src 'self' https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ 'unsafe-inline' 'nonce-MTcxLDIxNiw3OCwyMjYsMTY1LDk2LDM5LDIzOA=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://cdn.discordapp.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://discordapp.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com/collect ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' https://cdn.discordapp.com/assets/; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://www.youtube.com/; 1 frame-ancestors *.mediafire.com 1 default-src * blob:; img-src * data: blob:; connect-src * wss: blob:; frame-src 'self' *.zhihu.com weixin: *.vzuu.com getpocket.com note.youdao.com safari-extension://com.evernote.safari.clipper-Q79WDW8YH9 zhihujs: captcha.guard.qcloud.com pos.baidu.com dup.baidustatic.com; script-src 'self' blob: *.zhihu.com qzonestyle.gtimg.cn res.wx.qq.com open.mobile.qq.com 'unsafe-eval' unpkg.zhimg.com unicom.zhimg.com captcha.gtimg.com captcha.guard.qcloud.com pagead2.googlesyndication.com cpro.baidustatic.com pos.baidu.com dup.baidustatic.com i.hao61.net 'nonce-613011ab-a70a-4bb0-b81a-cb9f244c2d1e'; style-src 'self' 'unsafe-inline' *.zhihu.com unicom.zhimg.com captcha.gtimg.com 1 frame-ancestors 'none'; upgrade-insecure-requests 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=3dc73db0-0290-4f27-9530-98f0e441c3e9&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=3dc73db0-0290-4f27-9530-98f0e441c3e9&version=sha%3D08d263b5b0c8&report_only=false 1 img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org ad.doubleclick.net; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline'; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com 1 default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob: 1 default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.ads-twitter.com https://*.dwin1.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 1 default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src *.akamaihd.net 'self' https: blob:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1 frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-rifCdmaypg' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 style-src 'unsafe-inline' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io; default-src https://*.flickr.com https://*.staticflickr.com https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://image.maps.api.here.com https://*.paypal.com https://*.pinterest.com http://*.static-alpha.flickr.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net; media-src https://*.flickr.com https://*.staticflickr.com https://*.http.atlas.cdn.yimg.com http://*.static-alpha.flickr.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-f43a40858dbf92296b63ac34bd8d430e' https://*.flickr.com https://*.staticflickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.doubleclick.com https://*.doubleclick.de https://*.doubleclick.net https://*.googletagservices.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googleapis.com https://boards.greenhouse.io; connect-src https://*.flickr.com https://cdn.yahooapis.com https://yui-s.yahooapis.com http://api.flickr.com https://*.pinterest.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net https://securepubads.g.doubleclick.net https://api.greenhouse.io https://*.flickrprints.net https://*.flickrprints.com; frame-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io; child-src https://*.flickr.com https://combo.staticflickr.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net https://adservice.google.com https://cdn.ampproject.org https://boards.greenhouse.io; font-src https://*.staticflickr.com https://*.flickr.com data:; worker-src blob:; report-uri https://www.flickr.com/csp_report.gne?src=adsecflickr; 1 frame-ancestors https://www.icicibank.com https://rmwb.icicibank.com https://ipfms.icicibank.com https://imbuat.icicibank.com https://cibnext.icicibank.com 1 object-src 'none'; base-uri 'none'; script-src https://ngastatic.com https://www.googletagmanager.com https://assets.allegrostatic.com https://adservice.google.pl https://adservice.google.com https://securepubads.g.doubleclick.net https://ad.doubleclick.net https://allegro.hit.gemius.pl https://connect.facebook.net https://nebula-cdn.kampyle.com https://www.googletagservices.com https://www.youtube.com https://player.vimeo.com https://www.googleadservices.com https://s.ytimg.com https://www.google-analytics.com 'nonce-ArzR1aUBI9cXlf2OO3TCRw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample'; block-all-mixed-content; report-uri https://edge.allegro.pl/seclog/csp 1 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://steamcdn-a.akamaihd.net/steamcommunity/public/assets/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/; object-src 'none'; connect-src 'self' https://api.steampowered.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com https://*.valvesoftware.com https://*.steambeta.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; 1 frame-ancestors https://pam.mcafee.com 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com *.yandex.com; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com https://passport.yandex.com wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com *.yandex.com; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com https://*.yandex.com *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.com *.yandex.com; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.com.com&showid=1566532026.70625.122020.136576&h=sas2-0090-sas-portal-morda-17154&csp=old&date=20190823&yandexuid=3693299141566532026; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com https://www.yandex.com https://pass.yandex.com https://mc.yandex.com an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com www.yandex.com suggest.yandex.com; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 block-all-mixed-content; base-uri 'self' https://optimize.google.com/optimize/; frame-ancestors 'self' teams.microsoft.com 1 frame-ancestors *.constantcontact.com www.redmangomarketing.com www.ezymarketing.com www.igvinc.com www.etouchmarketing.net 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com; object-src 'self'; 1 frame-ancestors 'self' *.wildberries.ru 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.investopedia.com *.qa.aws.investopedia.com atlas.investopedia.com atlas.local.investopedia.com 1 default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.uidai.gov.in uidai.in; font-src 'self' data:; form-action 'self' *.uidai.gov.in uidai.in *.twitter.com; object-src 'self'; media-src 'self'; frame-ancestors 'self'; frame-src *.youtube.com *.uidai.gov.in uidai.in *.facebook.com *.twitter.com; img-src 'self' *.twitter.com *.twimg.com *.ytimg.com 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com *.twitter.com *.uidai.gov.in uidai.in *.facebook.net; style-src 'self' *.facebook.net *.uidai.gov.in uidai.in *.twimg.com *.twitter.com 'unsafe-inline'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.lifewire.com *.qa.aws.lifewire.com atlas.lifewire.com atlas.local.lifewire.com 1 sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts 1 frame-ancestors https://*.asus.com http://*.asus.com https://*.asus.com.cn http://*.asus.com.cn https://asus.todayir.com.tw http://asus.todayir.com.tw https://tongji.baidu.com 1 frame-ancestors 'self' https://*.gamer.com.tw; 1 base-uri 'self';connect-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.sentry.io https://sentry.io;default-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net;font-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net data:;img-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://creditkarma-cms.imgix.net/ https://creditkarma.imgix.net/ https://ck-content.imgix.net/ https://ck-assets.imgix.net/ https://www.google-analytics.com https://seal.digicert.com https://stats.g.doubleclick.net https://www.google.com data:;object-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net;script-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://seal.digicert.com https://js-agent.newrelic.com 'strict-dynamic' 'report-sample' data: 'nonce-23f36824e80b4de38f808ea83acc599b';style-src 'self' *.creditkarma.com https://creditkarmacdn-a.akamaihd.net *.nr-data.net 'unsafe-inline' data: https://fonts.googleapis.com;worker-src 'self';report-uri https://sentry.io/api/1213169/security/?sentry_key=6ccb2738843e424b8bc559905d29b115 1 upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com.tr https://*.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com.tr *.yandex.com.tr; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com.tr https://passport.yandex.com.tr wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com.tr *.yandex.com.tr; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com.tr https://*.yandex.com.tr awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.com.tr *.yandex.com.tr avatars-fast.yandex.net favicon.yandex.net; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.com.tr&showid=1566538015.23782.140521.130438&h=man2-5169-4f3-man-portal-morda-29675&csp=old&date=20190823&yandexuid=1754956851566538015; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com.tr https://www.yandex.com.tr https://pass.yandex.com.tr https://mc.yandex.com.tr zen.yandex.com.tr an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com.tr www.yandex.com.tr suggest.yandex.com.tr; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.com.tr static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 frame-ancestors 'self' *.cbssports.com *.sportsline.com popculture.com comicbook.com 247sports.com *.247sports.com *.maxpreps.com *.scout.com *.wired2fish.com *.ampproject.org; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: blob: data: android-webview: android-webview-video-poster:; block-all-mixed-content; 1 frame-ancestors https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com 1 frame-ancestors http://www.inc.com https://www.inc.com http://www.stumbleupon.com https://www.google.com https://cdn.ampproject.org 1 default-src 'none'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.apple-cloudkit.com *.apple-livephotoskit.com; style-src 'self' data: 'unsafe-inline' *.icloud.com *.apple.com *.cdn-apple.com; img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.apple-mapkit.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com; font-src 'self' blob: data: *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 1 frame-ancestors 'self' *.shopeemobile.com *.shopee.co.id *.shopee.cn *.facebook.com; 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; child-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src * 'unsafe-inline' 'unsafe-eval' data: blob:; font-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' admin.reverb.tools; media-src * 'unsafe-inline' 'unsafe-eval' data: blob: 1 upgrade-insecure-requests; default-src 'self' blob: *.brightcove.com ; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: http: *.images.express.co.uk *.images.dailyexpress.co.uk; media-src https: data: blob:; font-src https: data:; frame-src https: data: blob:; connect-src https: wss: blob:; object-src https:; 1 frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 1 frame-ancestors 'none' default-src 'self' 1 frame-ancestors 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' storage.googleapis.com v1.addthisedge.com v1.addthis.com ampcid.google.com adservice.google.com ad.doubleclick.net ampcid.google.com.sg amp-error-reporting.appspot.com cdn.ampproject.org ssl.gstatic.com i.travelapi.com http://www.tripadvisor.com marketplace.dbs.com.sg marketplace-pilot.dbs.com.sg avp.blob.core.windows.net marketplace-pilot.dbs.com in.hotjar.com prod2-content-care-community-cdn.sprinklr.com script.hotjar.com vars.hotjar.com http://www.outbrain.com static.hotjar.com pixel.tapad.com res.cloudinary.com sc4.omniture.com authorize.omniture.com authorize.omniture.com sitecatalyst.omniture.com marketplace.dbs.com tagmanager.google.com wss://chatbanking.dbs.com gllt.morningstar.com img.tepcdn.com wss://qmslivechat.dbs.com platform-lookaside.fbsbx.com http://chart.googleapis.com http://tags.crwdcntrl.net http://bs.serving-sys.com cdn.jsdelivr.net http://www.dbs.com.sg prod2-content.sprinklr.com prod2-care-community-cdn.sprinklr.com *.akstat.io directline.botframework.com www.dbs.com.sg qmslivechat.dbs.com cdnjs.cloudflare.com www.gstatic.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.google.com certify.alexametrics.com www.dbs.com.sg www.youtube.com www.linkedin.com www.google.com.sg bcp.crwdcntrl.net www.dbs.com www.googleapis.com ajax.googleapis.com maps.gstatic.com fonts.googleapis.com property.atomic-marketplace.com www.facebook.com dc.ads.linkedin.com chatbanking.dbs.com bat.bing.com tr.outbrain.com snap.licdn.com chart.googleapis.com assets.adobedtm.com dbs.tt.omtrdc.net somniture.dbs.com.sg dpm.demdex.net dbs.demdex.net www.posb.com.sg farm-sg.plista.com amplifypixel.outbrain.com js.adsrvr.org s.go-mpulse.net c.go-mpulse.net maxcdn.bootstrapcdn.com sjs.bizographics.com tags.crwdcntrl.net code.jquery.com tpt.mysocialpixel.com www.dbs.com.sg use.fontawesome.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net px.ads.linkedin.com bs.serving-sys.com secure-ds.serving-sys.com ssl.google-analytics.com connect.facebook.net chatbanking-uat.dbs.com qmslivechat.dbs.com i.ytimg.com scrbizim.xyz insight.adsrvr.org www.google.co.in cx.atdmt.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net secure.marketinghub.hp.com m.addthisedge.com m.addthis.com s7.addthis.com graph.facebook.com api-public.addthis.com atomic-marketplace.com i.i-sgcm.com s3-ap-southeast-1.amazonaws.com by.essl.optimost.com secure.marketinghub.opentext.com chatbanking-sit.dbs.com stats.g.doubleclick.net maps.googleapis.com amplify.outbrain.com fonts.gstatic.com prod2-sprcdn-assets.sprinklr.com prod2-sprcdn.sprinklr.com lookaside.facebook.com www.sprinklr.com api-01.ubx.ibmmarketingcloud.com s7.addthis.com dbs.demdex.net platform.twitter.com d31qbv1cthcecs.cloudfront.net bid.g.doubleclick.net cdn-akamai.mookie1.com tags.tiqcdn.com wss://directline.botframework.com directline.com *.akamaihd.net *.fls.doubleclick.net wss://directline.botframework.com directline.botframework.com directline.com blob: data:; style-src 'self' 'unsafe-inline' tagmanager.google.com prod2-care-community-cdn.sprinklr.com chatbanking.dbs.com qmslivechat.dbs.com wss://directline.botframework.com fonts.googleapis.com graph.facebook.com maxcdn.bootstrapcdn.com directline.botframework.com www.dbs.com.sg directline.com 1 default-src 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org https://*.cloudflare.com *.cloudflare.com; connect-src 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org https://glitch.com https://*.glitch.com https://*.glitch.me https://*.cloudflare.com https://*.algolia.net; script-src 'unsafe-eval' 'unsafe-inline' *.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com https://*.cloudflare.com *.cloudflare.com https://*.gitter.im https://*.cdnjs.com *.cdnjs.com https://*.jsdelivr.com *.jsdelivr.com *.twimg.com https://*.twimg.com *.youtube.com *.ytimg.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; style-src 'unsafe-inline' *.gstatic.com *.googleapis.com *.bootstrapcdn.com https://*.bootstrapcdn.com *.cloudflare.com https://*.cloudflare.com https://use.fontawesome.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; font-src *.cloudflare.com https://*.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com https://*.bootstrapcdn.com https://use.fontawesome.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; img-src * data:; media-src *.bitly.com *.amazonaws.com *.twitter.com 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org; frame-src *.gitter.im *.gitter.im https: *.youtube.com *.twitter.com *.ghbtns.com *.freecatphotoapp.com freecodecamp.github.io 'self' https://search.freecodecamp.org https://www.freecodecamp.rocks https://api.freecodecamp.rocks https://auth.freecodecamp.org 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1 frame-ancestors https://technology.uzone.id https://entertainment.uzone.id https://automotive.uzone.id https://travel.uzone.id https://movie.uzone.id https://hangout.uzone.id 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancecareers.com *.qa.aws.thebalancecareers.com atlas.thebalancecareers.com atlas.local.thebalancecareers.com 1 frame-ancestors 'self' *.ampproject.org *.zdbb.net *.specless.tech *.specless.io *.mashable.com mashable.com *.alphr.com androidcommunity.com androidforums.com betanews.com cellphoneforums.net *.channelpro.co.uk *.cloudpro.co.uk *.codingforums.com *.denofgeek.com *.developerfusion.co.uk *.electricbento.com *.expertreviews.co.uk *.extremetech.com geardiary.com *.geek.com *.gottabemobile.com *.hometheaterforum.com hothardware.com *.howardforums.com *.itpro.co.uk *.knowyourmobile.com *.myce.com *.onmsft.com phandroid.com *.product-reviews.net *.simplehelp.net *.slashgear.com *.techlicious.com *.techshout.com *.tgdaily.com *.thedroidguy.com *.thehdroom.com *.theinquirer.net *.theweek.co.uk *.tweaktown.com *.ubergizmo.com *.ultrabookreview.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thoughtco.com *.qa.aws.thoughtco.com atlas.thoughtco.com atlas.local.thoughtco.com 1 frame-ancestors 'self' www.stumbleupon.com stumbleupon.com; 1 frame-ancestors 'self' https://*.touristtube.com/; default-src https://*.touristtube.com/ https:; connect-src 'self' https://*.touristtube.com/ https://*.touristtube.com:8765/ https://chat.touristtube.com:3000/ https://*.facebook.com/ https://connect.facebook.net/ https://*.adroll.com/ https://freegeoip.net/; img-src 'self' https://*.touristtube.com/ https://maps.googleapis.com/ https://*.gstatic.com/ https://www.google.com/ https://www.google.com.lb/ https://www.google-analytics.com/ https://www.google-analytics.com.lb/ https://*.alexametrics.com/ https://*.facebook.com/ https://*.cloudfront.net/ https://*.adroll.com/ https://jwpltx.com/ https://*.doubleclick.net/ https://ads.yahoo.com/ data: blob: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.touristtube.com/ https://fonts.googleapis.com/ https://*.cloudflare.com/ https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.touristtube.com/ https://*.mastercard.com/ https://*.visa.com/ https://*.visamiddleeast.com/ https://*.paypal.com/ https://connect.facebook.net/ https://*.cloudflare.com/ https://*.payfort.com/ https://mpsnare.iesnare.com/ https://freegeoip.net/ https://*.newrelic.com/ https://ajax.googleapis.com/ https://maps.googleapis.com/ https://chat.touristtube.com:3000/ https://adservice.google.com/ https://adservice.google.com.lb/ https://*.googlesyndication.com/ https://connect.facebook.net/ https://code.jquery.com/ https://www.google-analytics.com/ https://*.cloudfront.net/ https://*.adroll.com/ https://ssl.p.jwpcdn.com/player/ https://*.nr-data.net/ https://cdn.jsdelivr.net/; object-src 'self' blob: https:; worker-src 'self' blob: https://*.touristtube.com/ https: 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=e7f4ae53-9bb9-4610-9fb4-eb69aaf3ded8 1 frame-ancestors *.xda-developers.com; upgrade-insecure-requests 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.in ; frame-src 'self' *.indeed.com *.indeed.co.in https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.in d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 default-src 'self' https://*.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net www.googletagservices.com yandex.st *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.criteo.com *.criteo.net vk.com *.vk.com *.imgsmail.ru *.google.com *.google.ru connect.mail.ru *.connect.mail.ru *.ok.ru *.adriver.ru *.r-99.com cdn.mxpnl.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagservices.com *.gstatic.com yandex.ru *.yandex.ru yastatic.net cdnjs.cloudflare.com *.yandex.net oimenkr.com *.2mdn.net 2mdn.net *.twitter.com *.google.com.ua *.google.by *.google.cz *.google.kz *.google.de *.google.es js.mamydirect.com abp.smartadcheck.de *.ampproject.org *.adfox.ru mc.webvisor.org *.google.ge *.google.ee *.google.me *.google.co.uk *.google.be *.google.no *.google.bg *.google.fr *.google.az *.google.is *.google.lu *.google.in *.google.lv *.google.nl *.google.iq *.google.dk *.google.kg *.google.com.tr *.google.fi *.google.md *.google.me *.google.gr *.google.it *.google.pl *.google.co.il *.google.hu *.google.ae *.google.co.ve *.google.ch *.google.co.uz *.google.co.th *.betweendigital.com; object-src 'self' *; style-src 'unsafe-inline' 'unsafe-eval' 'self' *; img-src 'self' data: blob: * ; media-src 'self' *; frame-src 'self' *.googlesyndication.com *.facebook.com facebook.com vk.com *.vk.com apis.google.com connect.odnoklassniki.ru *.ok.ru connect.mail.ru accounts.google.com *.doubleclick.net *.doubleclick.net *.youtube.com www.google.com *.criteo.com *.criteo.net *.gstatic.com yandex.ru *.yandex.ru *.r-99.com oimenkr.com *.oimenkr.com *.yandexadexchange.net yandexadexchange.net *.2mdn.net 2mdn.net *.twitter.com yastatic.net *.yandex.net *.googletagservices.com *.vimeo.com *.hpmdnetwork.ru ams.creativecdn.com *.betweendigital.com *.archive.org archive.org; font-src 'self' data: blob: * ; connect-src 'self' * 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-UEmcagRFbU' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation 1 frame-ancestors http://b2b.cnyes.com https://b2b.cnyes.com 1 frame-ancestors 'self' https://askfm.adspirit.de 1 default-src 'self';form-action 'self' https://www.sandbox.paypal.com https://www.paypal.com https://origin-analytics-sand.sandbox.braintree-api.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com/graphql https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://testecomm.sella.it https://ecomm.sella.it/ https://www.sella.it https://sandbox.gestpay.net https://www.gestpay.net https://ecomms2s.sella.it https://test.monetaonline.it https://www.monetaonline.it https://test.saferpay.com https://www.saferpay.com https://int-ecommerce.nexi.it https://ecommerce.nexi.it https://staging.authservices.satispay.com https://authservices.satispay.com https://js.stripe.com https://api.sofort.com https://www.paypalobjects.com http://www.iwbank.it https://js.stripe.com www.googleadservices.com https://www.facebook.com ; font-src *;img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com www.google-analytics.com ; style-src * 'unsafe-inline';connect-src 'self' https://checkout.stripe.com https://www.paypal.com https://origin-analytics-sand.sandbox.braintree-api.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com/graphql https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com ;child-src 'self' https://static.addtoany.com https://www.google.com https://checkout.stripe.com https://www.google-analytics.com https://www.sandbox.paypal.com https://www.paypal.com https://origin-analytics-sand.sandbox.braintree-api.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com/graphql https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://testecomm.sella.it https://ecomm.sella.it/ https://www.sella.it https://sandbox.gestpay.net https://www.gestpay.net https://ecomms2s.sella.it https://test.monetaonline.it https://www.monetaonline.it https://test.saferpay.com https://www.saferpay.com https://int-ecommerce.nexi.it https://ecommerce.nexi.it https://staging.authservices.satispay.com https://authservices.satispay.com https://js.stripe.com https://api.sofort.com https://www.paypalobjects.com http://www.iwbank.it https://js.stripe.com www.googleadservices.com https://www.facebook.com ; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://a.alimama.cn g.click.taobao.com platform.sina.com.cn suggestion.baidu.com www.baidu.com hm.baidu.com nssug.baidu.com tui.cnzz.net www.google-analytics.com *.googlesyndication.com static.huohu123.com https://www.duba.com/main3_json.html http://www.duba.com/main3_json.html; img-src * data:; child-src 'self' *.firefoxchina.cn *.17huohu.com; frame-src 'self' *.firefoxchina.cn *.17huohu.com www.taobao.com entry.baidu.com; frame-ancestors 'self' *.firefoxchina.cn tongji.baidu.com about:; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; report-uri /_/csp-reports 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' 27vckaccbto7p761.pro acrmbjkk6qc5utby.pro ads.exdynsrv.com syndication.exdynsrv.com js.wpnjs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 27vckaccbto7p761.pro acrmbjkk6qc5utby.pro ads.exdynsrv.com syndication.exdynsrv.com js.wpnjs.com; img-src 'self' static.exdynsrv.com; frame-src mg.adskeeper.co.uk js.wpnjs.com; object-src 'none'; frame-ancestors 'none' 1 policy-uri /parivahan/'self' 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-EKLWFglzaB' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 default-src https:; style-src https: 'unsafe-inline'; img-src * data:; worker-src * blob:; font-src *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src *; 1 frame-ancestors 'self'; upgrade-insecure-requests; 1 default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; 1 connect-src 'self' wss://*.nrk.no http://*.nrk.no https://*.nrk.no https://nrk-recommendations.appspot.com https://*.akstat.io https://*.go-mpulse.net https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net https://*.linkpulse.com https://*.lp4.io https://www.google-analytics.com https://*.scorecardresearch.com https://ssl-nrkstream.tns-cs.net https://cws.conviva.com https://stats.g.doubleclick.net *.analytics.edgesuite.net *.analytics.edgekey.net dc.services.visualstudio.com dc.applicationinsights.microsoft.com; default-src 'self' https://*.nrk.no; frame-src 'self' https://*.nrk.no https://chartbeat.com https://*.chartbeat.com https://cdn-gl.imrworldwide.com; img-src 'self' https://*.lp4.io https://*.linkpulse.com https://*.tns-cs.net https://*.chartbeat.net https://www.google-analytics.com https://*.nrk.no https://*.akamaized.net https://*.akamaihd.net https://*.scorecardresearch.com https://*.googleusercontent.com https://ssl-nrkstream.tns-cs.net https://stats.g.doubleclick.net https://secure-nor.imrworldwide.com https://secure-sdk.imrworldwide.com http://nrkstream.tns-cs.net *.scorecardresearch.com *.analytics.edgesuite.net *.analytics.edgekey.net data:; media-src https://*.nrk.no https://*.qbrick.com https://*.telenorcdn.net https://*.akamaized.net https://*.akamaihd.net blob: data:; script-src 'self' https://*.nrk.no https://www.google-analytics.com https://*.chartbeat.com https://*.chartbeat.net https://*.linkpulse.com https://*.lp4.io https://*.scorecardresearch.com https://www.gstatic.com https://cws.conviva.com https://ssl-nrkstream.tns-cs.net https://*.go-mpulse.net https://cdn-gl.imrworldwide.com *.analytics.edgesuite.net *.analytics.edgekey.net az416426.vo.msecnd.net blob: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1 frame-ancestors 'self' https://apps.facebook.com https://userheat.com http://localhost:3031 https://*.wantedly.com 1 frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas bddf.biapi.pro bddf-ppd.biapi.pro prisme.facil-iti.net *.parrainage.bnpparibas *.bnpparibas 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sbeta.cz *.sdn.szn.cz *.pliing.com *.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com www.instagram.com https://www.gstatic.com https://ajax.googleapis.com http://*.adnxs.com *.adform.net se2.pliing.com *.adnxs.com *.adnxs.net *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.adsafeprotected.com *.seznam.cz https://www.seznam.cz *.novinky.cz https://www.novinky.cz login.szn.cz http://login.szn.cz https://login.szn.cz https://*.dev.dszn.cz sk.adocean.pl go.eu.bbelements.com cz.search.etargetnet.com *.cloudfront.net toi.cdn.dopc.cz sb.scorecardresearch.com collect-eu-central-1.tealiumiq.com secure.quantserve.com js-agent.newrelic.com *.pubmatic.com *.doubleverify.com *.serving-sys.com *.consensu.org *.sklik.cz *.scif.cz *.im.cz ads.celtra.com; frame-ancestors 'self' www.novinky.cz api.novinky.cz a.novinky.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com; worker-src blob: 1 report-uri https://sentry.io/api/190356/security/?sentry_key=0fb44384b50e4ee692405615e7837304; upgrade-insecure-requests 1 frame-ancestors 'self' *.brazzers.com *.bz.com 1 default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://be.wizzair.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://optimize.google.com https://connect.facebook.net https://cloudfront.loggly.com https://aff.bstatic.com https://widget.rentalcars.com https://*.hotjar.com https://*.hotjar.io https://js-agent.newrelic.com https://bam.nr-data.net *.akamaihd.net https://youtube.com https://www.youtube.com https://*.ytimg.com https://instagram.com https://www.instagram.com; connect-src 'self' wss: *.wizzair.com *.loggly.com *.akamaihd.net https://waplazrass01.search.windows.net https://bam.nr-data.net https://www.google-analytics.com https://partner.wizzair.com https://widget.rentalcars.com https://*.hotjar.com https://*.hotjar.io https://api.instagram.com https://www.facebook.com https://stats.g.doubleclick.net https://wizzmarathon.mito.hu; img-src 'self' data: https:; media-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://widget.rentalcars.com https://cars.wizzair.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io; frame-src https://5308433.fls.doubleclick.net https://*.booking.com https://secure.rentalcars.com https://www.facebook.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://optimize.google.com https://www.google.com https://www.instagram.com https://ir.q4europe.com; frame-ancestors 'none'; object-src 'self'; manifest-src 'self' 1 frame-ancestors 'self' *.gsmarena.com *.killerfeatures.com *.91mobiles.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com tags.tiqcdn.com stats.g.doubleclick.net data:; img-src * data:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; object-src 'self' https://do.centrum24.pl data:; connect-src 'self' wss://*.centrum24.pl 1 child-src * 1 default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1 script-src *.walmart.ca *.walmartimages.ca *.wal.co assets.adobedtm.com *.googleadservices.com *.google.ca *.google.com *.gstatic.com *.google-analytics.com *.bing.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.criteo.com *.criteo.net *.scorecardresearch.com *.answerscloud.com *.newrelic.com *.ordergroove.com *.facebook.net bam.nr-data.net *.webcollage.net *.iesnare.com *.demdex.net *.googleapis.com *.2mdn.net *.walmart.com *.omtrdc.net *.circularhub.com *.youtube.com *.postescanada-canadapost.ca *.bazaarvoice.com *.ytimg.com *.device.4seeresults.com *.custhelp.com *.rnengage.com *.moatads.com *.casalemedia.com *.hlserve.com dnisjsqid2b9p.cloudfront.net *.myregistry.com *.rmtag.com *.pinimg.com *.storetail.io *.storetail.net *.agkn.com *.facebook.com *.googletagmanager.com *.perimeterx.net *.recaptcha.net *.gstatic.cn 'unsafe-inline' 'unsafe-eval'; base-uri * 'self'; 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.co.uk ; frame-src 'self' *.indeed.com *.indeed.co.uk https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.co.uk d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalance.com *.qa.aws.thebalance.com atlas.thebalance.com atlas.local.thebalance.com 1 upgrade-insecure-requests;frame-ancestors 'self' slate.com *.slate.com 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.kz https://*.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.kz *.yandex.kz; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.kz https://passport.yandex.kz wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.kz *.yandex.kz; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.kz https://*.yandex.kz awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.kz *.yandex.kz; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.kz&showid=1566529703.66666.122026.138131&h=sas2-0604-sas-portal-morda-17154&csp=old&date=20190823&yandexuid=1089747541566529703; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.kz https://www.yandex.kz https://pass.yandex.kz https://mc.yandex.kz zen.yandex.kz an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.kz www.yandex.kz suggest.yandex.kz; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.kz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com cotizador.unityducruet.com; 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.ua https://*.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.ua *.yandex.ua; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.ua https://passport.yandex.ua wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.ua *.yandex.ua; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.ua https://*.yandex.ua awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.ua *.yandex.ua; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ua&showid=1566530221.40908.121997.136247&h=sas2-0700-sas-portal-morda-17154&csp=old&date=20190823&yandexuid=8920622601566530221; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.ua https://www.yandex.ua https://pass.yandex.ua https://mc.yandex.ua zen.yandex.ua an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.ua www.yandex.ua suggest.yandex.ua; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ua static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 default-src 'none'; script-src 'nonce-tg9hfea4CTnVdMZBTZo0fw==' 'unsafe-inline' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; style-src 'unsafe-inline' https://yastatic.net; img-src 'self' https://yastatic.net mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; font-src yastatic.net; connect-src yandex.ru mc.yandex.ru mc.yandex.com mc.webvisor.com mc.webvisor.org; child-src blob: mc.yandex.ru; frame-src blob: mc.yandex.ru; report-uri https://csp.yandex.net/csp?from=ufo-auth&yandex_login=&yandexuid=9966054211566530559; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1 frame-ancestors 'self' yandex.net yandex.tld webvisor.com mc.yandex.ru metrika.yandex.ru 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/gq 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: blob: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/the-new-yorker 1 frame-ancestors http://*.dubizzle.com https://*.dubizzle.com https://app.optimizely.com; 1 frame-ancestors https://www.balenciaga.com/ https://www.balenciaga.com/ ; 1 default-src 'self' https://www.coinbase.com; child-src 'self' https://www.coinbase.com https://fast.wistia.net https://*.online-metrix.net https://*.wpstn.com https://netverify.com https://platform.twitter.com https://www.google.com/recaptcha/ https://cdn.plaid.com/link/ https://*.doubleclick.net/ blob: https://www.youtube.com/embed/nh6oPFZ4pXw https://www.youtube.com/embed/iWA1eLgSmfM https://www.youtube.com/embed/Ixo93EaaIy0 https://www.youtube.com/embed/COljxvEgDOg; connect-src 'self' https://www.coinbase.com https://api.coinbase.com https://api.mixpanel.com https://*.online-metrix.net https://api.cloudinary.com https://ott9.wpstn.com/live https://api.amplitude.com/ https://d3907m2cqladbn.cloudfront.net/ https://exceptions.coinbase.com https://assets.coinbase.com/ static.coinbase.com wss://ws.coinbase.com wss://ws.coinbase.com:443 https://www.coinbase.com/api https://www2.coinbase.com; font-src 'self' https://www.coinbase.com https://assets.coinbase.com/ https://card.coinbase.com/ static.coinbase.com https://www2.coinbase.com; img-src 'self' data: https://www.coinbase.com https://images.coinbase.com https://d3907m2cqladbn.cloudfront.net/ https://static-assets.coinbase.com/ https://dynamic-assets.coinbase.com https://exceptions.coinbase.com https://coinbase-uploads.s3.amazonaws.com https://s3.amazonaws.com/app-public/ https://maps.gstatic.com https://ssl.google-analytics.com https://www.google.com https://maps.googleapis.com https://csi.gstatic.com https://www.google-analytics.com https://res.cloudinary.com https://secure.gravatar.com https://i2.wp.com https://*.online-metrix.net https://assets.coinbase.com/ https://hexagon-analytics.com https://api.mixpanel.com https://cb-brand.s3.amazonaws.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net/r/collect https://card.coinbase.com/ blob: static.coinbase.com https://www.facebook.com/tr https://www2.coinbase.com; media-src 'self' https://www.coinbase.com blob:; object-src 'self' data: blob: https://www.coinbase.com https://cdn.siftscience.com https://*.online-metrix.net https://www.gstatic.com https://www.google.com/recaptcha/api/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.coinbase.com https://fast.wistia.com/assets/external/E-v1.js https://cdn.siftscience.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://*.online-metrix.net https://code.jquery.com https://chart.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://netverify.com https://ajax.cloudflare.com https://cdn.plaid.com/link/v2/stable/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googleadservices.com https://googleads.g.doubleclick.net https://assets.coinbase.com/ https://card.coinbase.com/ static.coinbase.com https://www2.coinbase.com; style-src 'self' 'unsafe-inline' https://www.coinbase.com https://assets.coinbase.com/ https://card.coinbase.com/ static.coinbase.com https://www2.coinbase.com; report-uri /csp-report 1 base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://ghmpl.hit.gemius.pl https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://www.snrcdn.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.pl https://tagmanager.google.com https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.snrcdn.net; img-src 'self' 'report-sample' data: https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://ghmpl.hit.gemius.pl https://www.facebook.com https://s.ytimg.com https://platform.twitter.com https://pbs.twimg.com https://abs.twimg.com https://syndication.twitter.com https://ton.twimg.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://csi.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.snrcdn.net https://marketing.tr.netsalesmedia.pl; font-src 'self' 'report-sample' https://www.mbank.pl https://fonts.gstatic.com; connect-src 'self' 'report-sample' https://www.mbank.pl https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://www.google.pl https://ghmpl.hit.gemius.pl https://form.axaubezpieczenia.pl https://syndication.twitter.com https://search.interconsystems.pl https://synerise.com https://proxy.synerise.com https://tc.synerise.com https://tck.synerise.com https://messenger.synerise.com wss://messenger.synerise.com https://dc.synerise.com; media-src 'self' 'report-sample' https://www.mbank.pl https://www.snrcdn.net; object-src 'self' 'report-sample' https://www.mbank.pl https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://6100198.fls.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://form.mbank.pl https://platform.twitter.com; child-src 'self' 'report-sample' https://www.mbank.pl https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://6100198.fls.doubleclick.net https://www.youtube.com https://form.mbank.pl; form-action 'self' 'report-sample' https://www.mbank.pl https://form.mbank.pl https://form.mbank.com.pl; frame-ancestors 'self' 'report-sample' https://www.mbank.pl; 1 report-uri https://f6044819c139be406e5131b1724188ab.report-uri.com/r/t/csp/enforce; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: sync.adap.tv sync.adaptv.advertising.com *.adroll.com ssp.adskom.com sync.ad-stir.com *.akamaihd.net *.appier.net *.adnxs.com x.bidswitch.net bat.bing.com *.bizographics.com sjs.bizographics.com bookeo.com www-2903b.bookeo.com britishcouncil-email.createsend.com tags.clickintext.net apps-cdn.britishcouncil.org *.disquscdn.com *.disqus.com disqus.com *.doubleclick.net loadus.exelator.com ps.eyeota.net *.fbcdn.net *.facebook.com cx.atdmt.com cx.atdmt.com connect.facebook.net cs.gssprt.jp www.google.de www.google.es *.google.com *.google.co.uk *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com www.googletagmanager.com *.ytimg.com britishcouncil.github.io *.linkedin.com snap.licdn.com idsync.rlcdn.com sync.crwdcntrl.net ml314.com *.mathtag.com aa.agkn.com bam.nr-data.net js-agent.newrelic.com olc.live.solas.britishcouncil.digital *.openx.net *.optimizely.com stags.bluekai.com cdn.polyfill.io *.qualaroo.com s3.amazonaws.com pixel.rubiconproject.com *.salesforceliveagent.com embed.scribblelive.com *.scupio.com *.semasio.net *.sharethis.com *.socdm.com sui.britishcouncil.org *.streamamg.com public.tableau.com tapestry.tapad.com match.adsrvr.org *.ads-twitter.com *.twimg.com *.twitter.com d17m68fovwmgxj.cloudfront.net ucarecdn.com *.vimeocdn.com player.vimeo.com vimeo.com vk.com bigsea.frontend.weborama.fr dx.bigsea.weborama.com *.webtrends.com statse.webtrendslive.com dev.visualwebsiteoptimizer.com britishcouncil.wufoo.com *.yahoo.com b92.yahoo.co.jp s.yimg.com www.youtube.com *.instagram.com *.hotjar.com; 1 frame-ancestors 'self' http://opr.carwale.com http://oprst.carwale.com https://www.autobiz.in http://allaboutcars.yahoo.com/ https://cwoprst-7.carwale.com https://operations.carwale.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/ https://px.adhigh.net/p/tracking.js https://leroymerlinru.push.world/https.embed.js https://ad.adriver.ru/cgi-bin/erle.cgi https://cdn.rtb.com.ru/as-main.js https://tags.soloway.ru/DSPCounter.js https://www.googleadservices.com/pagead/conversion.js https://px.adhigh.net/p.js https://sys.refocus.ru/ https://bp-1c51.kxcdn.com/ https://st-eu.dynamicyield.com/ https://cdn-eu.dynamicyield.com/ https://cdp.leroymerlin.ru/pixel/pixel.js https://cdn.lenmit.com/static/js/retag.js https://z.lenmit.com/retag/tags/ https://connect.facebook.net https://partners.leroymerlin.ru/api/tracker/sdk.js https://www.artfut.com/static/ https://tagmanager.google.com https://sslwidget.criteo.com/ https://res.cloudinary.com/aem/raw/upload/web-components/ https://*.ru.corp.leroymerlin.com https://suggest-maps.yandex.ru/suggest-geo https://www.googletagmanager.com/gtag/ https://static.criteo.net/js/ld/ld.js blob: https://optimize.google.com/optimize/ https://*.maps.yandex.net/ https://api-maps.yandex.ru/2.0-stable/ https://tracking.diginetica.net/divolte.js https://top-fwz1.mail.ru/js/code.js https://cdn.diginetica.net/306/client.js https://www.gstatic.com/recaptcha/api2/ https://www.google.com/recaptcha/api.js https://leroymerlinru.webim.ru/ https://kladr-api.ru/api.php https://enterprise.api-maps.yandex.ru https://yastatic.net https://www.google-analytics.com https://get.shoppilot.ru/f/v1/56d42be28ddf8715e9014752/v2/app.js https://get.shoppilot.ru/f/v1/57ceea56437f575050000583/v2/app.js https://www.googletagmanager.com/gtm.js https://mc.yandex.ru/ https://recs.richrelevance.com/rrserver/p13n_generated.js https://media.richrelevance.com/rrserver/js/1.2/p13n.js https://vk.com/js/api/openapi.js https://connect.ok.ru/connect.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://optimize.google.com/optimize/editor/css/ https://leroymerlin.ru https://res.cloudinary.com https://get.shoppilot.ru https://tagmanager.google.com/debug/ https://fonts.googleapis.com/; frame-ancestors 'self' http://webvisor.com/ 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 1 default-src 'self' service.maxymiser.net; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net 'unsafe-eval'; script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://ad.doubleclick.net service.maxymiser.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net/ https://*.santander.co.uk 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://dpm.demdex.net https://*.santander.co.uk 'unsafe-eval'; img-src 'self' service.maxymiser.net 'unsafe-inline' https://*.santander.co.uk 'unsafe-eval' data: https:; style-src 'self' service.maxymiser.net 'unsafe-inline'; font-src 'self'; frame-src 'self' 'unsafe-inline' https://authorize.omniture.com https://sitecatalyst.omniture.com service.maxymiser.net https://edigitalsurvey.com https://www.youtube.com https://santander.demdex.net https://santander.demdex.net https://*.fls.doubleclick.net 'unsafe-eval'; object-src 'self'; 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-308e5072182ea0e41af18f10cc437e73' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://mc.yandex.ru 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=4457ae01-944f-4de2-8f41-01371fbd8f55&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=4457ae01-944f-4de2-8f41-01371fbd8f55&version=sha%3D08d263b5b0c8&report_only=false 1 default-src 'self'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' ad.adriver.ru bam.nr-data.net bat.bing.com cdn-cm.gcdn.co connect.facebook.net js-agent.newrelic.com pixel-geo.prfct.co platform.twitter.com static.criteo.net tag.marinsm.com u360.d-bi.fr *.google.com *.visualwebsiteoptimizer.com *.cloudfront.net *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.wargaming.net *.worldoftanks.com *.yandex.by *.yandex.com.tr *.yandex.kz *.yandex.net *.yandex.ru *.yandex.ua ; style-src cdn-cm.gcdn.co *.wargaming.net *.worldofwarships.ru *.googleapis.com *.google.com 'unsafe-inline' ; img-src data: 'self' * ; font-src data: cdn-cm.gcdn.co fonts.gstatic.com *.wargaming.net ; frame-src api.advpartners.org *.googletagmanager.com *.google.com *.googleadservices.com *.wargaming.net *.yandex.ru *.yandex.net *.yandex.ua *.yandex.by *.yandex.kz *.yandex.com.tr ; connect-src api.advpartners.org *.visualwebsiteoptimizer.com *.googleapis.com *.google-analytics.com *.wargaming.net *.yandex.ru *.yandex.net *.yandex.ua *.yandex.by *.yandex.kz *.yandex.com.tr; report-uri https://cspreport.wargaming.net/cspreport 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1566536289.59265.140844.146478&h=vla1-7921-b0e-vla-portal-morda-31387&csp=old&date=20190823&yandexuid=7016066681566536289; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru zen.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 default-src 'self' *.hltv.org:* https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.gstatic.com https://syndication.twitter.com http://platform.twitter.com https://platform.twitter.com https://*.flashtalking.com https://*.twimg.com https://chart.googleapis.com data://* 'unsafe-eval'; script-src 'self' *.hltv.org:* https://*.hltv.org:* 'unsafe-eval' http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com http://www.gstatic.com 'sha256-9nLWw42ittR15h7pdgpdCZMwOJfWBPX/P8LQSzOn+Jk='; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com http://platform.twitter.com https://platform.twitter.com 'unsafe-inline'; frame-src *; connect-src 'self' *.hltv.org:* https://sentry.io *.gainskins.com ws://*.hltv.org:* wss://*.hltv.org:* ws://cf1-scorebot.hltv.org:* ws://c2-scorebot.hltv.org:* wss://cf1-scorebot.hltv.org:* wss://cf2-scorebot.hltv.org:* wss://cf3-scorebot.hltv.org:* wss://cf4-scorebot.hltv.org:* https://cf1-scorebot.hltv.org:* https://cf2-scorebot.hltv.org:* https://cf3-scorebot.hltv.org:* https://cf4-scorebot.hltv.org:* 1 frame-ancestors 'self' *.services.local *.yandex.com *.webvisor.com; base-uri 'self'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/pitchfork 1 default-src https:; base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations; 1 default-src http: https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net https://*.googlesyndication.com 'self'; script-src http: https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net https://mc.webvisor.org https://googletagmanager.com https://*.cloudfront.net https://*.maps.yandex.net https://secure.payu.ru https://use.fontawesome.com https://adservice.google.com https://adservice.google.ru https://*.google-analytics.com https://www.googletagservices.com https://*.yandex.ru https://www.googletagmanager.com https://*.google.com https://securepubads.g.doubleclick.net https://cdn.jsdelivr.net https://www.gstatic.com https://*.pinterest.com https://i.pinimg.com https://*.twitter.com https://twitter.com https://connect.facebook.net https://yastatic.net https://vk.com https://cdn.ampproject.org https://pagead2.googlesyndication.com https://top-fwz1.mail.ru https://api.vk.com https://connect.ok.ru https://connect.mail.ru https://checkout.rbk.money 'unsafe-inline' 'unsafe-eval' 'self' blob: data:; font-src http: https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net 'self' https://fonts.gstatic.com; img-src https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net https://www.livemaster.ru:1812 https://csi.gstatic.com https://log.pinterest.com https://*.adfox.ru https://*.googlesyndication.com https://*.googletagmanager.com https://mc.webvisor.org https://syndication.twitter.com https://top-fwz1.mail.ru https://*.google-analytics.com https://*.facebook.com https://*.google.com https://*.google.ru https://counter.yadro.ru https://*.yandex.ru https://*.yandex.net https://vk.com https://*.vk.com https://*.g.doubleclick.net https://*.livemaster.ru https://*.livemaster.com 'self' data: blob: http:; frame-src http: https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net 'self' https://*.facebook.net https://*.googlesyndication.com https://dl.metabar.ru https://static.cmptch.com https://www.livemaster.ru:1862 https://secure.payu.ru https://checkout.rbk.money https://mc.webvisor.org https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://*.google.com https://player.vimeo.com; frame-ancestors 'self' https://*.livemaster.ru https://www.livemaster.ru:1862 https://*.payu.ru https://secure.payu.ru https://checkout.rbk.money https://mc.webvisor.org https://*.yandex.ru https://www.googletagmanager.com https://*.twitter.com https://*.facebook.com https://vk.com https://*.vk.com https://*.g.doubleclick.net https://yastatic.net https://www.youtube.com https://www.google.com https://player.vimeo.com; style-src http: https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net 'unsafe-inline' https://tagmanager.google.com https://*.googleapis.com https://www.livemaster.ru:1862 https://*.livemaster.ru; connect-src https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net https://*.googlesyndication.com https://yandex.ru https://yandex.com https://login.vk.com http: https://yandexmetrica.com:29010 https://*.payu.ru https://*.payu.com https://www.livemaster.ru:1862 https://*.lmteam.ru https://*.yandex.net https://ymetrica.com https://ymetrica1.com https://ymetrica2.com https://mc.webvisor.org https://mc.webvisor.com https://*.google-analytics.com http://*.google.com https://www.googleapis.com wss://*.livemaster.ru https://*.livemaster.ru https://*.livemaster.com https://graph.facebook.com https://matchid.adfox.yandex.ru https://*.g.doubleclick.net https://top-fwz1.mail.ru https://*.adfox.ru https://*.yandex.ru https://*.yandex.com https://getyabrowser.com https://*.appmetrica.webvisor.com https://www.facebook.com https://csi.gstatic.com https://player.vimeo.com https://*.clickmeeting.com 'self'; object-src http: https://*.livemaster.ru https://*.go-mpulse.net https://*.ngenix.net 'self' https://player.vimeo.com https://www.youtube.com; report-uri /ajax/cspcollector.php 1 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.tripsavvy.com *.qa.aws.tripsavvy.com atlas.tripsavvy.com atlas.local.tripsavvy.com 1 block-all-mixed-content; report-uri /csp-report?p=; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://boards.greenhouse.io/embed/job_board/js https://cdnjs.cloudflare.com/ajax/libs/jquery.mobilephonenumber/1.0.7/jquery.mobilePhoneNumber.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/caret/1.0.0/jquery.caret.min.js https://checkout.stripe.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://credit.klarnacdn.net/lib/v1/ https://embed.runkit.com https://ga.clearbit.com/v1/ga.js https://js.stripe.com https://platform.twitter.com/widgets.js https://*.stripecdn.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://x.klarnacdn.net/kp/lib/v1/ https://y4pfttj91h-1.algolianet.com/1/indexes/ https://y4pfttj91h-2.algolianet.com/1/indexes/ https://y4pfttj91h-3.algolianet.com/1/indexes/ https://y4pfttj91h-dsn.algolia.net/1/indexes/ 'report-sample'; object-src 'self'; base-uri 'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thebalancesmb.com *.qa.aws.thebalancesmb.com atlas.thebalancesmb.com atlas.local.thebalancesmb.com 1 frame-ancestors 'self' http://*.dji.com https://*.dji.com 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vanityfair 1 child-src 'self'; connect-src *; img-src 'self' data: https://transferwise.desk.com https://help.transferwise.com https://assistly-production.s3.amazonaws.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://www.google-analytics.com https://q.quora.com https://bat.bing.com https://b97.yahoo.co.jp https://t.co https://*.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.tw https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.ke https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me https://dpx.airpr.com https://cx.atdmt.com https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://lienzo.s3.amazonaws.com https://widgets.transferwise.com https://platform-lookaside.fbsbx.com *.facebook.com *.googleusercontent.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.transferwise.com; object-src 'self'; media-src 'self'; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io 'self' https://js-agent.newrelic.com https://bam.nr-data.net connect.facebook.net tagmanager.google.com www.googletagmanager.com https://ajax.cloudflare.com dpx.airpr.com connect.facebook.net www.facebook.com staticxx.facebook.com bat.bing.com s.yimg.jp static.hotjar.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.google.co.uk www.google.com a.quora.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com https://www.informizely.com https://storage.googleapis.com https://script.hotjar.com https://ajax.googleapis.com https://b97.yahoo.co.jp; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com; frame-ancestors https://transferwiseturkiye.com.tr; frame-src https://staticxx.facebook.com youtube.com www.youtube.com https://www.facebook.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com; report-uri https://frontendservice.report-uri.com/r/t/csp/enforce 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1 sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=TW&lang=zh-Hant-TW&device=desktop&yrid=2r4259pelv6e5&partner=; 1 default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-6018ac3c3da54bc98bf64a370e0f2bb2'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1 frame-ancestors 'self' btprt.dj snip.ly 1 default-src 'self' https://arduino.cc; script-src 'self' 'unsafe-inline' data: https://tagmanager.google.com/debug https://widget.intercom.io/widget/* https://*.googletagservices.com https://*.googlesyndication.com https://consent.trustarc.com https://forum.arduino.cc https://store.arduino.cc https://store-cdn.arduino.cc https://arduino.cc https://checkout.stripe.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.google-analytics.com https://ads.supplyframe.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://js.stripe.com https://auth.arduino.cc https://hydra.arduino.cc https://cdn.arduino.cc https://content.arduino.cc https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://code.jquery.com https://arduino.cc https://id.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc https://content.arduino.cc; font-src 'self' https://content.arduino.cc https://cdn.arduino.cc https://cdn-stag.arduino.cc; img-src 'self' data: https:; connect-src 'self' https://auth.arduino.cc https://blog.arduino.cc https://api.arduino.cc https://api2.arduino.cc https://my.arduino.cc https://forum.arduino.cc https://store.arduino.cc https://checkout.stripe.com https://api.stripe.com https://cdn.arduino.cc https://www.google-analytics.com https://cdn-stag.arduino.cc https://trackerapi.trustarc.com; child-src 'self' https://create.arduino.cc https://downloads.arduino.cc https://checkout.stripe.com https://www.youtube.com https://js.stripe.com https://www.hackster.io; frame-src 'self' https://consent-pref.trustarc.com https://hydra.arduino.cc https://auth.arduino.cc https://create.arduino.cc https://downloads.arduino.cc https://docs.google.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://www.hackster.io https://staticxx.facebook.com https://iframe.dacast.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruce.com *.qa.aws.thespruce.com atlas.thespruce.com atlas.local.thespruce.com 1 script-src 'report-sample' 'nonce-eo5ddvUCAq1BGGTrpby7Qg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1 object-src avatars.mds.yandex.net;child-src downloader.yandex.net mc.yandex.by zen.yandex.by browser.yandex.by yandex.ru 'self' main.zdevx.yandex.by yandexadexchange.net blob: yastatic.net *.yandexadexchange.net music.yandex.by yabs.yandex.by passport.yandex.by awaps.yandex.net yandex.by *.cdn.yandex.net mc.yandex.ru;default-src yastat.net yastatic.net;media-src video-preview.s3.yandex.net;style-src 'unsafe-inline' zen.yandex.by main.zdevx.yandex.by yastatic.net;img-src tracking.ott.yandex.net wcm.solution.weborama.fr mc.yandex.by an.yandex.ru 'self' sb.scorecardresearch.com yandex.ru zen.s3.yandex.net zen.yandex.by avatars.mds.yandex.net mc.admetrica.ru main.zdevx.yandex.by yabs.yandex.by gdeby.hit.gemius.pl yastatic.net strm.yandex.ru ads.adfox.ru favicon.yandex.net mc.yandex.ru s3.mds.yandex.net yandex.by resize.yandex.net awaps.yandex.net data:;script-src an.yandex.ru mc.yandex.by yastatic.net main.zdevx.yandex.by yandex.by 'nonce-0ukbsVlQvQe+qni90W7t5Q==' mc.yandex.ru zen.yandex.by yandex.ru;connect-src wss://webasr.yandex.net jstracer.yandex.ru yandex.by mc.yandex.ru portal-xiva.yandex.net yastat.net yastatic.net yabs.yandex.ru wss://portal-xiva.yandex.net main.zdevx.yandex.by mc.admetrica.ru frontend.vh.yandex.ru zen.yandex.by 'self' an.yandex.ru mc.yandex.by wss://yandex.ru mobile.yandex.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.by&showid=1566552142.83852.122100.2654&h=vla1-3770-vla-portal-morda-31387&csp=new&date=20190823&yandexuid=8110302831566552142;font-src zen.yandex.by main.zdevx.yandex.by yastatic.net 1 frame-ancestors https://edmodo.com https://*.edmodo.com; 1 frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca 1 upgrade-insecure-requests; frame-ancestors 'self' *.nhs.uk 1 default-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src https: data: blob:; media-src https: http: blob: data:; connect-src http: https: ws: wss:; 1 frame-ancestors 'self' *.brazzersnetwork.com 1 frame-ancestors *.indiatimes.com *.zigwheels.com 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-CkQuCvobwE' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 frame-ancestors "self" 1 default-src 'self'; img-src 'self' https://app.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com/csi https://stats.g.doubleclick.net https://storage.googleapis.com blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://www.google.com https://www.googleadservices.com https://sc-static.net https://www.youtube.com https://s.ytimg.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://snap.adbrn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://player.vimeo.com https://tremolossl-a.akamaihd.net; connect-src 'self' https://gms-carousel-dot-lookinsoclear.appspot.com https://app.snapchat.com https://geofilters-community-api.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://zgl-s.tlnk.io https://woj-e.tlnk.io https://launch1.co https://accounts.snapchat.com https://scan.snapchat.com https://www.google-analytics.com; media-src 'self' data: blob: https://storage.googleapis.com; report-uri https://csp-central.appspot.com/report_csp 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=03dd792a-fc06-4ef2-b61a-577b2041cc6c&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=03dd792a-fc06-4ef2-b61a-577b2041cc6c&version=sha%3Db68f26972e89&report_only=false 1 frame-ancestors 'self' http://*.bloomberg.com https://*.bloomberg.com 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/vogue 1 default-src 'self'; block-all-mixed-content; script-src 'self' 'sha256-/fCUycOSPg5W5rt7pgbdlufk2T9mZRRPEsV2mct1B/I=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'unsafe-eval' 'nonce-866dbb92224505bd89ff994062d07791b61877ba' https://*.zopim.com https://*.zopim.io https://api-na.geetest.com https://api.geetest.com https://beta.binance.com https://bin.bnbstatic.com https://cdn.ampproject.org https://ex.bnbstatic.com https://monitor.geetest.com https://resource.binance.com https://static.geetest.com https://static.zdassets.com https://translate.google.com https://translate.googleapis.com https://www.binance.com https://www.google-analytics.com https://www.google.com preprodbin.bnbstatic.com; style-src 'self' 'unsafe-inline' https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://resource.binance.com https://static.geetest.com https://translate.googleapis.com https://www.binance.com https://www.gstatic.com preprodbin.bnbstatic.com; font-src 'self' data: https://at.alicdn.com https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://fonts.gstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://www.binance.com preprodbin.bnbstatic.com; connect-src 'self' *.fdgahl.cn https://*.zopim.com https://beta.binance.com https://bin.bnbstatic.com https://binance.zendesk.com https://ekr.zdassets.com https://ex.bnbstatic.com https://frontend-m.binance.cloud/monitor/v1/log https://jpush.binance.im:5000 https://pre-jpush.fdgahl.cn:5000 https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://sentry.io https://ss.datasconsole.com https://translate.googleapis.com https://www.binance.com https://www.google.com preprodbin.bnbstatic.com wss://*.zopim.com wss://binance.com.zendesk.com wss://jpush.binance.im:5000 wss://margin-stream.binance.com:9443 wss://stream.binance.cloud:9443 wss://stream.binance.com:9443 wss://stream2.binance.cloud:443 wss://stream2.binance.com:9443; img-src 'self' *.fdgahl.cn data: https://beta.binance.com https://bin.bnbstatic.com https://ex.bnbstatic.com https://public.bnbstatic.com https://resource.binance.com https://sensors.binance.cloud https://sensors.binance.com https://static.geetest.com https://translate.google.com https://translate.googleapis.com https://v2assets.zopim.io https://v2uploads.zopim.io https://www.binance.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com preprodbin.bnbstatic.com; media-src 'self' *.fdgahl.cn https://bin.bnbstatic.com https://public.bnbstatic.com https://static.zdassets.com https://v2.zopim.com; frame-src 'self' https://bin.bnbstatic.com https://static.zdassets.com https://www.google.com; object-src 'none'; base-uri 'self' 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2a40ee72-5c61-4605-a489-2ae1e56bff20 1 frame-ancestors 'self' *.dkb.de 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-NBiXPzuPtR' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 frame-ancestors 'self' https://optimize.google.com ; report-uri https://d2689ebe5e29efe933d4a847c25ddecd.report-uri.com/r/d/csp/enforce 1 script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-vFIvEu8cEBczUPJz1MOct98bvzA' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1 default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.paypal.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://d.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://pixel.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.paypal.com https://www.sandbox.paypal.com https://www.youtube.com https://x.skimresources.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://www.paypal.com https://*.launchdarkly.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 1 default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080; media-src 'self' https: http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' http://*.disney.com http://*.diznee.net code.org studio.code.org 1 frame-ancestors http://*.uol.com.br https://*.uol.com.br 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-zNTRPyMhhQ' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline'; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org ad.doubleclick.net; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com https://accounts.firefox.com/ https://accounts.firefox.com.cn/; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com 1 frame-ancestors https://*.teen.co.id/ https://tpc.googlesyndication.com/ https://www.youtube.com/ https://asset.tabloidbintang.com/ https://media.tabloidbintang.com https://www.twitter.com https://ads.as.criteo.com/ https://eus.rubiconproject.com/ https://onesignal.com/ 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kcp.co.kr:*; object-src 'self' 1 default-src 'self' ; img-src 'self' https://sp1.convertro.com/api/hit/lastpass/ https://www.google-analytics.com/ https://*.company-target.com/ https://logmeincdn.azureedge.net/ https://*.company-target.com/* https://*.lastpass.com https://lastpass.com data: https://*.company-target.com/* https://*.adnxs.com/ https://*.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.facebook.com/tr https://t.co/i/adsct https://analytics.twitter.com/i/adsct https://img.youtube.com https://adfarm.mediaplex.com/ad/bk/ https://*.rfihub.com/ https://secure.leadback.advertising.com https://secure.ace-tag.advertising.com https://iad-login.dotomi.com https://*.company-target.com/ https://www07.clicktale.net/ https://lastpass-sc.usva.logmeinx.com/ https://lastpass-sc.usca.logmeinx.com/ https://lastpass-sc.usil.logmeinx.com/ https://lastpass-sc.ustx.logmeinx.com/ https://lastpass-sc.defr.logmeinx.com/ https://lastpass-sc.ukay.logmeinx.com/ https://lastpass-sc-gamma.usca.logmeinx.com/ https://*.logmeinx.com https://d.adroll.com https://secimg.vmmpxl.com https://rs.gwallet.com https://s-cs.send.microad.jp https://pixel.rubiconproject.com https://*.openx.net https://dpm.demdex.net https://ads.yahoo.com https://dsum-sec.casalemedia.com https://simage2.pubmatic.com https://trc.taboola.com https://x.bidswitch.net https://idsync.rlcdn.com https://stags.bluekai.com https://ums.adtechus.com https://io.narrative.io https://atemda.com https://t.brand-server.com https://pixel.quantserve.com; object-src 'self' https://*.googlevideo.com https://*.youtube.com https://*.youtube.com https://*.ytimg.com https://*.ytimg.com https://www.google.com https://youtube.googleapis.com; connect-src 'self' https://*.lastpass.com https://lastpass.com wss://*.lastpass.com https://*.optimizely.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com https://*.clicktale.net https://dc.services.visualstudio.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://logmeincdn.azureedge.net https://fonts.googleapis.com/ https://*.lastpass.com https://lastpass.com https://html-lastpass-develop.azurewebsites.net https://html-lastpass-master.azurewebsites.net; plugin-types application/x-invalid-type application/pdf ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.lmiutil.com/lpassets/clicktale/ https://lastpass.com/m.php/quickdl2 https://www.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://logmeincdn.azureedge.net https://cdn.clicktale.net/ https://*.lastpass.com https://lastpass.com https://www.youtube.com https://*.ytimg.com https://*.optimizely.com https://cdnssl.clicktale.net/ https://www.sc.pages04.net https://cdn.getsmartcontent.com/ https://api.bizographics.com https://us-east-1.profile-api.ads.linkedin.com https://s.getsmartcontent.com https://az416426.vo.msecnd.net ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://lmistatic.blob.core.windows.net/ https://fonts.gstatic.com/ https://*.lastpass.com https://lastpass.com; media-src ; frame-src 'self' https://cdn.lmiutil.com/ https://b.company-target.com https://*.lastpass.com https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://b.company-target.com/ect.html https://www.youtube.com https://*.ytimg.com https://1min-ui-prod.service.lastpass.com ;worker-src https://*.lastpass.com blob: 1 frame-ancestors 'self' https://help.thumbtack.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.googleapis.com *.gstatic.com data: 1 media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; report-uri https://sentry.io/api/115794/csp-report/?sentry_key=40c3396129f24aacbf05aed4885600b3 1 frame-ancestors 'self' *.facebook.com facebook.com *.miniclip.com miniclip.com 1 default-src 'self' *.ksu.edu.sa; img-src *; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.youtube.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com; 1 default-src * 'unsafe-inline'; frame-ancestors 'self'; img-src * data: blob:; media-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 1 frame-ancestors 'self' https://dnb.no https://*.dnb.no; default-src 'self' blob: http://test4.dnb.avantimedns.se 6479481.fls.doubleclick.net *.dnbeiendom.no http://www.e4cinvoice.com http://edok.ec.evry.com archive.ec.evry.com *.digipostdata.no https://api-fakturahotell.tellier.no https://bkk-web.bkk.no https://ringvirkninger.stage.george.no https://bkk-web2.bkk.no https://b2b.edb.com https://b2c.efakt.no https://cards.edb.com https://edi.hatteland.com https://edok.ec.evry.com https://efakt.lyse.no https://efaktura.emetro.no https://eFaktura.enita.no https://efaktura.fellesdata.no https://efaktura.biz https://efaktura.nets.no https://efaktura.quick.no https://dnbbankasa.tt.omtrdc.net https://assets.adobedtm.com https://e-faktura1.stralfors.net https://faktura.tabs.no https://*.efaktura.biz https://einvoice.compello.com https://*.celebrus.tech-03.net https://hotel.bbs.no/document https://invoicee.einvoiceportal.no https://invoice.lindorff.com https://kundonline.faktab.se https://mk.ec.evry.com https://privat.telenor.no https://*.efaktura.fellesdata.no https://www.e4cinvoice.com https://www.telenor.no preview.miprocloud.net *.siteimprove.com siteimproveanalytics.com surveydata.no mediaunit.23video.com dc.miprocloud.net *.digipost.no docs.google.com *.tiqcdn.com *.tealiumiq.com https://qbrick.hb.omtrdc.net *.dnbfeed.no https://dpm.demdex.net *.nets.eu *.bbs.no *.dnb.no *.dnb.se *.dnb.sg https://*.mastercard.com http://*.dnbnor.net *.edb.com *.bankid.no *.bankidapis.no *.bankidnorge.no themes.googleusercontent.com ssl.google-analytics.com fonts.gstatic.com fonts.googleapis.com csi.gstatic.com http://finncdn.no *.investtech.com *.morningstar.com adserver.adtech.de b2b.edb.com nettbankdrift.edb.com *.nets.no bedriftservice.no bilfinansonline.se carporten.dnbfinans.se carporten.nu connect.facebook.net designer.tagmycard.com dev.participant.com dnb.socialcee.com dnbnor.bankavstemming.no dnbnor.easycruit.com dnbnor.enterprisebanker.com dnbnorfeed.com www.deltager.no www.dnbfinans.net fidstest.dnbfinans.no get.adobe.com innbo.livesite.no itunes.apple.com ajax.googleapis.com *.doubleclick.net mts.googleapis.com mts0.googleapis.com mts1.googleapis.com maps-api-ssl.google.com maps.googleapis.com maps.gstatic.com www.gstatic.com plus.google.com apis.google.com maps.google.no www.google.no www.google.com www.googleadservices.com new.livestream.com thomsonreuters.com tools.euroland.com track.adform.net *.easyresearch.se webcastclients.s3.amazonaws.com www.adobe.com www.euroland.com www.newsweb.no www.nordic-online.net www.nordlandsbanken.no www.sandnes-sparebank.no www.slideshare.net www.soliditet.no www.ssf.no *.youtube.com *.ytimg.com www.youtube-nocookie.com www2.anleger-fernsehen.de wss://*.dnb.no wss://*.edb.com labeladmin.carporten.nu code.jquery.com no.bankid.app://* *.webtrends.com *.webtrendslive.com https://api.vipps.no https://sit02gw.api.test.tech-02.net https://ece46ec4-6f9c-489b-8fe5-146a89e11635.tech-02.net https://www.facebook.com data: chrome-extension: chromeinvoke: chromeinvokeimmediate: chromenull: 'unsafe-inline' 'unsafe-eval' qbrick.d3.sc.omtrdc.net wvjbscheme://* *.dnbproto.com *.mxpnl.com *.mixpanel.com *.socialboards.com *.qbrick.com https://translate.google.com https://translate.googl eapis.com https://*.akamaihd.net https://einvoicepublic.compello.com https://dnb-bank-dev.adobecqms.net https://content-stage.dnb.no https://content.dnb.no ; media-src 'self' *.dnb.no *.youtube.com:* *.vimeo.com:*; report-uri https://www.dnb.no/portalfront/csp/cspreportlog.php 1 frame-ancestors https://*.stoiximan.gr:* 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-ESkXfYkCxJ' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 script-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample' 'nonce-Lq9n4pvPp4xtpQbYxZZJED3CrmtHk4r0LYzkx0J0lfs='; object-src 'none'; base-uri 'self'; frame-src player.vimeo.com w.soundcloud.com www.slideshare.net www.youtube.com bandcamp.com sketchfab.com *.google.com *.facebook.com *.facebook.net *.twitter.com social-plugins.line.me *.g.doubleclick.net www.googletagmanager.com booth.karakuri.ai manage-booth.karakuri.ai point.widget.rakuten.co.jp https://booth.pm https://*.booth.pm https://factory.pixiv.net https://booth.pximg.net; connect-src 'self' *.pixiv.net *.pawoo.net www.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com www.googleadservices.com www.google.co.jp b92.yahoo.co.jp *.buyee.jp d.line-scdn.net stats.g.doubleclick.net ekr.zdassets.com *.zendesk.com https://booth.pm https://*.booth.pm https://factory.pixiv.net https://booth.pximg.net 1 frame-ancestors https://www.livehindustan.com https://*.girnarsoft.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=e706744d-c7f8-477d-9b01-277217335a7e 1 frame-src: *://*.twitter.com:* 1 child-src *.doubleclick.net *.dynad.net *.facebook.com *.hotjar.com *.marketo.com *.omniture.com *.pagseguro.uol.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.pagseguro.com.br *.uol.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google-analytics.com *.google.com.br *.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.xg4ken.com *.youtube.com *.hotjar.com *.tailtarget.com *.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src *.jsuol.com.br *.googleadservices.com *.googletagmanager.com *.ampproject.org *.ytimg.com *.google-analytics.com *.google.com *.googletagmanager.com *.doubleclick.net *.simg.uol.com.br *.uol.com *.uol.com.br *.pagseguro.com.br *.facebook.net *.xg4ken.com *.dynad.net *.marketo.com *.hotjar.com *.jsdelivr.net *.tailtarget.com *.bing.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://bam.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.simg.uol.com.br *.ytimg.com *.marketo.com https://imguol.com.br 'self' *.google.com 'unsafe-inline'; report-uri https://pagseguro.uol.com.br/csp-report 1 img-src 'self' *.cloudfront.net data: https:; media-src 'self' *.cloudfront.net data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' data: https: 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellmind.com *.qa.aws.verywellmind.com atlas.verywellmind.com atlas.local.verywellmind.com https://specials.verywellmind.com 1 frame-ancestors 'self' www.funtime.com.tw asfly.agenttour.com.tw asfly.pegatroncorp.com payez.agenttour.com.tw www.payeasy.com.tw; 1 default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-13127ff39dfd48188eeb783016870637'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1 default-src 'self' 'sha256-EE2P6EnF5LyhuHD1GXvcAyp0VMA+ELbkbSFlR4akzKI=' 'sha256-6F7C0E903A7D577847AE427BCB66FECB5692E6D55355D2B6986552A783B892A9' 'sha256-ekEC0FEv8t+Q88qseT1uVB/azdF0VZjnwSKhwlY+9wc=' 'sha256-76L2z81IsyivXOW8b8CsEk7m32YfJBqYCKQLmvatdCQ=' 'unsafe-inline' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net *.searchemoji.global;img-src *;frame-src 'self' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net www.youtube.com www.youtube-nocookie.com player.vimeo.com 'nonce-NzgyODAzOThkYmYwNDUyZThlM2ZiMWQwZTFjMWM0YmE=';media-src *;style-src 'self' 'unsafe-inline' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net;script-src 'self' 'unsafe-eval' SearchEncrypt.com https://www.searchencrypt.com *.navigateto.net 'nonce-NzgyODAzOThkYmYwNDUyZThlM2ZiMWQwZTFjMWM0YmE=' 'sha256-ekEC0FEv8t+Q88qseT1uVB/azdF0VZjnwSKhwlY+9wc=' 'sha256-76L2z81IsyivXOW8b8CsEk7m32YfJBqYCKQLmvatdCQ=' 1 frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it http://manage.pec.it https://manage.pec.it 1 frame-ancestors 'self' https://*.fdj.fr https://www.laredoute.fr/ http://clients.sismodesign.com; 1 frame-ancestors *.burberry.com burberry.com; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/self 1 font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; frame-src https:; connect-src https: wss:; media-src https:; default-src https: blob:; img-src https: data:; style-src 'unsafe-inline' https:; report-uri https://zbsfsvpmbzmjualklfjf2csg.httpschecker.net/report 1 report-uri https://cspreport.bol.com/report/b/12700 ; default-src https://tpc.googlesyndication.com https://www.bol.com ; connect-src https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://query.autheos.com https://www.bol.com ; font-src data: https://*.s-bol.com https://fonts.gstatic.com https://secure.ogone.com https://www.bol.com ; frame-src https://*.2mdn.net https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.youtube-nocookie.com https://bolfelicitatie.b05-apps.nl https://chat1.bol.com https://chatr.bol.com https://checkoutshopper-live.adyen.com https://info.bol.com https://platform.twitter.com https://player.autheos.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://view.publitas.com https://www.bol.com https://www.facebook.com https://www.google.com ; img-src blob: data: https://*.2mdn.net https://*.akstat.io https://*.cloudfront.net https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://checkoutshopper-live.adyen.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://img.youtube.com https://jwpltx.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://static2.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.ups.com ; media-src https://*.cloudfront.net https://*.kobo.com https://*.phononet.de https://*.s-bol.com https://bolfelicitatie.b05-apps.nl https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com ; object-src https://bolfelicitatie.b05-apps.nl https://st1.streamzilla.jet-stream.nl https://view.publitas.com https://www.bol.com ; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.s-bol.com https://*.youtube-nocookie.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://bolcom.tu-vms.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://d31qbv1cthcecs.cloudfront.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://live.adyen.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://s.ytimg.com https://secure.ogone.com https://ssl.p.jwpcdn.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://tu.tu-vms.com https://view.publitas.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com ; style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://view.publitas.com https://www.bol.com 1 connect-src 'self' https: https://api.womany.net https://cn-api.womany.net https://en-api.womany.net https://jp-api.womany.net https://member.womany.net https://go.justfont.com 1 frame-ancestors 'self' *.signupgenius.com 1 script-src 'nonce-a05183d68bdbfdcbb35553cb18a8b13d' 'nonce-DOjEcQ1MEiSNuO0Ck2r0XGoMyb5JLLrNLXFonBgBeBA=' 'self' 'unsafe-eval' https: 'sha256-jTbbX7kA2AFEiHkjGYboK9ooUurX+Mc9th2/quUZwkI=' 'sha256-yntX1DMo3v8w5zK0Wt5LS96gm1dTl95wU0As+x8+vsU='; frame-ancestors 'none' 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=75cd87d6-8ca8-4f99-969c-43ef802bcc11 1 script-src *.cognizant.com insight.adsrvr.org maps.googleapis.com www.google-analytics.com global.cognizant.com pi.pardot.com scripts.demandbase.com www.google-analytics.com px.ads.linkedin.com www.youtube.com tr.outbrain.com amplifypixel.outbrain.com munchkin.marketo.net ssl.google-analytics.com static.doubleclick.net ssl.google-analytics.com www.facebook.com connect.facebook.net www.googletagmanager.com connect.facebook.net miscmagazine.com graph.facebook.com api.linkedin.com api.instagram.com news.cognizant.com investors.cognizant.com api.twitter.com googleads.g.doubleclick.net static.doubleclick.net public.slidesharecdn.com www.slideshare.net consent.truste.com api.demandbase.com assets.adobedtm.com stats.g.doubleclick.net www.googleadservices.com cm.g.doubleclick.net dpm.demdex.net snap.licdn.com global.cognizant.com px.ads.linkedin.com trackcmp.net amplify.outbrain.com 2899686.fls.doubleclick.net api.company-target.com d.company-target.com segments.company-target.com pixel.advertising.com s.ytimg.com www.linkedin.com *.doubleclick.net match.adsrvr.org fonts.gstatic.com msdn.microsoft.com ajax.googleapis.com api.soundcloud.com cdnjs.cloudflare.com *.AKAMAIHD.NET *.akamai.edgekey.net public.inpwrd.com consent.trustarc.com *cognizant.co.jp www.gstatic.com www.google.com in.taskanalytics.com v2.listenloop.com 'unsafe-inline' 'unsafe-eval' data: 1 frame-ancestors https://www.maisonmargiela.com/ https://www.maisonmargiela.com/ ; 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.credit-du-nord.fr *.banque-courtois.fr *.banque-kolb.fr *.banque-laydernier.fr *.banque-nuger.fr *.banque-rhone-alpes.fr *.banque-tarneaud.fr *.smc.fr 1 default-src https:; connect-src https:; font-src https: data:; frame-src https: twitter:; frame-ancestors https:; img-src https: data:; media-src http: https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1 default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; 1 default-src * data: blob:; frame-ancestors *.smule.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https://boards.greenhouse.io/embed/job_board/js https://js.stripe.com/v2/ https://js.stripe.com/v3/ http://*.smule.com:* http://*.facebook.net http://*.google-analytics.com http://*.google.com http://*.googleapis.com http://*.gstatic.com https://*.smule.com:* https://*.facebook.net https://*.accountkit.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com http://www.apple.com/library/quicktime/scripts/ac_quicktime.js https://www.apple.com/library/quicktime/scripts/ac_quicktime.js platform.twitter.com https://optimize.google.com https://cdn.branch.io https://app.link https://smule-alternate.app.link https://smule.app.link https://link.smule.com ; style-src 'unsafe-inline' data: http://*.smule.com:* https://*.smule.com:* yui.yahooapis.com https://optimize.google.com https://fonts.googleapis.com; report-uri /s/csp-log; 1 frame-ancestors 'self' https://*.myfxbook.com 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-zTmHmsUugn' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1 frame-ancestors 'self' http://cisco.lookbookhq.com https://cisco.lookbookhq.com http://cisco.pathfactory.com https://cisco.pathfactory.com https://transform.cisco.com http://transform.cisco.com; 1 frame-ancestors 'self' *.allstate.com *.encompassinsurance.com *.encompassinsured.com 1 default-src 'self' *.uqu.edu.sa *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.youtube.com *.twitter.com 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' *.uqu.edu.sa *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.twimg.com *.flagcounter.com data: blob: https: 1 default-src https: 'unsafe-inline'; script-src 'self' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com 1 frame-ancestors https://*.prokerala.com https://*.nxstatic.com; 1 font-src 'self' code.freent.de https://fonts.gstatic.com; img-src * data:; frame-ancestors *.freenet.de; plugin-types application/pdf application/x-shockwave-flash 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-NihMtTwwJq' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a16ac30a-ec83-4f57-914c-78b8d64f7960 1 frame-ancestors *.hinet.net; 1 frame-ancestors 'self' https://shopping.yahoo.co.jp 1 default-src 'self' blob: *.dochub.com; child-src 'self' blob: cdn.dochub.com content.googleapis.com accounts.google.com www.google.com docs.google.com js.stripe.com platform.twitter.com syndication.twitter.com www.youtube.com; connect-src 'self' blob: *.gravatar.com *.nr-data.net *.pusher.com api.onedrive.com api.rollbar.com cdn.dochub.com docs.google.com example.com graph.microsoft.com maps.gstatic.com platform.twitter.com sentry.io stats.g.doubleclick.net ws://ws.pusherapp.com wss://ws.pusherapp.com wss://ws.pusherapp.com:443 www.dropbox.com www.google.com www.googleapis.com ekr.zdassets.com dochub.zendesk.com checkout.stripe.com macroplant.zendesk.com *.zopim.com wss://*.zopim.com; font-src 'self' data: cdn.dochub.com use.fontawesome.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' blob: accounts.google.com cdn.dochub.com content.googleapis.com dochub.com www.google.com docs.google.com www.gstatic.com www.youtube.com js.stripe.com platform.twitter.com syndication.twitter.com checkout.stripe.com; img-src * blob: data:; media-src 'self' cdn.dochub.com docs.google.com static.zdassets.com; object-src 'self'; script-src 'self' blob: data: 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.gravatar.com *.newrelic.com *.nr-data.net *.pusher.com apis.google.com api.rollbar.com br-rx.atatus.com cdn.dochub.com cdn.syndication.twimg.com cdnjs.cloudflare.com docs.google.com dmc1acwvwny3.cloudfront.net/atatus.js js.live.net js.stripe.com checkout.stripe.com maps.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com www.dropbox.com www.google-analytics.com www.google.com www.gstatic.com static.zdassets.com *.zopim.com; style-src 'self' 'unsafe-inline' cdn.dochub.com docs.google.com fonts.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com platform.twitter.com; report-uri https://sentry.io/api/1205257/security/?sentry_key=d04bf487c1254343bfe2db4f8f59fe3d 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2011b439-04c8-435d-802c-3202eb984934 1 upgrade-insecure-requests; report-uri https://ee.report-uri.io/r/default/csp/enforce 1 script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; media-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; connect-src https: wss: 1 frame-ancestors https://unitedstateslibraryofcongress.marketing.adobe.com 1 frame-ancestors https://bdtracking.fareye.co/ https://*.bluedart.com/ script-src 'unsafe-inline' 'unsafe-eval' default-src 'self' https://csi.gstatic.com https://ajax.googleapis.com https://maps.googleapis.com http://maps.googleapis.com http://www.google-analytics.com https://bluedartomcpoc-bluedarttrial.itom2.management.europe.oraclecloud.com 1 default-src 'self' wss: data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com *.wolframcloud.com localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wolfram.com *.wolframalpha.com *.wolframcdn.com ajax.googleapis.com *.wolframalpha.tw; img-src 'self' http://*.wolframcdn.com *.wolframcdn.com data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com; font-src * data:; style-src 'unsafe-inline' 'self' data: *.wolfram.com *.wolframalpha.com *.wolframcdn.com wolframcdn.com fonts.googleapis.com; 1 upgrade-insecure-requests ; default-src 'self' https: data: *.comodo.com *.comodo.net wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com https://insights.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hscollectedforms.net https://geolocation.onetrust.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://geoip.nekudo.com https://freegeoip.net https://secure.comodo.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://m.addthisedge.com https://m.addthis.com https://s7.addthis.com https://cdn3.optimizely.com https://cdn2.optimizely.com https://www.gstatic.com https://www.youtube.com https://cdn.ckeditor.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com cdn.ckeditor.com *.comodo.com *.comodo.net https://code.jquery.com https://googleads.g.doubleclick.net https://script.hotjar.com https://plugins.help.com https://www.google.com https://www.google.co.uk https://cdn.optimizely.com https://www.comodo.com https://www.google-analytics.com https://secure.leadforensics.com https://static.hotjar.com https://ajax.googleapis.com https://secure.comodo.com https://www.googleadservices.com https://s.ytimg.com https://js.hs-scripts.com https://cdn.cookielaw.org https://beta.phonewagon.com https://addevent.com *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com tagmanager.google.com *.linkedin.com ; object-src 'self' *.comodo.com *.comodo.net https://download.comodo.com https://www.youtube.com https://theapplicantmanager.com ; img-src 'self' data: https://www.facebook.com https://www.google.ro https://www.comodo.com/internet-security/thank-you.php https://s9.addthis.com https://cdn.ckeditor.com https://www.google.co.uk https://www.google.co.in https://www.google.com *.comodo.com *.comodo.net https://secure.comodo.com https://download.comodo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org ssl.gstatic.com img.youtube.com *.adroll.com ; font-src 'self' data: secure.comodo.net *.comodo.com *.comodo.net https://maxcdn.botostrapcdn.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.lookbookhq.com *.googletagmanager.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net https://cdn.ckeditor.com https://secure.comodo.net *.comodo.com *.comodo.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.cookielaw.org https://fonts.googleapis.com https://www.comodo.com *.lookbookhq.com *.googletagmanager.com tagmanager.google.com *.optimizely.com *.hotjar.com *.licdn.com *.adroll.com ; base-uri 'self' *.comodo.com *.comodo.net ; form-action 'self' *.comodo.com *.comodo.net https://www.hackerguardian.com https://www.facebook.com ; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://secure.comodo.net https://secure.comodo.com https://edge.addthis.com https://www.google.com https://bid.g.doubleclick.net https://www.comodo.com https://www.comodo.net https://cdn.download.comodo.com https://download.comodo.com https://plugins.help.com https://vars.hotjar.com https://www.youtube.com https://theapplicantmanager.com https://s7.addthis.com https://www.youtube-nocookie.com explore.comodo.com cdome.comodo.com ; frame-ancestors 'self' https://comodo.pathfactory.com https://comodo.lookbookhq.com www.comodo.com explore.comodo.com cdome.comodo.com enterprise.comodo.com 1 default-src * 'unsafe-inline'; font-src https: data:; frame-ancestors 'self' localhost:3000; frame-src 'self' www.mindmeister.com accounts.google.com docs.google.com dl.dropboxusercontent.com platform.harvestapp.com player.vimeo.com zapier.com www.youtube.com www.facebook.com chrome://pdf-viewer; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.hotjar.com; script-src 'self' 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud https://*.hotjar.com; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud; img-src * data:; font-src * data:; connect-src *; media-src * data: blob:; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' 'unsafe-inline' data: ; style-src 'self' 'unsafe-inline'; child-src 'self' qaldqtraffic.masarak.com maps.moi.gov.qa indd.adobe.com 1 frame-ancestors 'self' http://webvisor.com http://turbo.az http://*.turbo.az http://tap.az http://*.tap.az turbo.az *.turbo.az tap.az *.tap.az 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=7d0e6a88-8859-4b00-b44d-5680bed016b2&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=7d0e6a88-8859-4b00-b44d-5680bed016b2&version=sha%3Db68f26972e89&report_only=false 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-482bed86d982bbfc4e583ae6df988c9b' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=73da1cda-a88d-46fb-b9d1-10a7a36aecef&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=73da1cda-a88d-46fb-b9d1-10a7a36aecef&version=sha%3Db68f26972e89&report_only=false 1 frame-ancestors 'http://apps.icicidirect.com'; 1 frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com; 1 report-uri /report-csp; connect-src 'self' *; font-src data: 'self'; child-src https://*.n26.com https://n26.com https://www.youtube.com https://boards.greenhouse.io https://pixel.mathtag.com/; img-src 'self' images.ctfassets.net images.contentful.com https://cdn.number26.de https://sc-collector.n26.com https://*.greenhouse.io data: *; media-src videos.ctfassets.net videos.contentful.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://n26-trusted.n26.com https://polyfill.io https://www.youtube.com https://s.ytimg.com https://boards.greenhouse.io *; style-src 'unsafe-inline' tagmanager.google.com; default-src * 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cd2c7641-0a11-49d3-9217-ae467e1feaee 1 frame-ancestors 'self' http://*.vodafone.com http://*.vodafone.it https://*.vodafone.com https://*.vodafone.it 1 connect-src 'self' https: blob: 1 default-src 'self' https:; base-uri 'self'; block-all-mixed-content; child-src 'self' https: blob:; connect-src 'self' wss: https: blob:; font-src 'self' data: https:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' app.optimizely.com *.eventbrite.com video214.com animoto.com; img-src 'self' data: https: blob: android-webview-video-poster:; manifest-src 'self'; media-src 'self' https: data: blob:; object-src 'self' www.paypalobjects.com d150hyw1dtprld.cloudfront.net; prefetch-src 'self' https:; script-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://sentry.io/api/1401029/security/?sentry_key=b94ac67e5c014425a0fe8cb868528601 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.liveabout.com *.qa.aws.liveabout.com atlas.liveabout.com atlas.local.liveabout.com 1 default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/id *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/; 1 default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://codeburst.io https://*.codeburst.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=9fb99a50-c025-4a84-b90c-c708a3e65198&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=9fb99a50-c025-4a84-b90c-c708a3e65198&version=sha%3D08d263b5b0c8&report_only=false 1 script-src 'unsafe-inline' 'unsafe-eval' *.diplomatie.gouv.fr *.aticdn.net *.france-visas.gouv.fr france-visas.gouv.fr; 1 script-src 'self' https://www.lofter.com *.dun.163yun.com *.netease.com *.127.net *.126.net qiyukf.com *.163.com https://10.120.145.54 *.w3t.cn *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com res.wx.qq.com 3gimg.qq.com jsapi.qq.com 127.0.0.1:* 59.111.29.38:* 10.241.1.94:* 10.240.100.206:* 'unsafe-inline' 'unsafe-eval' blob:;style-src * 'unsafe-inline' data:; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfit.com *.qa.aws.verywellfit.com atlas.verywellfit.com atlas.local.verywellfit.com https://specials.verywellfit.com 1 frame-ancestors *.ntu.edu.sg 1 script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com; worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com; object-src 'self'; style-src 'unsafe-inline' data: *.qwant.com *.qwantjunior.com *.kamoov.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com; form-action 'self'; frame-ancestors *.qwant.com *.qwantjunior.com lmqt.fyi; frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com; font-src 'self'; img-src blob: 'self' s1.qwant.com s2.qwant.com s.qwant.com data: s-boards.qwant.com s-lite.qwant.com www.qwant.com; default-src 'self' data: blob:; base-uri 'self'; block-all-mixed-content; connect-src *.qobuz.com *.apple.com wss://masq-ws.qwant.com *.qwant.com extras.qwantjunior.com; media-src blob: *.qwant.com *.apple.com *.qobuz.com; 1 default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src https://reverse.geocoder.cit.api.here.com dotcomaramexdev.blob.core.windows.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com http://js.api.here.com https://code.jquery.com *.facebook.com *.addthis.com www.googletagmanager.com api.sociaplus.com js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com tools.euroland.com aramex.api.sociaplus.com 1.pano.maps.cit.api.here.com locationv2.api.sociaplus.com 1.base.maps.cit.api.here.com 1.aerial.maps.cit.api.here.com 1.traffic.maps.cit.api.here.com 1.base.maps.cit.api.here.com route.cit.api.here.com ;style-src 'self' js.api.here.com fonts.googleapis.com js.cit.api.here.com http://js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com gamma.euroland.com tools.euroland.com 'unsafe-inline';img-src * data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action 'self' 'unsafe-inline'; frame-src 'self' charts3.equitystory.com irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com gamma.euroland.com tools.euroland.com tools.eurolandir.com aramex.api.sociaplus.com api.sociaplus.com *.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.pe ; frame-src 'self' *.indeed.com *.indeed.com.pe https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.pe d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=852b3313-c1aa-4759-b8df-cac0feea186c 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; frame-ancestors 'self' *.cienradios.com www.clarin.com *.devcr.com.ar *.cienradios-pre.com.ar prepro.int.clarin.com *.prepro.int.clarin.com viapais.com.ar *.viapais.com.ar alpha.viapais.com.ar *.alpha.viapais.com.ar beta.viapais.com.ar *.beta.viapais.com.ar prepro.viapais.com.ar *.prepro.viapais.com.ar cdn.ampproject.org *.cdn.ampproject.org google.com *.google.com google.com.ar *.google.com.ar; 1 frame-ancestors https://www.ysl.com/ https://www.ysl.com/ ; 1 upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; 1 script-src 'nonce-xn5QtYMVfpCq5MQOnuz1ZaAX4UE=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample'; object-src 'self' *.content.kidsa-z.com; frame-ancestors 'self' https://*.kidsa-z.com https://*.readinga-z.com https://*.raz-plus.com https://*.raz-kids.com https://*.headsprout.com https://*.sciencea-z.com https://*.writinga-z.com https://*.vocabularya-z.com https://*.readytesta-z.com;base-uri 'none'; report-uri /api/strict-csp-report; 1 img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src https:; worker-src blob:; report-uri https://dailykos.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests; 1 frame-ancestors *.dowjones.net *.onservo.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2e7848f2-7138-4245-8bc6-c974e54a430f 1 default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' zona: http://install.zonastat.com https://dl.appzona.org http://vk.com https://vk.com https://login.vk.com http://tools.bongacams.com https://cdn-static-secure.liverail.com http://skycdnhost.com https://skycdnhost.com http://tvmir.ru http://out.pladform.ru http://*.24video.com *.24video.net *.24video.cc *.24video.me *.24videos.me *.24video.xxx 24video.ws *.24video.xxx:8080 *.24video.sex;img-src * data:;media-src * blob:;font-src * data:;object-src *;connect-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com http://skycdnhost.com https://skycdnhost.com https://vk.com http://vk.com http://zona.ru js-agent.newrelic.com https://bam.nr-data.net http://bam.nr-data.net c1.onedmp.com tools.runetki.co www.24video.com www.24video.net www.24video.cc www.24video.me www.24videos.me *.24video.xxx https://upload.24v.tv http://upload.24video.adult http://sibvic.ru http://tarkita.ru http://darangi.ru http://ictowaz.ru http://stat.php-d.com http://startstat.ru http://cdn-static.liverail.com livestatisc.com andwronsit.ru cdn7.rocks hgbn.rocks hgbn.rocks cdn7.rocks 192c07d2631da4c.com ee2020419e64bd.com 164e1ca9ba.com 84bd03a2952.com 4fe8f9e14637e5.com 0117cfb042e2d48.com ab23e84117d41e7.com a48121a28f76f93.com 369bd3a861d8c27.com https://mc.yandex.ru http://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com yastatic.net;child-src 'self' blob: 1 connect-src 'self' https://*.tesco.com https://*.optimizely.com https://*.adobedtm.com https://*.tt.omtrdc.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.com:* wss://*.hotjar.com https://cdn.appdynamics.com https://col.eum-appdynamics.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://dpm.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tesco.com https://*.optimizely.com https://static.hotjar.com https://script.hotjar.com https://*.adobedtm.com https://*.tt.omtrdc.net https://*.google-analytics.com https://cdn.appdynamics.com https://col.eum-appdynamics.com https://maps.googleapis.com https://ds-aksb-a.akamaihd.net https://*.googletagservices.com https://*.doubleclick.net https://adservice.google.co.in/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://adservice.google.co.uk/adsid/integrator.js https://adservice.google.ie/adsid/integrator.js https://pagead2.googlesyndication.com/pagead/osd.js https://*.sociomantic.com https://www.googletagmanager.com/gtag/js https://www.googleadservices.com https://www.google.com/ads https://dpm.demdex.net https://*.omniture.com nonce-195a9fd2f5cf223176a3ba71cc36d61dc8c65dc6b6f1ad63cce51d8c66685aa289d891cd092cf89481914306a53c35aad40e16b109668fdaa3022fdc8bd89b08273e1b237a670a70ede8cccad244de7e0de750f3e0903ef9aaec5368d0ea187b572729d2aacd6d202f5246f879b41a90fbe1c5cf0f037847e8d05dbf34428491ae60481959853b9f78860048ed995c994c96be9c06b1d84fce08e5b93d0e41ddc3b406f528881edf32819a2932ac53ba08db3491f3df2289c00d82e3ea2df699845f734600babf5d7e70a1e7e9e859d4ff219ada18896fd35455eebc2ec600f88a74a1023c956ea693e867290dab6ddfbaaf9e06f33ea23514a4ca9ad072c43c; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://* data:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self' https://app.optimizely.com https://*.doubleclick.net; child-src 'self' https://*.doubleclick.net https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com; frame-src https://*.googleadservices.com https://*.googlesyndication.com https://5035317.fls.doubleclick.net https://vars.hotjar.com https://*.cdn.optimizely.com https://*.optimizely.com https://*.googletagservices.com https://*.doubleclick.net https://*.sociomantic.com https://testci.demdex.net/; object-src 'none'; report-uri /ce-assets/csp-report-violation 1 default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 1 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com platform.twitter.com www.google.com www.gstatic.com ; style-src 'self' 'unsafe-inline' ; img-src * data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; connect-src 'self' opencollective.com ; object-src 'none' ; child-src 'self' www.youtube.com www.google.com webchat.quakenet.org ; frame-ancestors 'none' ; form-action 'self' www.paypal.com www.sandbox.paypal.com ; media-src 'self' pub.rachni.com 1 script-src 'self' 'unsafe-inline' https://*.imedia.cz https://*.hit.gemius.pl https://connect.facebook.net https://*.facebook.com https://*.stream.cz; report-uri /cspreport; 1 object-src * 'unsafe-inline' 1 frame-ancestors 'self' file: filesystem: http://localhost:8080 app.optimizely.com; 1 frame-ancestors 'self' *.jetstar.com/; 1 frame-ancestors 'self' https://appear.in https://*.appear.in https://*.whitehatjr.com; 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-c0009edb2753325517b82656cd3d7411' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=6b0ab11c-5e84-4d0b-893a-26a258df7366&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=6b0ab11c-5e84-4d0b-893a-26a258df7366&version=sha%3D08d263b5b0c8&report_only=false 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/allure 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.fr ; frame-src 'self' *.indeed.com *.indeed.fr https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.fr d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=332d371d-2128-442a-acf4-58264f547b70 1 frame-ancestors https://customersso.publix.com/ 'self' 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-3b989edbba47278b75a1715dda53ffe9' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://b92.yahoo.co.jp 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=b923085f-34a2-45de-9be7-78d03cf79c76&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=b923085f-34a2-45de-9be7-78d03cf79c76&version=sha%3Db68f26972e89&report_only=false 1 frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=e5572626-8eed-4bb6-8308-2ed59d588ae0 1 default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com https://www.gstatic.com http://static.ads-twitter.com https://analytics.twitter.com 'nonce-HlyCGr4skU9jkgnIPAd9jQPNFFVXs3kv' data:; connect-src 'self' *.blockchain.com *.blockchain.info https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct; style-src 'self' https://rsms.me https://fonts.googleapis.com 'nonce-HlyCGr4skU9jkgnIPAd9jQPNFFVXs3kv'; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self'; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=0dca77f3-770a-446e-89ca-f35f447419ac 1 default-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'self' 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-glOSOMjhPl' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-BOpNrEUMlX' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dnn506yrbagrg.cloudfront.net https://www.googletagmanager.com https://vjs.zencdn.net https://cdn.mathjax.org https://www.sc.pages02.net https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.google-analytics.com https://jobs.jobvite.com https://plus.google.com https://www.googleadservices.com https://players.brightcove.net http://ie7-js.googlecode.com https://apis.google.com https://d1fc8wv8zag5ca.cloudfront.net https://connect.facebook.net https://*.criteo.com https://s.pinimg.com https://bat.bing.com https://*.criteo.net https://ajax.googleapis.com https://*.doubleclick.net https://platform.twitter.com https://*.ads-twitter.com https://*.googlesyndication.com https://boards.greenhouse.io https://adservice.google.com https://snap.licdn.com https://s3.amazonaws.com https://analytics.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://*.traversedlp.com https://tagmanager.google.com https://*.cloudfunctions.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' data: blob: https://*.pages02.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://www.facebook.com https://ct.pinterest.com https://www.google.com https://bat.bing.com https://*.doubleclick.net https://q.quora.com https://*.linkedin.com https://*.criteo.net https://secure.adnxs.com https://cdn.optimizely.com https://www.bizographics.com https://www.google-analytics.com https://placehold.it https://*.criteo.com https://www.w3.org https://*.googlesyndication.com https://rwgoogle-webservices-7.texthelp.com https://rwedge-webservices.texthelp.com https://adservice.google.com https://gtrk.s3.amazonaws.com https://user-event-tracker.crazyegg.com https://t.co https://pinterest.adsymptotic.com https://pointclicktrack.com https://*.hotjar.com https://www.googletagmanager.com https://*.adsrvr.org https://*.gstatic.com; frame-src 'self' https://*.ixl.com https://www.youtube.com https://jobs.jobvite.com https://players.brightcove.net https://accounts.google.com https://*.criteo.com https://www.gstatic.com https://*.doubleclick.net https://*.googlesyndication.com https://boards.greenhouse.io https://app.optimizely.com https://a14220909.cdn.optimizely.com https://www.google.com/recaptcha/ https://*.hotjar.com https://abcya-media.ixl.com; object-src 'self' https://abcya-media.ixl.com; media-src 'self' blob: https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://rwforg.speechstream.net/; connect-src 'self' https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net/ https://*.optimizely.com https://*.greenhouse.io https://csm.sv.us.criteo.net https://www.google-analytics.com https://docs.google.com https://rwforg.speechstream.net/ https://rwgoogle-webservices-7.texthelp.com https://rwedge-webservices.texthelp.com https://ct.pinterest.com https://*.abcya.com https://*.hotjar.com wss://*.hotjar.com https://www.googleapis.com https://*.traversedlp.com https://pubsub.ixl.com wss://pubsub.ixl.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; frame-ancestors 'self' https://blog.ixl.com/ http://support/ http://supportvm/ http://support.quiacorp.com/ http://supportvm.quiacorp.com/ http://try.quiacorp.com/; report-uri /actions/csp/report; 1 frame-ancestors 'self' hhs.gov *.hhs.gov 1 frame-ancestors kink.com 1 default-src 'self' https://gidonline.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gidonline.io *.braun634.com reichelcormier.bid *.adbetnet.com json.bannersvideo.com serving.adbetclickin.pink cdn.hdat.xyz hhit.xyz cdn7.rocks hgbn.rocks *.mxttrf.com oconner.link franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com *.criteo.com https://apis.google.com counter.yadro.ru; frame-src 'self' https://gidonline.io *.braun634.com *.adbetnet.com adbetnet.advertserve.com json.bannersvideo.com https://bannersvideo.com serving.adbetclickin.pink franecki.net *.acdnpro.com *.r.acdnpro.com *.acdnlab.com biocdn.com cdn.hdat.xyz oconner.link *.r.worldssl.net counter.yadro.ru https://pandastream.cc moonwalk.cc https://trailerclub.me https://streamguard.cc *.youtube.com https://www.youtube.com https://apis.google.com; connect-src 'self' https://gidonline.io franecki.net reichelcormier.bid https://xml.bannersvideo.com wss://ws.hghit.com/ws *.onedmp.com wss://oconner.link:8041; style-src 'self' 'unsafe-inline' https://gidonline.io counter.yadro.ru; font-src 'self' https://gidonline.io counter.yadro.ru fonts.gstatic.com; img-src 'self' data: https://gidonline.io *.braun634.com *.gemius.pl *.adbetnet.com reichelcormier.bid serving.adbetclickin.pink imgg-cdn.adskeeper.co.uk imgg-cdn.mgid.com *.r.acdnpro.com creatives.adbetclickin.pink hg-bn.com ws.hghit.com c.datpix.net hhit.xyz hgbn.space hgbn1.com hgbnr.com hgbn.rocks cdn7.rocks hghit.com *.mxttrf.com *.deltacdn.net *.r.worldssl.net https://ft.imgsniper.com front.facetz.net counter.yadro.ru *.gstatic.com; object-src 'self' https://gidonline.io counter.yadro.ru 1 default-src 'self' blob: https://*.futurelearn.com; object-src https://*.vzaar.com https://vzaar-video.ccindex.cn https://vjs.zencdn.net; base-uri 'self' https://*.futurelearn.com; frame-ancestors 'self' https://*.futurelearn.com; frame-src 'self' *; connect-src 'self' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: about: *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' *; font-src 'self' about: data: *; report-uri /csp-violation 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.imedia.cz http://*.imedia.cz https://*.imedia.cz *.pliing.com http://*.pliing.com https://*.pliing.com gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.seznamzpravy.cz https://www.seznamzpravy.cz *.pubmatic.com *.adform.net *.adnxs.com *.doubleclick.net *.doubleverify.com *.serving-sys.com ads.celtra.com login.szn.cz http://login.szn.cz https://login.szn.cz *.consensu.org; frame-ancestors 'self' www.seznam.cz share.seznam.cz www.seznamzpravy.cz adminzpravy.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1 frame-ancestors 'self' *.techrepublic.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.unicef.org *.sharethis.com rules.quantcount.com connect.facebook.net secure.quantserve.com www.google-analytics.com www.googletagmanager.com cdn.poll-maker.com embeds.tagboard.com maps.googleapis.com e.infogram.com *.hscampaigns.com *.getchute.com ssl.mousestats.com tagmanager.google.com js-agent.newrelic.com bam.nr-data.net js-agent.newrelic.com/* www.youtube.com s.ytimg.com *.instagram.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com cdn.nativemsg.com hm.baidu.com optimize.google.com siteimproveanalytics.com downloads.mailchimp.com mc.us2.list-manage.com sjs.bizographics.com unicef.us2.list-manage.com s3.amazonaws.com www.googleadservices.com *.doubleclick.net; object-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.sharethis.com cdn.poll-maker.com stories.getchute.com cdn-images.mailchimp.com downloads.mailchimp.com l.sharethis.com platform.twitter.com optimize.google.com *.unicef.org; img-src 'self' data: *.unicef.org www.google-analytics.com ssl.gstatic.com sb.scorecardresearch.com *.sharethis.com www.facebook.com pixel.quantserve.com stats.g.doubleclick.net www.gstatic.com cdn.poll-maker.com csi.gstatic.com maps.gstatic.com maps.googleapis.com www.google.com scontent.cdninstagram.com pixel.getchute.com media.chute.io static.getchute.com avatars.io syndication.twitter.com pbs.twimg.com platform.twitter.com dynamite-images.appspot.com hm.baidu.com www.googletagmanager.com unicef-images.appspot.com 88988.global.siteimproveanalytics.io cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com; media-src 'self' scontent.cdninstagram.com video.twimg.com; frame-src 'self' www.facebook.com www.google.com *.twitter.com e.infogram.com *.sharethis.com *.hscampaigns.com embeds.tagboard.com www.youtube.com infogram.com connect.facebook.net *.unicef.org api.getchute.com static.getchute.com giphy.com *.wufoo.com staticxx.facebook.com www.instagram.com cdn.nativemsg.com twitter.com *.ustream.tv *.youku.com c.sharethis.mgr.consensu.org optimize.google.com embed.ted.com *.doubleclick.net; child-src 'self'; font-src 'self' fonts.gstatic.com data: maxcdn.bootstrapcdn.com stories.getchute.com *.unicef.org; connect-src 'self' *.sharethis.com www.quiz-maker.com ssl.mousestats.com www.google-analytics.com s3.amazonaws.com getchute.com *.getchute.com c.sharethis.mgr.consensu.org stats.g.doubleclick.net unicefhq.cp.bsd.net script.google.com script.googleusercontent.com *.unicef.org; report-uri /report-csp-violation 1 frame-ancestors 'self'; script-src https://cnimg.joyclub.de/ *.joyclub.de https://maps.googleapis.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ www.googletagmanager.com *.youtube.de *.youtube.com *.youtube.ch *.youtube.at *.youtube.be https://www.youtube-nocookie.com https://vimeo.com www.tenor.com *.giphy.com https://www.gstatic.com/ https://*.x-check.de/ https://connect.facebook.net/ 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 1 default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: wss:; frame-src https: appsflyerevent: fbrpc:; img-src https: blob: data:; report-uri https://internations.report-uri.com/r/t/csp/enforce 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; font-src https: data:; media-src https: data: blob:; object-src https; frame-ancestors 'self' https://secure.thetoptens.com/ https://avatars.thetoptens.com/; 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.ca ; frame-src 'self' *.indeed.com *.indeed.ca https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.ca d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 base-uri 'none'; default-src 'none'; child-src *.google.com *.youtube.com; connect-src 'self' wss://*.zopim.com engine-api.presearch.org wss://engine-api.presearch.org; font-src 'self' data: *.zopim.com *.typekit.net use.fontawesome.com fonts.gstatic.com; form-action 'self' *; frame-ancestors 'none'; img-src 'self' *.zopim.com *.wikimedia.org data:; media-src 'self'; object-src 'none'; script-src 'self' *.zopim.com *.google.com *.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.typekit.net use.fontawesome.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; 1 default-src * data: blob:;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm *.mktoresp.com *.workplace.tools;report-uri https://www.workplace.com/csp/reporting/ 1 frame-ancestors https://www.particulares.santandertotta.pt 'self'; 1 default-src http: https: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.guidelive.com *.dallasnews.com *.dentonrc.com *.google.com 1 default-src 'self' https: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *;style-src 'self' 'unsafe-inline';img-src 'self' data: 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://code.highcharts.com https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ajax/libs/Chart.js/ https://cdn.jsdelivr.net/npm/md5-jkmyers@0.0.1/md5.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://*.weirdgloop.org https://*.runescape.wiki https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://en.wikipedia.org https://commons.wikimedia.org https://www.mediawiki.org https://unpkg.com; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.weirdgloop.org https://*.runescape.wiki https://fonts.googleapis.com; frame-src www.google.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; base-uri 'self' 1 'frame-ancestors' http://localhost:8100 https//*.tn.gov 1 frame-ancestors http://www.r18.com/ 1 frame-ancestors 'self' http://www.tatasky.com; 1 connect-src 'self' logx.optimizely.com *.optimizely.com api.segment.io https://*.internal-weedmaps.com https://*.weedmaps.com https://internal-weedmaps.com https://weedmaps.com api.amplitude.com *.google-analytics.com cdn.contentful.com performance.typekit.net *.uptime.com api.honeybadger.io d.btttag.com sdk.iad-03.braze.com;default-src 'none';font-src 'self' data: use.typekit.net;frame-ancestors 'self';frame-src 'self' boards.greenhouse.io hire.withgoogle.com www.youtube.com app.optimizely.com a6360251288.cdn.optimizely.com www.google.com https://*.instagram.com https://*.twitter.com https://*.facebook.com d.btttag.com tr.snapchat.com pixel-a.basis.net pixel.sitescout.com;img-src 'self' data: stats.g.doubleclick.net *.google-analytics.com *.weedmaps.com https://wm-platform-users-production.s3-us-west-2.amazonaws.com *.internal-weedmaps.com weedmaps-uploads-production.s3.amazonaws.com p.typekit.net i.ytimg.com api.mapbox.com acuityplatform.com *.ytimg.com *.google.com cdn.optimizely.com pixel-a.basis.net *.twimg.com *.twitter.com images.ctfassets.net stackadapt.com appboy-images.com pixel.sitescout.com;report-uri https://api-g.weedmaps.com/policy/reports;script-src 'self' 'unsafe-eval' *.greenhouse.io stackadapt.com pixel.sitescout.com pixel-a.basis.net clickserv.basis.net clickserv.sitescout.com tr.snapchat.com sc-static.net *.google-analytics.com d24n15hnbwhuhn.cloudfront.net cdn.segment.com acuityplatform.com use.typekit.net *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com js.honeybadger.io https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uptime.com https://cdn.amplitude.com/libs/ *.instagram.com https://*.twitter.com https://*.twimg.com https://*.facebook.net weedmaps13671z.btttag.com *.googletagmanager.com 'nonce-dixIahd/fULGvXUDzPQYLs4Cae6qJdJ2iDBwWGPeE8lALrZ+' ;style-src 'self' data: 'unsafe-inline' *.twitter.com *.twimg.com;manifest-src 'self' 1 frame-ancestors https://apps.facebook.com; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net *.eloqua.com *.en25.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.pinterest.com *.twimg.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com bat.bing.com cdn-akamai.mookie1.com cdn.ampproject.org cdn.fontawesome.com connect.facebook.net ds-aksb-a.akamaihd.net googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com maps.googleapis.com marketing.adobe.com munchkin.marketo.net nebula-cdn.kampyle.com optimize.google.com platform.linkedin.com platform.twitter.com s.ytimg.com script.hotjar.com static.ads-twitter.com static.hotjar.com tagmanager.google.com tags.tiqcdn.com www.cdic.ca www.google.com www.googletagmanager.com www.sadc.ca www.youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net *.eloqua.com *.en25.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.pinterest.com *.twimg.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com bat.bing.com cdn-akamai.mookie1.com cdn.ampproject.org cdn.fontawesome.com connect.facebook.net ds-aksb-a.akamaihd.net googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com maps.googleapis.com marketing.adobe.com munchkin.marketo.net nebula-cdn.kampyle.com optimize.google.com platform.linkedin.com platform.twitter.com s.ytimg.com script.hotjar.com static.ads-twitter.com static.hotjar.com tagmanager.google.com tags.tiqcdn.com www.cdic.ca www.google.com www.googletagmanager.com www.sadc.ca www.youtube.com; font-src 'self' *.pinterest.com data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com optimize.google.com tagmanager.google.com www.googletagmanager.com; img-src 'self' *.demdex.net *.eloqua.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.twimg.com bat.bing.com blob: cm.everesttech.net cx.atdmt.com data: https://*.dec.sitefinity.com https://dec.azureedge.net https://delicious.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://syndication.twitter.com img.youtube.com optimize.google.com pbs.twimg.com pcfinancial.sc.omtrdc.net platform.tumblr.com platform.twitter.com/css/ stats.g.doubleclick.net t.co t.com tagmanager.google.com track.hubspot.com udc-neb.kampyle.com web.facebook.com www.facebook.com www.google.ca www.google.com www.googletagmanager.com www.linkedin.com www.redditstatic.com nebula-cdn.kampyle.com ds-aksb-a.akamaihd.net www.cdic.ca; media-src 'self' *.pinterest.com blob: data: optimize.google.com tagmanager.google.com www.googletagmanager.com; frame-src 'self' *.demdex.net *.doubleclick.net *.pinterest.com cdn-akamai.mookie1.com optimize.google.com platform.twitter.com tagmanager.google.com tags.tiqcdn.com vars.hotjar.com www.googletagmanager.com www.youtube.com nebula-cdn.kampyle.com; child-src 'self' *.demdex.net *.pinterest.com accounts.google.com apis.google.com badge.stumbleupon.com https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://w.soundcloud.com/ https://www.youtube.com/ optimize.google.com staticxx.facebook.com tagmanager.google.com vars.hotjar.com web.facebook.com www.facebook.com www.googletagmanager.com; connect-src 'self' *.demdex.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.mktoresp.com *.pinterest.com accounts.google.com https://*.dec.sitefinity.com https://dec.azureedge.net https://delicious.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://syndication.twitter.com optimize.google.com pcfinancial.sc.omtrdc.net tagmanager.google.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.linkedin.com www.redditstatic.com www.cdic.ca; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *; report-uri /actions/csp/report; 1 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; frame-ancestors https://*.eztravel.com.tw http://*.eztravel.com.tw 1 frame-ancestor 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googleapis.com *.halkbank.com.tr *.google.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.facebook.net; font-src 'self' *.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.halkbank.com.tr *.google.com *.google.com.tr *.gstatic.com *.facebook.com *.facebook.com.tr *.doubleclick.net *.facebook.net ; media-src 'self' *.halkbank.com.tr; frame-src 'self' *.foreks.com *.halkbank.com.tr *.doubleclick.net *.youtube.com *.google.com; connect-src 'self' *.facebook.com; object-src 'self'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.flashback.org https://static.flashback.org; img-src 'self' data: https://static.flashback.org; style-src 'self' 'unsafe-inline' https://static.flashback.org; font-src 'self' https://static.flashback.org; form-action 'self'; connect-src 'self'; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'; 1 script-src 'self' *.abmr.net *.awin1.com *.dwin1.com *.bazaarvoice.com *.bing.com *.brsrvr.com *.doubleclick.net *.euro.confirmit.com *.facebook.com *.fredhopperservices.com *.google.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kfplc.com *.micpn.com *.network-eu.bazaarvoice.com *.paypalobjects.com *.res-x.com *.screwfix.com *.screwfix.local *.tiqcdn.com *.trustarc.com *.truste.com *.twitter.com *.wufoo.com *.yottaa.net *.youtube.com *.zenaps.com analytics.twitter.com bat.bing.com k1u3gele.micpn.com screwfixmedia.co.uk tealiumiq.com youtube.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.gstatic.com 1 default-src 'self' *.g2crowd.com *.g2.com; child-src *; connect-src *; font-src * data:; form-action *; img-src * data:; manifest-src 'self' *.g2crowd.com *.g2.com; media-src * blob:; object-src 'self' *.g2crowd.com *.g2.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob: 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-4fab3fb8d8bbbd30c7082062ee42e546' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=512d9bf7-2b25-4f52-a8f1-54aea0dd1919&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=512d9bf7-2b25-4f52-a8f1-54aea0dd1919&version=sha%3D08d263b5b0c8&report_only=false 1 frame-ancestors https://*.settour.com.tw; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/epicurious 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=fa66fab9-89cc-4f76-b388-94f4173f59f6 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.googletagservices.com *.googlesyndication.com *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.google.com *.bootstrapcdn.com *.instagram.com *.cloudfront.net *.jquery.com *.facebook.com *.facebook.net *.gstatic.com *.tryinteract.com *.standardmedia.co.ke placehold.it/728x90 placehold.it/300x250 polldaddy.com *.polldaddy.com *.twitter.com *.youtube.com *.syndication.twimg.com log.adaptv.advertising.com *.amazonaws.com *.ustream.tv *.twimg.com withgoogle.com *.onthe.io *.withgoogle.com https://cdn.ampproject.org https://maxcdn.bootstrapcdn.com *.sde.co.ke https://cdn.probtn.com http://img.youtube.com *.probtn.com *.outbrain.com *.google.co.ke *.cloudflare.com https://soundcloud.com pixel.alexametrics.com *.alexametrics.com *.ampproject.net *.taboola.com *.viewst.com *.probtn.com *.bkrtx.com *.onesignal.com *.scorecardresearch.com *.bluekai.com *.issuu.com *.mediapal.net *.eskimi.com *.amazonaws.com standardmedia.us19.list-manage.com *.mailchimp.com *.shoutcast.com cr-input.mxpnl.net https://instagram.fnbo1-1.fna.fbcdn.net *.dailymotion.com https://dailymotion.com/ https://mc.us19.list-manage.com; 1 frame-ancestors 'none'; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 1 base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://*.tenor.co https://*.tenor.com https://api.tenor.com https://api.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv 'nonce-YzI0YWI4ODQtN2NkZS00YzdmLTk5MWItOWQwZDA2ZWE4Njll' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/; object-src 'none' 1 frame-ancestors *.flyscoot.com dev-flyscoot.com uat-flyscoot.com flyscoot-prod.azurewebsites.net; 1 frame-ancestors https://*.mygreatlakes.org https://*.glhec.org https://*.greatlakeslink.com 'self' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://uwaterloo.ca https://*.uwaterloo.ca https://maxcdn.bootstrapcdn.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.googleadservices.com https://*.g.doubleclick.net https://6263835.fls.doubleclick.net https://cdnjs.cloudflare.com https://twitter.com https://*.twitter.com https://*.twimg.com https://twitter-widgets.s3.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.youtube.com https://*.youtube-nocookie.com https://s.ytimg.com https://*.livestream.com https://*.webspellchecker.net https://cdn.mathjax.org https://storify.com https://*.addtoany.com https://*.vimeo.com https://*.vimeocdn.com https://*.tintup.com https://*.71n7.com https://d36hc0p18k1aoc.cloudfront.net https://cdn.hypemarks.com https://cdn.leafletjs.com https://cdn-geoweb.s3.amazonaws.com https://cdn.maptiks.com https://api.tiles.mapbox.com https://d591zijq8zntj.cloudfront.net https://*.libanswers.com https://*.libchat.com https://secure.skype.com https://cdn-akamai.mookie1.com https://*.tiqcdn.com https://o2.eyereturn.com https://snap.licdn.com https://*.ads.linkedin.com https://*.hscampaigns.com https://secure.adnxs.com https://public.tableau.com; img-src * data: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.aws.training https://a0.awsstatic.com https://js.api.here.com https://*.cit.api.here.com https://dev.ditu.live.com https://*.dev.virtualearth.net https://*.payments-amazon.com https://*.amazon.com https://*.bing.com https://*.virtualearth.net https://munchkin.marketo.net https://payments.amazon.co.jp/ https://payments.amazon.co.uk https://*.amazon.de https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; object-src 'self'; img-src 'self' data: blob: https://*.dev.virtualearth.net https://*.ssl.ak.tiles.virtualearth.net https://*.ssl.ak.dynamic.tiles.virtualearth.net https://static.aws.training https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://js.api.here.com https://*.cit.api.here.com https://images-na.ssl-images-amazon.com https://internal-cdn.amazon.com https://d2ldlvi1yef00y.cloudfront.net/ https://d23yuld0pofhhw.cloudfront.net https://d1oct1bdmx33tz.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com https://fls-na.amazon.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://static.aws.training https://js.api.here.com https://a0.awsstatic.com https://images-na.ssl-images-amazon.com https://ecn.dev.virtualearth.net https://images-eu.ssl-images-amazon.com https://www.bing.com https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; connect-src 'self' https://*.cit.api.here.com https://www.amazon.com https://api.amazon.com https://amazonwebservices.d2.sc.omtrdc.net https://*.amazonpay.com https://apac.account.amazon.com https://eu.account.amazon.com https://*.virtualearth.net https://*.mktoresp.com https://s0.awsstatic.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://payments.amazon.co.jp https://payments-jp.amazon.com https://*.amazon.de https://payments-de.amazon.com https://cdn.aws.training; font-src 'self' data: https://static.aws.training https://cdn.aws.training https://kiku-s3-webassets-syvz21p16af0.s3.amazonaws.com/; media-src 'self' https://cdn.aws.training; child-src 'self' https://*.amazon.com https://www.bing.com https://*.amazon.co.jp/ https://*.amazon.co.uk https://*.payments-amazon.com https://*.amazon.de; 1 frame-ancestors 'self' https://trailblazer-identity.lightning.force.com https://trailblazer-identity.my.salesforce.com 1 upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1 default-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; img-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; media-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; script-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; font-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.twitter.com *.dailymotion.com *.paybox.com https: 'unsafe-inline'; 1 default-src 'self' blob:; frame-src 'self' connect.trezor.io:443; img-src 'self' data: blob: nft.mewapi.io:443; script-src 'unsafe-eval' 'unsafe-inline' blob: https:; style-src 'self' 'unsafe-inline' https:; object-src 'none'; connect-src *; 1 frame-ancestors 'self' https://gitlab.lookbookhq.com https://learn.gitlab.com; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thespruceeats.com *.qa.aws.thespruceeats.com atlas.thespruceeats.com atlas.local.thespruceeats.com 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/golfdigest 1 default-src 'self' *.lendingclub.com lendingclub.com 'self' *.extole.io *.xtlo.net; img-src * data: 'self' *.extole.io *.xtlo.net data: api.cloudsponge.com; script-src 'unsafe-inline' 'self' *.lendingclub.com lendingclub.com js-agent.newrelic.com bam.nr-data.net t.a3cloud.net cdn.plaid.com *.googletagmanager.com/gtag/ *.googleadservices.com/pagead/ googleads.g.doubleclick.net/pagead/ s.pinimg.com connect.facebook.net tags.tiqcdn.com www.google-analytics.com 'unsafe-eval' *.optimizely.com optimizely.s3.amazonaws.com *.loggly.com *.persado.com cdn-assets-prod.s3.amazonaws.com; connect-src 'self' js-agent.newrelic.com bam.nr-data.net ct.pinterest.com *.optimizely.com 'self' *.cloudsponge.com *.extole.io *.xtlo.net refer.lendingclub.com; frame-src 'self' cdn.plaid.com 'self' view.ceros.com creative-services.ceros.com static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-desktop/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-tablet/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-mobile/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-quiz-desktop/index.html static.lendingclub.com/www/src/hosted/ceros-pages/financial-health-quiz-mobile/index.html; font-src 'self' *.lendingclub.com data: static.lendingclub.com/www/src/hosted/fonts/neue-haas-grotesk/neue-haas-grotesk-text-regular.woff2 static.lendingclub.com/www/src/hosted/fonts/neue-haas-grotesk/neue-haas-grotesk-text-bold.woff2 'self' *.extole.io *.xtlo.net fonts.gstatic.com api.cloudsponge.com; style-src 'unsafe-inline' 'self' 'self' 'unsafe-inline' *.extole.io *.xtlo.net fonts.googleapis.com api.cloudsponge.com; report-uri /site/csp/report /site/csp/report; media-src static.lendingclub.com 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src *; font-src *; media-src *; frame-src *; connect-src *; 1 frame-ancestors 'self' www.wix.com www.facebook.com shahapp.myshopify.com *.myshopify.com t.hs-growth-metrics.com; 1 frame-ancestors 'self' *.parentlink.com *.parentlink.net *.parlant.com *.cloudspeaker.com *.memberspark.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com *.recaptcha.net *.gstatic.cn *.gstatic.com *.google.com recaptcha.net *.google.cn 1 base-uri 'self';child-src blob: *;connect-src *;default-src 'self';font-src * data:;frame-ancestors 'self';frame-src blob: *;img-src * data:;media-src blob: *;script-src * 'unsafe-inline' 'unsafe-eval' data:;style-src * 'unsafe-inline';worker-src blob: * 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-f72afa4806f5c04436762dbf8b799a99' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=01020e92-b8d0-4144-a7d2-f066a8a4cbd9&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=01020e92-b8d0-4144-a7d2-f066a8a4cbd9&version=sha%3Db68f26972e89&report_only=false 1 referrer unsafe-url; source-src none 1 default-src 'self' *.binomo.com; connect-src 'self' ekr.zdassets.com api.snrbox.com fcm.googleapis.com proxy.snrbox.com tck.snrbox.com wss://messenger.snrbox.com dc.snrbox.com www.googleapis.com www.google-analytics.com wss://*.zopim.com wss://*.cackle.me binomo.zendesk.com mc.yandex.ru *.intercom.io wss://*.intercom.io app.getsentry.com *.kameleoon.com *.binomo.com wss://as.binomo.com:* wss://ws.binomo.com:*; font-src data: 'self' *.zopim.com js.intercomcdn.com fonts.gstatic.com mc.yandex.ru *.livechatinc.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.binomo.com; frame-src *; img-src * data:; media-src 'self' www.snrcdn.net *.binomo.com; script-src 'self' *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io www.snrcdn.net *.intercomcdn.com binomo.co *.kameleoon.com *.cackle.me cackle.me cdn.rutarget.ru *.adroll.com gscst-84a.kxcdn.com *.getsitecontrol.com binstats.com *.googletagmanager.com *.google-analytics.com mc.yandex.ru *.mail.ru echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.ytimg.com www.gstatic.com *.livechatinc.com www.googleadservices.com binomo.go2affise.com proxy.synerise.com *.adnetwork.vn yastatic.net 'unsafe-eval' 'unsafe-inline' *.binomo.com; style-src 'self' *.google.com static.kameleoon.com *.cackle.me fonts.googleapis.com www.snrcdn.net 'unsafe-inline' *.binomo.com 1 frame-ancestors 'self' https://officeworks.experiencecloud.adobe.com 1 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; form-action https:; frame-ancestors tweakers.net *.tweakers.net tweakimg.net *.tweakimg.net; report-uri https://tweakers.net/csp-report/?requestId=Twk-eun-web1_162.0.2_28928_5d5fa0dddfa941.86021056 1 object-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' api.soundcloud.com www.youtube.com s.ytimg.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net optimize.google.com connect.facebook.net recommender.scarabresearch.com script.crazyegg.com sample.crazyegg.com cdn.ravenjs.com www.instagram.com cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com use.typekit.net cdn-resources.ableton.com; default-src 'self' blob: data: https: ableton:; frame-ancestors 'self' ableton.lightning.force.com; style-src 'unsafe-inline' optimize.google.com fonts.googleapis.com platform.twitter.com ton.twimg.com use.typekit.net cdn-resources.ableton.com; report-uri /csp/report/ 1 frame-ancestors 'self' zhof.matse.rwth-aachen.de 1 frame-ancestors 'self' https://whereby.com https://*.whereby.com https://*.whitehatjr.com; 1 default-src 'none'; connect-src 'self' *.hotjar.com; frame-src 'self' www.facebook.com staticxx.facebook.com cms.e.jimdo.com dashboard.e.jimdo.com dash.e.jimdo.com register.jimdo.com cms.jimdo.com *.hotjar.com a.jimdo.com *.fls.doubleclick.net td.jimdo.com; img-src 'self' www.facebook.com www.google-analytics.com www.google.com www.google.de ssl.gstatic.com www.gstatic.com *.doubleclick.net *.tvsquared.com t.jimdo-platform.net b97.yahoo.co.jp *.bunchbox.co www.googleadservices.com *.outbrain.com td.jimdo.com *.quantserve.com *.peaksandpies.io data: *.jimstatic.com; font-src 'self' data: jimdo.github.io fonts.gstatic.com *.jimstatic.com; style-src 'self' 'unsafe-inline' jimdo.github.io tagmanager.google.com fonts.googleapis.com webteam.jimstatic.com *.jimstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net a.jimdo.com *.jimstatic.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com s.yimg.jp *.hotjar.com b97.yahoo.co.jp *.bunchbox.co *.tvsquared.com *.doubleclick.net *.outbrain.com *.quantserve.com *.peaksandpies.io pvn.jimdo.com td.jimdo.com 3jveabar50.execute-api.eu-west-1.amazonaws.com 1 frame-ancestors 'self' *.dillards.com 1 default-src 'self' 'unsafe-inline' blob: *.answerscloud.com *.googleapis.com *.gstatic.com hosteduxprod.blob.core.windows.net *.okta.com *.opower.com *.google.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com *.adobedtm.com *.answerscloud.com *.twitter.com *.facebook.net *.googleapis.com *.customsearch.ai *.go-mpulse.net *.twimg.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.sce.com *.bootstrapcdn.com *.serving-sys.com *.howsmyssl.com; img-src * data:; frame-src *.youtube.com *.arcgis.com *.answerscloud.com *.twitter.com *.facebook.net *.facebook.com *.google.com *.gstatic.com *.foresee.com *.sce.com; child-src *.youtube.com *.arcgis.com *.answerscloud.com *.google.com *.gstatic.com *.foresee.com *.sce.com; connect-src 'self' 'unsafe-inline' *.sce.com *.foresee.com *.oktapreview.com *.googleapis.com *.customsearch.ai *.go-mpulse.net *.akstat.io *.4seeresults.com *.okta.com *.opower.com *.google.com *.gstatic.com *.foresee.com *.serving-sys.com 1 default-src * data: blob:;connect-src 'self' *.accountkit.com *.facebook.com;script-src 'self' *.fbcdn.net 127.0.0.1:* fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net blob: 'unsafe-inline' 'unsafe-eval' *.accountkit.com *.facebook.com;style-src * 'unsafe-inline' data: *.accountkit.com; 1 default-src * 'unsafe-inline'; img-src * data: ; script-src * 'unsafe-eval' 'unsafe-inline'; 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f97cfb72-536d-4518-822c-7ae09b34d170 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ravelry.com https://www.ravelry.com *.ravelrycache.com *.hotjar.com https://*.ravelrycache.com https://*.chatlio.com https://*.hotjar.com https://*.pusher.com https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com *.googleapis.com https://*.googleapis.com *.google-analytics.com https://www.google.com *.gstatic.com https://maps.gstatic.com maps.googleapis.com maps.google.com https://ban.nr-data.net bam.nr-data.net *.newrelic.com https://*.newrelic.com https://*.twitter.com connect.facebook.net *.facebook.com *.pinterest.com https://*.hotjar.com https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com https://*.youtube.com https://*.vimeo.com *.vimeo.com *.vimeocdn.com *.vimeo.com *.gstatic.com; frame-src 'self' https://*.facebook.com https://*.hotjar.com https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.buffer.com https://player.vimeo.com *.vimeo.com *.vimeocdn.com *.youtube.com https://*.youtube.com vine.co *.google.com https://*.twitter.com *.facebook.com *.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com https://*.hotjar.com https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com wss://*.hotjar.com translate.googleapis.com syndication.twitter.com https://*.chatlio.com https://*.pusher.com *.pusherapp.com; 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.google.co.id *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com cdnjs.cloudflare.com *.inews.id *.disqus.com *.disquscdn.com https://disqus.com https://*.disqus.com https://*.okezone.com https://*.metube.id *.metube.id https://*.inews.id http://*.inews.id http://cdn.viglink.com/ https://stats.g.doubleclick.net http://*.googlesyndication.com https://*.alexametrics.com http://*.alexametrics.com https://www.googletagservices.com https://www.googletagservices.com https://adservice.google.co.id https://googleads.g.doubleclick.net http://cloudfront-labs.amazonaws.com https://*.doubleclick.net http://*.cloudfront.net http://*.doubleclick.net https://*.googlesyndication.com mobileads.google.com https//placehold.it/ http://*.metube.id/ https://*.metube.id/ http://placehold.it/ https://placehold.it/ https://securepubads.g.doubleclick.net/ https://cc.adingo.jp/ https://sb.scorecardresearch.com/ https://cdn.ampproject.org/ https://*.sindonews.com/ https://*.doubleclick.net/ https://*.subscribers.com/ https://nuri.inews.id https://unpkg.com/ https://static.vidy.com/ https://api.vidy.com/ https://*.gstatic.com https://*.google.com.ua/ https://code.highcharts.com/ https://*.ytimg.com https://*.firebaseapp.com https://*.genieessp.com/* 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/teen-vogue 1 default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src *; font-src *; connect-src *; media-src *; object-src *; child-src *; frame-ancestors *; form-action *; reflected-xss block; upgrade-insecure-requests; 1 frame-ancestors self https://community.pregnancy.org https://optum.marketing.adobe.com http://apsep01339.dmzmgmt.uhc.com http://go.optum.com http://apsrd7900.uhc.com:8080 *.uhg.com *.optum.com *.uhc.com; 1 frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com 1 frame-ancestors 'self'; script-src 'unsafe-inline' 'self' 1 default-src 'self' 'unsafe-inline' https://materials.8card.net https://assets.8card.net; connect-src 'self' *.8card.net graph.facebook.com bam.nr-data.net; frame-src 'self' www.googletagmanager.com b.yjtag.jp js.fout.jp www.google.com www.google.co.jp www.facebook.com static.ak.facebook.com s-static.ak.facebook.com staticxx.facebook.com googleads.g.doubleclick.net www.youtube.com bid.g.doubleclick.net js.stripe.com materials.8card.net; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.g.doubleclick.net www.googletagmanager.com s.yjtag.jp yjtag.yahoo.co.jp y.nakanohito.jp connect.facebook.net fonts.googleapis.com www.google-analytics.com s.thebrighttag.com s.yimg.jp b92.yahoo.co.jp b97.yahoo.co.jp platform.twitter.com graph.facebook.com js-agent.newrelic.com bam.nr-data.net www.googleadservices.com atm.im-apps.net cdn.smartnews-ads.com js.stripe.com googleads.g.doubleclick.net www.google.com www.google.co.jp tagmanager.google.com static.ads-twitter.com analytics.twitter.com d-cache.microad.jp cdn.treasuredata.com aid.send.microad.jp in.treasuredata.com acq-3pas.admatrix.jp pi.pardot.com sync.im-apps.net relay-dsp.ad-m.asia sync-dsp.ad-m.asia sync-tapi.admatrix.jp relay-dsp.t-ad-m.asia *.8card.net assets.8card.net:443; style-src 'self' 'unsafe-inline' 'unsafe-eval' tagmanager.google.com fonts.googleapis.com materials.8card.net assets.8card.net assets.8card.net:443 1 frame-ancestors 'self' https://www1.secure.hsbcnet.com https://www2.secure.hsbcnet.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=0fa821e9-b4b1-4e5a-a54e-208de8871612 1 default-src 'self' files.virgool.io blob:; connect-src 'self' https://www.google-analytics.com stats.vstat.ir heapanalytics.com cdn.iframe.ly https://geoip-db.com; font-src 'self' data: https://virgool.io; img-src blob: data: https: 'self' files.virgool.io https://www.google-analytics.com; object-src 'self' virgool.io; media-src cdn.virgool.io; script-src 'self' blob: https://virgool.io 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com https://www.google-analytics.com js-agent.newrelic.com stats.vstat.ir bam.eu01.nr-data.net heapanalytics.com cdn.iframe.ly https://cdn.iframe.ly https://geoip-db.com https: 'self'; style-src 'unsafe-inline' data: https: 'self'; frame-src 'self' cdn.iframe.ly https://cdn.iframe.ly chromenull: https: webviewprogressproxy: ; worker-src blob: 'self'; 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.ae ; frame-src 'self' *.indeed.com *.indeed.ae https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.ae d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://www.kayak.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com bluecore.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com connect.facebook.net d31y97ze264gaa.cloudfront.net *.bounceexchange.com www.googleadservices.com *.doubleclick.net *.google-analytics.com st1.dialogtech.com bat.bing.com *.googleapis.com nsg.symantec.com analytics.po.st px.ads.linkedin.com po.st *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.liveclicker.net www.netapp.com dpm.demdex.net *.d41.co *.cxense.com static.ads-twitter.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi pixel.mathtag.com *.googletagmanager.com *.googlesyndication.com googletagservices.com t.sellpoints.com a.sellpoint.net media.flixfacts.com www.youtube.com media.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.cdnwidget.com *.rlcdn.com *.flixsyndication.net *.adobe.com *.hotjar.io *.eloqua.com *.swogo.net *.swogo.com *.nanovisor.io *.btttag.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.cdw.com *.bazaarvoice.com cdw.needle.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net media.flixcar.com *.easy2.com *.amazonaws.com platform.twitter.com *.typekit.net *.adobe.com *.nanovisor.io *.btttag.com; img-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com cdw.needle.com nexus.ensighten.com px.spiceworks.com *.liadm.com *.bounceexchange.com www.googleadservices.com *.doubleclick.net *.google-analytics.com bat.bing.com nsg.symantec.com *.cnetcontent.com selectors.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com dpm.demdex.net *.cxense.com vault.pactsafe.io pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com t.sellpoints.com a.sellpoint.net media.flixfacts.com media.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com platform.twitter.com *.linkedin.com *.tribalfusion.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com st2.dialogtech.com secure.insightexpressai.com px.gumgum.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com sync.fastclick.net simage2.pubmatic.com us-u.openx.net ads.yahoo.com pixel.rubiconproject.com *.advertising.com magnetic.t.domdex.com *.rfihub.com *.mathtag.com *.mathtag.co *.amgdgt.com *.casalemedia.com www.bluecore.com *.prod.bidr.io cdn.optimizely.com syndication.twitter.com x.bidswitch.net pe.intentiq.com loadm.exelator.com insight.adsrvr.org um.simpli.fi acuityplatform.com data: *.dotomi.com *.flixsyndication.net liveintent.com cbssports.com maxpreps.com wogo ce.lijit.com soma.smaato.net cs.admanmedia.com eb2.3lift.com live.sekindo.com *.adobe.com *.sc.omtrdc.net df7xs8p1yjitw.cloudfront.net *.core.windows.net *.nanovisor.io *.btttag.com; frame-src 'self' *.cdw.com *.bazaarvoice.com *.qualtrics.com *.hotjar.com *.liadm.com *.bounceexchange.com *.doubleclick.net nsg.symantec.com selectors.cnetcontentsolutions.com *.google.com *.twitter.com *.liveclicker.net *.cxense.com *.webcollage.net *.ziftsolutions.com pixel.mathtag.com *.googletagmanager.com googletagservices.com a.sellpoint.net www.youtube.com media.flixcar.com *.easy2.com www.facebook.com *.rlcdn.com rs.gwallet.com *.liveclicker.com pages.cdwemail.com www.emjcd.com *.dotomi.com *.flixsyndication.net cdw.zuberance.com *.hotjar.io *.eloqua.com *.swcontentsyndication.com www.cisco.com *.nanovisor.io *.btttag.com; font-src 'self' 'unsafe-inline' *.cdw.com cdw.needle.com *.googleapis.com *.cnetcontent.com *.webcollage.net a.sellpoint.net media.flixfacts.com media.flixcar.com *.easy2.com *.flixsyndication.net *.typekit.net *.adobe.com *.nanovisor.io *.btttag.com; connect-src 'self' *.cdw.com *.richrelevance.com *.bazaarvoice.com *.qualtrics.com *.optimizely.com *.hotjar.com cdw.needle.com nexus.ensighten.com api.bluecore.com px.spiceworks.com *.liadm.com scripts.demandbase.com triggeredmail.appspot.com d31y97ze264gaa.cloudfront.net *.bounceexchange.com www.googleadservices.com *.doubleclick.net bat.bing.com *.googleapis.com nsg.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com www.netapp.com *.d41.co vault.pactsafe.io pactsafe.io t.sellpoints.com a.sellpoint.net *.go-mpulse.net platform.twitter.com *.company-target.com www.facebook.com events.bouncex.net *.cdnwidget.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com data.g2crowd.com *.adobe.com *.hotjar.io *.swogo.net *.swogo.com *.nanovisor.io *.btttag.com; object-src 'self' a.sellpoint.net *.nanovisor.io *.btttag.com; worker-src 'self' blob: *.nanovisor.io *.btttag.com; media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net media.flixfacts.com www.youtube.com blob: *.flixsyndication.net *.nanovisor.io *.btttag.com; 1 default-src https: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com;font-src fonts.googleapis.com fonts.gstatic.com;img-src 'self' www.google-analytics.com data:;connect-src 'self';object-src 'none';media-src 'none';child-src 'self' www.google.com www.youtube.com;form-action 'self'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/glamour 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tabor.kz; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.paypalobjects.com https://www.paypal.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com; report-uri https://sentry.shoppy.gg/api/6/csp-report/?sentry_key=b2dbfe0c61d449fabee8f048ef6cb09c 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aqa.org.uk webservices.data-8.co.uk www.google-analytics.com www.googletagmanager.com tagmanager.google.com static.hotjar.com script.hotjar.com in.hotjar.com analytics.clickdimensions.com platform.twitter.com analytics.twitter.com static.ads-twitter.com cdn.syndication.twimg.com ssl.p.jwpcdn.com s.ytimg.com static.doubleclick.net s7.addthis.com www.youtube.com www.google.com syndication.twitter.com; style-src 'self' 'unsafe-inline' *.aqa.org.uk platform.twitter.com ton.twimg.com www.youtube.com tagmanager.google.com fonts.googleapis.com; img-src 'self' data: *.aqa.org.uk platform.twitter.com syndication.twitter.com *.twimg.com t.co www.google.com www.google.co.uk www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.gstatic.com ssl.gstatic.com jwpltx.com stats.g.doubleclick.net i.ytimg.com www.youtube.com yt3.ggpht.com static.hotjar.com script.hotjar.com; font-src 'self' data: *.aqa.org.uk ssl.p.jwpcdn.com fonts.gstatic.com fonts.googleapis.com script.hotjar.com; form-action 'self' syndication.twitter.com platform.twitter.com analytics.clickdimensions.com; connect-src 'self' *.aqa.org.uk *.googlevideo.com *.hotjar.com vc.hotjar.io wss://*.hotjar.com www.youtube.com www.google-analytics.com api.pdflayer.com; object-src 'none'; child-src omny.fm syndication.twitter.com platform.twitter.com vars.hotjar.com www.youtube.com; frame-src omny.fm syndication.twitter.com platform.twitter.com vars.hotjar.com www.youtube.com; upgrade-insecure-requests; frame-ancestors 'none'; base-uri 'none'; 1 frame-ancestors 'self' http://www.kayak.com.au http://www.momondo.com.au http://www.cheapflights.com.au http://www.ca.kayak.com http://www.momondo.ca http://www.cheapflights.ca http://www.cn.kayak.com http://www.momondo.com.cn http://www.kayak.com.hk http://www.momondo.hk http://www.cheapflights.com.hk http://www.kayak.co.in http://www.momondo.in http://www.in.cheapflights.com http://www.kayak.co.id http://www.cheapflights.co.id http://www.kayak.co.jp http://www.kayak.co.kr http://www.kayak.com.my http://www.cheapflights.com.my http://www.nz.kayak.com http://www.momondo.co.nz http://www.cheapflights.co.nz http://www.cheapflights.com.ph http://www.kayak.com.ph http://www.kayak.sg http://www.cheapflights.com.sg http://www.tw.kayak.com http://www.momondo.tw http://www.kayak.co.th http://www.kayak.co.uk http://www.momondo.co.uk http://www.cheapflights.co.uk http://www.cheapflights.co.uk http://www.kayak.com http://www.momondo.com http://www.cheapflights.com http://www.ae.cheapflights.com http://www.kayak.ae http://global.cheapflights.com http://global.momondo.com http://kayak.de http://momondo.de http://swoodoo.com http://kayak.fr http://momondo.fr http://www-malaysiaairlines-com.cdn.ampproject.org http://cdn.ampproject.org http://www.ampify.ga https://www.kayak.com.au https://www.momondo.com.au https://www.cheapflights.com.au https://www.ca.kayak.com https://www.momondo.ca https://www.cheapflights.ca https://www.cn.kayak.com https://www.momondo.com.cn https://www.kayak.com.hk https://www.momondo.hk https://www.cheapflights.com.hk https://www.kayak.co.in https://www.momondo.in https://www.in.cheapflights.com https://www.kayak.co.id https://www.cheapflights.co.id https://www.kayak.co.jp https://www.kayak.co.kr https://www.kayak.com.my https://www.cheapflights.com.my https://www.nz.kayak.com https://www.momondo.co.nz https://www.cheapflights.co.nz https://www.cheapflights.com.ph https://www.kayak.com.ph https://www.kayak.sg https://www.cheapflights.com.sg https://www.tw.kayak.com https://www.momondo.tw https://www.kayak.co.th https://www.kayak.co.uk https://www.momondo.co.uk https://www.cheapflights.co.uk https://www.cheapflights.co.uk https://www.kayak.com https://www.momondo.com https://www.cheapflights.com https://www.ae.cheapflights.com https://www.kayak.ae https://global.cheapflights.com https://global.momondo.com https://kayak.de https://momondo.de https://swoodoo.com https://kayak.fr https://momondo.fr https://www-malaysiaairlines-com.cdn.ampproject.org https://cdn.ampproject.org https://www.ampify.ga https://mobile-api.oneworld.com/ https://oneworld.com/ https://digital.malaysiaairlines.com/ https://ma-stage64-01.adobecqms.net/ https://ma-sit64.adobecqms.net/ https://ma-dev64.adobecqms.net/ 1 default-src 'self' bumble.com eu1.bumble.com us1.bumble.com *.bumble.com *.eu1.bumble.com *.us1.bumble.com bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com *.api.here.com *.paypal.com *.googlesyndication.com api.giphy.com api.tenor.com *.doubleclick.net *.bumble.com t.co analytics.twitter.com wa.appsflyer.com wa.onelink.me youtube.com *.doubleclick.net *.squarespace.com *.facebook.com *.pinterest.com s.pinimg.com https://www.google.com https://www.google.ru https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com *.googleapis.com *.gstatic.com *.google.com vk.com *.vk.me cdn.syndication.twitter.com *.facebook.net *.facebook.com *.paypal.com www.paypalobjects.com *.youtube.com *.ytimg.com api.ok.ru *.google-analytics.com *.api.here.com *.instagram.com *.digicert.com *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com *.doubleclick.net *.appsflyer.com s.pinimg.com https://cdn.ampproject.org; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com vk.com *.vk.me *.googleapis.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com pd1us.bumbcdn.com *.pd1us.bumbcdn.com fonts.googleapis.com fonts.gstatic.com; img-src * data: blob:; media-src * data: blob:; frame-src * bumble:; prefetch-src 'self' *.googlesyndication.com *.googletagservices.com *.doubleclick.net *.googlesyndication.com *.ampproject.org *.amazon-adsystem.com adservice.google.com; report-uri /jss/csp_report.phtml 1 default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; media-src 'self' blob: https:; worker-src 'self' blob:; frame-ancestors 'self'; child-src 'self' https: data:; frame-src 'self' https: data:; upgrade-insecure-requests; manifest-src 'self'; report-uri https://hwacuk.report-uri.com/r/d/csp/enforce 1 connect-src 'self' *.novoresume.com connect.facebook.net api.usabilla.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io vc.hotjar.io in.hotjar.com ws://*.hotjar.com https://widget.trustpilot.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: *.novoresume.com fonts.gstatic.com *.googleapis.com d6tizftlrpuof.cloudfront.net js.intercomcdn.com; frame-src 'self' *.novoresume.com *.googleapis.com d6tizftlrpuof.cloudfront.net *.google.com *.hotjar.com https://intercom-sheets.com https://widget.trustpilot.com https://player.vimeo.com; img-src 'self' data: *.novoresume.com csi.gstatic.com *.doubleclick.net *.google.com *.google-analytics.com connect.facebook.net *.googleadservices.com www.facebook.com d6tizftlrpuof.cloudfront.net w.usabilla.com gifs.intercomcdn.com t.co static.intercomassets.com js.intercomcdn.com www.google.us; media-src 'self' js.intercomcdn.com *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' trackcmp.net d6tizftlrpuof.cloudfront.net *.novoresume.com *.google.com *.google-analytics.com *.googleadservices.com connect.facebook.net www.googletagmanager.com *.doubleclick.net www.facebook.com static.ads-twitter.com analytics.twitter.com api.usabilla.com w.usabilla.com widget.intercom.io js.intercomcdn.com *.hotjar.com https://widget.trustpilot.com https://player.vimeo.com www.google.us; style-src 'self' 'unsafe-inline' tagmanager.google.com *.novoresume.com d6tizftlrpuof.cloudfront.net *.googleapis.com 1 frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1 default-src https://player.vimeo.com www.abtasty.com wss://*.hotjar.com try.abtasty.com https://*.hotjar.io stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com wss://ws3.hotjar.com teddytor.abtasty.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.googleads.g.doubleclick.net bnp-paribas.user.com https://graylog.hotjar.com:12443 http://*.hotjar.com:* https://try.abtasty.com https://insights.hotjar.com https://*.hotjar.com:* https://vimeo.com googleads.g.doubleclick.net http://*.hotjar.io qtank.salesmore.pl *.google.com 52.166.95.107 'self'; font-src https://themes.googleusercontent.com/ *.googleads.g.doubleclick.net fonts.googleapis.com *.try.abtasty.com https://fonts.gstatic.com googleads.g.doubleclick.net themes.googleusercontent.com *.app.abtasty.com *.abtasty.com *.google.com data: 'self'; style-src *.googleads.g.doubleclick.net https://tagmanager.google.com bnp-paribas.user.com https://bgz-fb.squiz.pl www.googleapis.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://teddytor.abtasty.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl googleads.g.doubleclick.net https://skk.erecruiter.pl https://www.gstatic.com teddytor.abtasty.com www.google.com *.app.abtasty.com *.abtasty.com *.google.com https://www.ytimg.com 52.166.95.107 https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://www.facebook.com https://*.googleapis.com stats.g.doubleclick.net *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl *.app.abtasty.com www.google.com bcp.crwdcntrl.net www.google-analytics.com www.0.s-nk.pl *.googleads.g.doubleclick.net https://www.i1.ytimg.com bnp-paribas.user.com *.gstatic.com https://www.googleapis.com googleads.g.doubleclick.net https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl *.google.com https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com bnp-optima-uat-search01.squiz.pl https://dot.wp.pl https://*.gstatic.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com teddytor.abtasty.com *.abtasty.com https://www.emplocity.com https://tbl.tradedoubler.com clients1.google.com https://ad.doubleclick.net www.linkedin.com https://bgz-fb.squiz.pl https://s1.2mdn.net *.ggpht.com https://www.google.pl https://sp.analytics.yahoo.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com www.passets.pinimg.com 'self' data:; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com https://www.linkedin.com https://vars.hotjar.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com try.abtasty.com stats.g.doubleclick.net app.abtasty.com *.try.abtasty.com https://platform.linkedin.com teddytor.abtasty.com *.app.abtasty.com www.google.com static.ak.facebook.com *.abtasty.com www.youtube.com dcinfos.abtasty.com https://www.wykop.pl https://www.youtube.com www.facebook.com *.googleads.g.doubleclick.net https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net https://accounts.google.com https://try.abtasty.com https://vimeo.com googleads.g.doubleclick.net https://web.facebook.com *.google.com 52.166.95.107 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://script.hotjar.com https://app.ehoundplatform.com https://www.ssl.gstatic.com https://*.googleapis.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl https://platform.linkedin.com *.www.abtasty.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net www.assets.pinterest.com https://www.youtube.com www.google-analytics.com www.0.s-nk.pl https://www.google.com https://cse.google.com *.vimeo.com bnp-paribas.user.com www.cdn.api.twitter.com https://www.googleapis.com www.platform.linkedin.com https://teddytor.abtasty.com www.static.ak.facebook.com https://apis.google.com https://skk.erecruiter.pl https://www.abtasty.com https://emplocity.com https://px.wp.pl www.abtasty.com https://www.googleadservices.com https://static.hotjar.com https://dcinfos.abtasty.com https://www.s-static.ak.facebook.com https://www.oauth.googleusercontent.com bnp-optima-uat-search01.squiz.pl https://app.abtasty.com https://www.s.ytimg.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://maps.google.com www.googletagmanager.com *.abtasty.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://connect.facebook.net https://tagmanager.google.com http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bgz-fb.squiz.pl https://try.abtasty.com https://www.google.pl https://maps.gstatic.com https://developers.google.com https://vimeo.com *.ad.doubleclick.net https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com 52.166.95.107 https://www.static.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.googleads.g.doubleclick.net https://stats.g.doubleclick.net bnp-paribas.user.com try.abtasty.com stats.g.doubleclick.net https://try.abtasty.com app.abtasty.com *.try.abtasty.com googleads.g.doubleclick.net *.ad.doubleclick.net teddytor.abtasty.com *.app.abtasty.com *.abtasty.com *.google.com dcinfos.abtasty.com 52.166.95.107 'self'; connect-src https://emplocity.com www.abtasty.com wss://ws4.hotjar.com wss://*.hotjar.com https://www.facebook.com try.abtasty.com bnp-optima-uat-search01.squiz.pl stats.g.doubleclick.net app.abtasty.com https://app.userengage.com *.try.abtasty.com https://bnp-search01.squiz.pl https://test-bgz-fb.squiz.pl wss://bnp-paribas.user.com teddytor.abtasty.com wss://ws3.hotjar.com *.app.abtasty.com *.abtasty.com dcinfos.abtasty.com *.googleads.g.doubleclick.net wss://ws9.hotjar.com bnp-paribas.user.com https://bgz-fb.squiz.pl https://graylog.hotjar.com:12443 https://insights.hotjar.com https://in.hotjar.com https://vimeo.com googleads.g.doubleclick.net qtank.salesmore.pl *.google.com 52.166.95.107 'self' 1 default-src * blob: https: data: 'unsafe-inline' 'unsafe-eval'; 1 frame-ancestors * 'self'; 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-tPMEmggUJY' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 https: data: 1 script-src 'self' www.google-analytics.com blockchain.info 'unsafe-inline' 1 frame-ancestors https://*.runescape.com:* https://*.jagex.com:* 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bpost.be bpost.be eshipper.bpost.cn bpost2.be medattest.be www.medattest.be editor-www.bpost.be www.googletagmanager.com tagmanager.google.com ssl.google-analytics.com b2btagmgr.azalead.com trker1.azalead.com www.google-analytics.com proslead.com www.depostlaposte.be www.bpost2.be www.google.com www.post.be post.be ajax.googleapis.com connect.facebook.net code.jquery.com platform.linkedin.com www.linkedin.com dashboard.whoisvisiting.com/who.js frontend.id-visitors.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net http://w.usabilla.com w.usabilla.com api.usabilla.com cdnjs.cloudflare.com maps.googleapis.com www.youtube.com https://ajax.googleapis.com api.jollywallet.com https://maps.googleapis.com www.googleadservices.com assets.idloom.com crm.bpack.idloom.com proslead.com https://www.google-analytics.com preprints.taxipost.net maf.taxipost.net s.ytimg.com img.en25.com player.qualifio.com d6tizftlrpuof.cloudfront.net https://maxcdn.bootstrapcdn.com static.hotjar.com script.hotjar.com vars.hotjar.com optimize.google.com login-2.bpost.be service.maxymiser.net static.hotjar.com script.hotjar.com bpost2.unfyd.com www.gstatic.com openlayers.org unpkg.com eloqua.com www.bpost2.be bpaid.unfyd.com; object-src 'self' www.bpost.be editor-www.bpost.be eshipper.bpost.cn www.youtube-nocookie.com www.medattest.be optimize.google.com login-2.bpost.be bpost2.be bpaid.unfyd.com; style-src 'self' 'unsafe-inline' www.bpost.be eshipper.bpost.cn bpost2.be www.bpost2.be bpost3.be www.medattest.be editor-www.bpost.be www.google.com fonts.googleapis.com cdn.jsdelivr.net d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com www.post.be post.be proslead.com wersg01 preprints.taxipost.net maf.taxipost.net tagmanager.google.com optimize.google.com login-2.bpost.be maxcdn.bootstrapcdn.com my.bpost.be bpost2.unfyd.com openlayers.org use.fontawesome.com unpkg.com bpaid.unfyd.com; img-src 'self' data: www.bpost.be bpost.be eshipper.bpost.cn www.bpost2.be bpost2.be www.google.be www.google-analytics.com www.google.com googleads.g.doubleclick.net b2btagmgr.azalead.com trker1.azalead.com stats.g.doubleclick.net www.post.be editor-www.bpost.be www.facebook.com www.google.co.in eshop.bpost.be static.licdn.com www.linkedin.com www.bpostinternational.com landmarkglobal.com www.landmarkglobal.com dashboard.whoisvisiting.com/who.ashx www.depostlaposte.be junglenet-a.akamaihd.net secure.adnxs.com d6tizftlrpuof.cloudfront.net w.usabilla.com 10.76.4.13:15871 https://cdnjs.cloudflare.com 10.109.34.52:15871 s1833705806.t.eloqua.com 10.76.4.11:15871 https://csi.gstatic.com https://maps.gstatic.com maps.googleapis.com https://ssl.google-analytics.com https://maps.googleapis.com www.googleadservices.com https://stats.g.doubleclick.net proslead.com https://www.google.de https://www.google.lu https://www.google.nl preprints.taxipost.net maf.taxipost.net chart.apis.google.com hello.bpost.be optimize.google.com login-2.bpost.be my.bpost.be bpost2.unfyd.com a.tile.openstreetmap.org server.arcgisonline.com tile.osm.be bpaid.unfyd.com; frame-src 'self' www.bpost.be bpost.be www.medattest.be medattest.be eshipper.bpost.cn editor-www.bpost.be www.bpost2.be http://www.bpost2.be bpost2.be campaigns.bpost2.be www.campaigns.bpost2.be pass.post.be esim.post.be tools.emailgarage.com assets.idloom.com www.facebook.com ir2.flife.de qfx.quartalflife.com 4558452.fls.doubleclick.net www.youtube.com youtube.com fr.slideshare.net www.youtube-nocookie.com 85.17.197.32 roi.bpost3.be bpost3.be www.facebook.com www.twitter.com platform.linkedin.com addressbook.bpost.be www.google.com google.com cse.google.com/cse speos.connective.be speos.connective.eu junglenet-a.akamaihd.net post-online.be www.post-online.be cssprepaid.proximus.be www.depostlaposte.be depostlaposte.be www.postmobile.be postmobile.be reload.proximus.be s.chkmkt.com maxiresponse.bpost3.be bpi.bpost3.be post-api.be googletagmanager.com youtube.com www.youtube.com d6tizftlrpuof.cloudfront.net www.youtube.com speos.connective.eu www.speos.connective.eu assets.idloom.com crm.bpack.idloom.com zeromov.com player.qualifio.com preprints.taxipost.net maf.taxipost.net http://maf.taxipost.net crm.bpost.idloom.com news.bpost.be s1833705806.t.eloqua.com vars.hotjar.com optimize.google.com login-2.bpost.be bpost2.be service.maxymiser.net bpaid.unfyd.com; font-src 'self' www.bpost.be bpost.be eshipper.bpost.cn editor-www.bpost.be cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com fonts.gstatic.com *.usabilla.com d6tizftlrpuof.cloudfront.net images.campaign.bpost.be optimize.google.com login-2.bpost.be my.bpost.be maxcdn.bootstrapcdn.com bpost2.unfyd.com use.fontawesome.com www.bpost2.be cdn.jsdelivr.net fonts.gstatic.com bpaid.unfyd.com; connect-src 'self' www.bpost.be bpost.be eshipper.bpost.cn www.medattest.be medattest.be bpost2.be www.bpost2.be editor-www.bpost.be proslead.com bam.nr-data.net api.usabilla.com https://api.bpost.be crm.bpack.idloom.com www-1.stbpost.be assets.idloom.com crm.bpack.idloom.com nikkomsgchannel tagmanager.google.com webservices-pub.bpost.be webservices-pub.stbpost.be webservices-pub.acbpost.be s1833705806.t.eloqua.com static.hotjar.com insights.hotjar.com optimize.google.com login-2.bpost.be chatbot.bpost.be bpost2.be in.hotjar.com service.maxymiser.net bpost2.unfyd.com s1833705806.t.eloqua.com/e/f2 bpaid.unfyd.com https://s918797598.t.eloqua.com/e/f2; report-uri /admin/config/system/seckit/csp-report 1 report-uri https://sportsmole.report-uri.com/r/d/csp/wizard 1 default-src 'self'; script-src 'self' js.stripe.com storage.googleapis.com https://www.googletagmanager.com/ https://www.googleadservices.com/ *.doubleclick.net/ bid.g.doubleclick.net/ analytics.service.cryptowat.ch 'nonce-A6PUOZVDONLT6QWHD6AJ' static.cryptowat.ch; connect-src 'self' *.stripe.com *.reddit.com wss://*.cryptowat.ch *.cryptowat.ch; img-src 'self' data: *.stripe.com *.google.com *.imgur.com analytics.service.cryptowat.ch static.cryptowat.ch; style-src 'self' 'unsafe-inline' static.cryptowat.ch; child-src 'self' *.stripe.com; font-src 'self' static.cryptowat.ch; 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-8f82d1b82eabea6a2d2f4383c1e4a86f' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=37f71f37-bf94-4886-8cec-7224eb5b6194&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=37f71f37-bf94-4886-8cec-7224eb5b6194&version=sha%3D08d263b5b0c8&report_only=false 1 default-src https: 'self' paidviewpoint.com; block-all-mixed-content; connect-src 'self' wss: *.paidviewpoint.com aytm.com *.aytm.com privacy-policy.truste.com *.getclicky.com *.gstatic.com *.googleapis.com cdn.ravenjs.com *.google.com *.s3.ca-central-1.amazonaws.com *.s3-ca-central-1.amazonaws.com; font-src 'self' data: *.paidviewpoint.com aytm.com *.aytm.com *.gstatic.com *.googleapis.com; form-action 'self' accounts.google.com *.facebook.com api.twitter.com *.linkedin.com login.yahoo.com *.login.yahoo.com login.live.com *.paypal.com paypal.com; frame-ancestors 'self' paidviewpoint.com; img-src 'self' data: *.paidviewpoint.com *.aytm.com aytm.com privacy-policy.truste.com *.getclicky.com *.gstatic.com s3.ca-central-1.amazonaws.com *.s3.ca-central-1.amazonaws.com s3-ca-central-1.amazonaws.com *.s3-ca-central-1.amazonaws.com; manifest-src 'self'; media-src 'self' data: *.paidviewpoint.com *.aytm.com aytm.com *.cloudflare.com *.s3-ca-central-1.amazonaws.com *.s3.ca-central-1.amazonaws.com blob:; object-src 'self'; script-src 'self' 'unsafe-eval' 'report-sample' *.paidviewpoint.com *.aytm.com *.cloudflare.com aytm.com cdn.ravenjs.com *.google.com *.getclicky.com www.gstatic.com 'nonce-dfdY50t0FJJ1UAkC4c2tLhQ8jYdqlOlWB+R2VbetZpI=' 'unsafe-inline'; style-src 'unsafe-inline' blob: *; upgrade-insecure-requests; worker-src 'self' 'unsafe-eval' aytm.com cdn.ravenjs.com *.paidviewpoint.com *.aytm.com *.getclicky.com *.cloudflare.com www.gstatic.com blob:; report-uri https://sentry.aytm.com/api/13/security/?sentry_key=c90cfc9cfd3048d384a8362e649104d3&sentry_environment=production 1 frame-ancestors https://*.prolific.co http://*.prolific.co https://prolific.co 1 default-src 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; script-src 'self' 'unsafe-inline' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com 'unsafe-eval'; connect-src * 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; img-src data: 'self' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; style-src 'self' 'unsafe-inline' http://api.crackwatch.com https://api.crackwatch.com http://cdn.crackwatch.com https://cdn.crackwatch.com http://b2.crackwatch.com https://b2.crackwatch.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://encrypted-tbn0.gstatic.com/images https://encrypted-tbn0.gstatic.com/images http://img.youtube.com https://img.youtube.com http://images.unsplash.com https://images.unsplash.com http://cdn.onesignal.com https://cdn.onesignal.com http://onesignal.com https://onesignal.com http://www.google-analytics.com https://www.google-analytics.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.mxpnl.com https://cdn.mxpnl.com; 1 default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.fr connect.facebook.net www.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com assistance.free.fr osm.proxad.net 1 script-src 'self' 'unsafe-eval' https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://dpm.demdex.net https://sslwidget.criteo.com https://widget.as.criteo.com https://tnc.phonepe.com https://www.googletagmanager.com 'nonce-2928296363586533020'; style-src 'self' 'unsafe-inline' https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; img-src 'self' data: https://*.flixcart.com https://*.flixcart.net https://flipkart.d1.sc.omtrdc.net https://www.facebook.com https://*.fkapi.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.in https://www.googleadservices.com https://sp.analytics.yahoo.com https://bat.bing.com https://bat.r.msn.com https://www.payzippy.com https://tnc.phonepe.com https://*.youtube.com https://www.google-analytics.com; font-src 'self' data: https://*.flixcart.com https://tnc.phonepe.com https://*.flixcart.net; frame-src 'self' https://*.flipkart.com http://*.flipkart.com https://*.youtube.com https://youtube.com https://*.vimeo.com https://dis.as.criteo.com https://gum.criteo.com https://www.payzippy.com https://tnc.phonepe.com https://cdemux.appspot.com 'nonce-2928296363586533020'; child-src 'self' https://*.flipkart.com 'nonce-2928296363586533020'; connect-src 'self' *; object-src 'none'; base-uri 'self'; report-uri https://csp.flipkart.com/csp 1 form-action 'self' https://pacogames.os.tc/subscribe 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=ecc59772-7ce2-4dbc-a754-ce6d03737f41 1 default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://steamcommunity-a.akamaihd.net/ https://api.steampowered.com/ https://steamcdn-a.akamaihd.net/steamcommunity/public/assets/ *.google-analytics.com https://www.google.com https://www.gstatic.com https://apis.google.com https://recaptcha.net https://www.gstatic.cn/recaptcha/ https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ wasm-eval; object-src 'none'; connect-src 'self' https://api.steampowered.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ *.google-analytics.com https://*.valvesoftware.com https://*.steambeta.net http://127.0.0.1:27060 ws://127.0.0.1:27060 wss://*.cm.steampowered.com:* https://*.cm.steampowered.com:* https://* ; frame-src 'self' steam: https://store.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://w.soundcloud.com https://codepen.io https://streamable.com/ https://player.twitch.tv/ https://clips.twitch.tv/ https://sketchfab.com/ https://open.spotify.com/; 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mail.ru *.mail.ru *.devmail.ru *.imgsmail.ru *.2gis.com *.2gis.ru s0.2mdn.net *.adriver.ru *.ampproject.net *.ampproject.org *.apester.com *.cloudfront.net www.dailymail.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com facebook.com *.facebook.com *.gemius.pl giphy.com *.google.com *.googleapis.com *.googlesyndication.com themes.googleusercontent.com *.gstatic.com instagram.com *.instagram.com video.khl.ru *.moatads.com *.mradx.net ok.ru *.ok.ru *.playbuzz.com *.qmerce.com rutube.ru *.rutube.ru *.serving-sys.com soundcloud.com *.soundcloud.com *.streamrail.com *.twimg.com twitter.com *.twitter.com player.vimeo.com vine.co vk.com *.vk.com *.weborama.fr *.yandex.ru *.yandex.net yandex.st yandexadexchange.net *.yandexadexchange.net yastatic.net *.youtube.com *.adsafeprotected.com *.newstube.ru *.bbc.com *.viqeo.tv facecast.net *.facecast.net bbc-maps.carto.com wtrfall.com *.1tv.ru corpmail.fluidsurveys.com *.nhl.com *.knightlab.com imgur.com *.tradingview.com paymaster.ru silatv.ru *.silatv.ru cdn.embedly.com player.vgtrk.com sportmail.ru *.sportmail.ru piter.tv *.bonus-tv.ru uma.media learningapps.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' js-inject *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.adlooxtracking.com *.algovid.com s3.amazonaws.com cdn.ampproject.org *.apester.com *.bing.com static.bbc.co.uk news.files.bbci.co.uk coub.com *.coub.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.net *.facebook.com *.flickr.com translate.google.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.google-analytics.com *.google.ru *.instagram.com mediatoday.ru *.moatads.com *.mradx.net *.mxpnl.com *.odnoklassniki.ru ok.ru *.ok.ru *.playbuzz.com *.qmerce.com sb.scorecardresearch.com *.twimg.com *.twitter.com platform.vine.co vk.com *.vk.com *.webvisor.com *.mtproxy.yandex.net *.yandex.ru yandex.st yastatic.net *.pinterest.com *.adsafeprotected.com *.serving-sys.com *.viqeo.tv *.videonow.ru apis.google.com wtrfall.com *.cloudfront.net *.imgur.com *.tradingview.com mytopf.com *.redditmedia.com cdn.embedly.com sportmail.ru *.sportmail.ru; connect-src 'self' wss://*.mail.ru wss://*.devmail.ru wss://*.viqeo.tv *.mail.ru *.devmail.ru *.imgsmail.ru *.api.2gis.ru s0.2mdn.net *.algovid.com *.ampproject.net *.apester.com *.doubleclick.net facebook.com *.facebook.com *.facebook.net *.flickr.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.instagram.com *.mixpanel.com *.mradx.net *.playbuzz.com *.qmerce.com geo.query.yahoo.com twitter.com *.twitter.com *.yadro.ru *.yandex.ru yandex.st yastatic.net collector.mediator.media *.serving-sys.com *.doubleverify.com *.viqeo.tv *.videonow.ru *.vidiom.net wtrfall.com *.mediator.media mytopf.com *.reddit.com wss://sportmail.ru wss://*.sportmail.ru sportmail.ru *.sportmail.ru; img-src 'self' * data: blob:; worker-src blob: 'self' *.mail.ru *.devmail.ru sportmail.ru *.sportmail.ru; report-uri https://portal-csp-report.corp.mail.ru/report/ 1 child-src https: http: data:;frame-src https: http: data:;script-src 'unsafe-inline' 'unsafe-eval' https: http:;img-src * data:;media-src * 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=105b24c8-2c89-4888-b8c7-8caa7b470f5f 1 frame-ancestors *.adobe.com 1 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 1 default-src https: 'self' *.google.com; img-src https: data:; style-src 'self' *.googleapis.com *.google.com 'sha256-UvsJ5gtL0c/whxmyVt4YoNv7YnPUd0tANZOlq3NshXE=' 'sha256-z0kguVeUlbcxez4SqrO86oejphhqKDFfdCPv4yuhe70=' 'sha256-F7P9UGrwDw2S+mmGfNjm0kP7JoWu2pG7jp96fpSdB7o=' 'sha256-5I0k/VqCDMpiDAoq1eqY3rnuhpP/YY/XHaCPlqvPjwE=' 'sha256-vs9j4DQ6NrTFzqr+WgLFutUEFINnEmB2UGZtgJuv53M=' 'sha256-dnk3F1ZGrgh9Kvk9Vn3ptiaFUoFeGRayv9lz2urXGw8=' 'sha256-V35h8FtGH4p0yIQ7N4YgUHm1WgTAWh72NT+CZjq6/gA=' 'sha256-EqHL6dM74npnc3dlTfDjshGC9aaZRfQRUkDGa028G5Q=' 'sha256-fjvAtStaFBxvVNdldskgty047ARB1tLsZ767Gk6hPuk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/4YlUlisxufO6wbKvYp4xV8Hkzxm85+1Tb31SjmAox0=' 'sha256-a2VR/Wq1VPr0+3GRY+lEmAQm7wjwwnDtPpcCPs2zTrw=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-2WQZQFa8KGAig8CPptpS8JDqetQ2jb5arMlI6fTGWiU=' 'sha256-g9aHNH7iF2hhGZYtVVd5mKQSnyLPmXWw5gwiuxBVonI=' 'sha256-VjKqXV9i0mo5RzxvaQpz7qQA91PkjLVqLQGYNI4Cc/I=' 'sha256-iSpdzct2G1Kfyci6Xt5l+iguE7Ni3MEvlbjUvEsbK5M='; script-src 'self' https: 'nonce-0733baefb8fd42719b795df259cc4c24'; report-uri /csp-report 1 frame-ancestors https://service.ariba.com https://supplier.coupahost.com 1 default-src 'self' *.loxi.io *.demandbase.com disqus.com *.disquscdn.com *.sharethis.com *.twimg.com *.eloqua.com jsdelivr.net *.jsdelivr.net *.company-target.com *.kwanzoo.com *.linkedin.com *.alexametrics.com *.amazonaws.com *.google-analytics.com *.facebook.com *.hcltech.com *.en25.com *.AKAMAIHD.NET *.akamai.edgekey.net *.pushcrew.com pushcrew.com *.akamaihd.net *.cloudfront.net *.googletagmanager.com *.googlecode.com *.googleapis.com *.jquery.com *.googleadservices.com googleadservices.com *.disqus.com *.twitter.com *.optimizely.com *.brighttalk.com *.jsdelivr.com *.github.com *.ampproject.org *.githubusercontent.com *.google.com *.jqueryui.com *.rawgit.com *.newrelic.com *.nr-data.net *.cloudfront.net *.licdn.com *.alphavantage.co *.addthis.com *.addthisedge.com google-analytics.com *.bizographics.com *.ads-twitter.com *.facebook.net www.youtube.com *.6sc.co *.mathtag.com *.marketingautomation.services *.doubleclick.net *.ytimg.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' data:; script-src *.loxi.io *.hcltech.com *.AKAMAIHD.NET disqus.com jsdelivr.net *.jsdelivr.net *.disquscdn.com *.sharethis.com *.twimg.com *.akamai.edgekey.net *.pushcrew.com pushcrew.com *.akamaihd.net *.en25.com *.cloudfront.net *.googletagmanager.com *.googlecode.com *.googleapis.com *.demandbase.com *.linkedin.com *.jquery.com *.googleadservices.com googleadservices.com *.disqus.com *.twitter.com *.facebook.com *.optimizely.com *.brighttalk.com *.jsdelivr.com *.github.com *.ampproject.org *.githubusercontent.com *.google.com *.jqueryui.com *.rawgit.com *.newrelic.com *.nr-data.net *.eloqua.com *.alexametrics.com *.en25.com *.cloudfront.net *.licdn.com *.alphavantage.co *.addthis.com *.addthisedge.com *.google-analytics.com google-analytics.com *.bizographics.com *.ads-twitter.com *.kwanzoo.com *.facebook.net www.youtube.com *.6sc.co *.mathtag.com *.marketingautomation.services *.doubleclick.net *.ytimg.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' data:; img-src * 'self' data:; media-src *.hcltech.com youtube.com *.amazonaws.com; frame-src *.loxi.io *.hcltech.com *.addthis.com *.addthisedge.com disqus.com *.sharethis.mgr.consensu.org *.sharethis.com *.linkedin.com *.disqus.com pixel.mathtag.com *.doubleclick.net *.youtube.com youtube.com *.facebook.com *.twitter.com www.google.com *.google.com; report-uri /report-csp-violation 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://e.issuu.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.com https://m.thehut.com https://checkout.thehut.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://remote.captcha.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1 frame-ancestors 'self' *.asiamiles.com 1 object-src 'self' blob: 1 default-src https: 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' google-analytics.com apis.google.com *.newrelic.com *.stripe.com *.intercom.io js.intercomcdn.com; object-src 'none'; connect-src wss: *.intercom.io https: 'self' *.famebit.com; img-src https: data: 1 form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com cdn.ravenjs.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net; img-src 'self' data: web-prod-storage.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com; connect-src 'self' www.google-analytics.com stats.addtoany.com; base-uri *.caltech.edu; media-src 'self' www.youtube.com player.vimeo.com; frame-ancestors *.caltech.edu; frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net; font-src 'self' public.slidesharecdn.com fonts.gstatic.com; object-src 'self'; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.google.com; report-uri /_csp 1 default-src 'self' *.mo.gov; connect-src 'self' *.usgs.gov *.googleapis.com *.mixpanel.com https://data.mo.gov/ *.mo.gov *.mxpnl.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.cloudfront.net *.d1l6p2sc9645hc.cloudfront.net *.ytimg.com *.youtube.com *.govdelivery.com *.google-analytics.com *.jquery.com *.wufoo.com https://wufoo.com *.googleapis.com *.google.com *.mo.gov *.gosquared.com *.newrelic.com *.twimg.com *.twitter.com *.nr-data.net *.kxcdn.com *.datatables.net *.thinglink.me *.thinglink.com *.addthisedge.com *.addthis.com *.d3js.org *.js-agent.newrelic.com *.bam.nr-data.net *.www.google-analytics.com *.html5shiv.googlecode.com *.translate.google.com ; style-src 'unsafe-inline' *.mo.gov *.gstatic.com *.googleapis.com *.twimg.com *.twitter.com *.datatables.net *.thinglink.me ; frame-src *.mo.gov *.facebook.com *.adobe.com *.soundcloud.com *.w.soundcloud.com *.thinglink.me *.youtube-nocookie.com *.youtube.com *.wufoo.com *.twitter.com *.google.com *.addthis.com *.cdc.gov *.arcgis.com ; object-src 'self' *.mo.gov *.flickr.com *.brightcove.com ; font-src * 'unsafe-inline' data: ; img-src * 'unsafe-inline' *.twimg.com data: 1 default-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://apis.google.com https://*.googleapis.com; script-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://apis.google.com https://*.googleapis.com https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://at.cloud.fabasoft.com https://www.youtube.com https://*.ytimg.com; img-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://at.cloud.fabasoft.com https://*.ytimg.com https://*.facebook.com https://*.twitter.com https://*.twimg.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com data: blob:; frame-src https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.google.com https://content.googleapis.com https://www.youtube-nocookie.com https://*.facebook.com https://*.twitter.com https://at.cloud.fabasoft.com https://roundme.com https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at; font-src 'self' https://oebb.at https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.gstatic.com; 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src * ; img-src * data: blob: 'unsafe-inline'; frame-src sanalmarket: yenism: https://tr.rdrtr.com https://*.creativecdn.com https://creativecdn.com https://*.criteo.com https://*.facebook.com https://*.doubleclick.net https://*.api.sociaplus.com https://*.webinstats.com https://sanalmarket.api.useinsider.com https://optimize.google.com https://*.bkmexpress.com.tr; style-src * 'unsafe-inline'; 1 default-src 'self'; font-src https://github-atom-io-herokuapp-com.freetls.fastly.net https://github-atom-io-herokuapp-com.global.ssl.fastly.net; frame-src 'self' https://www.youtube.com; img-src https: 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net data:; media-src 'self'; object-src 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://www.google-analytics.com https://platform.twitter.com https://github-atom-io-herokuapp-com.freetls.fastly.net; style-src 'self' 'unsafe-inline' https://github-atom-io-herokuapp-com.freetls.fastly.net; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.xing-share.com *.xing.com *.hotjar.com *.opmnstr.com *.alexametrics.com *.youtube.com s.ytimg.com *.syncfusion.com *.google.com maps.googleapis.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com www.googleadservices.com connect.facebook.net use.typekit.net *.google-analytics.com googleads.g.doubleclick.net cdn.swaychat.com serve.albacross.com api.swayio.com *.firebaseio.com verify.authorize.net smarticon.geotrust.com cdn.rawgit.com *.addthis.com m.addthisedge.com; style-src 'self' 'unsafe-inline' *.xing-share.com *.xing.com *.bootstrapcdn.com *.syncfusion.com cdn.swaychat.com *.google.com *.googleapis.com cdn.jsdelivr.net cdn.rawgit.com; frame-src cdn.swaychat.com *.stripe.com *.facebook.com *.xing-share.com *.xing.com *.hotjar.com *.opmnstr.com *.firebaseio.com *.syncfusion.com bid.g.doubleclick.net *.addthis.com www.youtube.com api.swayio.com *.google.com www.gstatic.com 1 frame-ancestors 'self' https://t.contentsquare.net https://r.contentsquare.net; 1 frame-ancestors 'self' https://*.pandasecurity.com http://*.pandasecurity.com; 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk https://ds-aksb-a.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.coggles.com https://m.coggles.com https://checkout.coggles.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://ds-aksb-a.akamaihd.net https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1 default-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://bat.bing.com https://js.braintreegateway.com https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://www.paypalobjects.com https://client-analytics.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://mbsy.co https://dev.visualwebsiteoptimizer.com https://connect.facebook.net/ https://serve.albacross.com https://assets.braintreegateway.com https://www.paypal.com https://www.googleadservices.com https://code.jquery.com https://js.driftt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.recurly.com/ https://cdn.ampproject.org/; img-src 'self' data: https: ; media-src 'self' https://*.epidemicsound.com https://d34qmkt8w5wll9.cloudfront.net https://dkihjuum4jcjr.cloudfront.net https://s3-eu-west-1.amazonaws.com https://videos.ctfassets.net; child-src 'self' assets.braintreegateway.com c.paypal.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://d34qmkt8w5wll9.cloudfront.net https://tagmanager.google.com https://assets.braintreegateway.com; font-src 'self' https://d34qmkt8w5wll9.cloudfront.net data:; frame-src 'self' https://assets.braintreegateway.com https://c.paypal.com https://www.youtube.com https://www.paypal.com https://www.sandbox.paypal.com https://js.driftt.com https://www.google.com/recaptcha/ https://api.recurly.com/; worker-src blob:; connect-src 'self' https://*.epidemicsound.com https://www.googleapis.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://sentry.io https://dev.visualwebsiteoptimizer.com https://rec1.visualwebsiteoptimzer.com https://rec2.visualwebsiteoptimizer.com https://rec3.visualwebsiteoptimizer.com https://rec4.visualwebsiteoptimizer.com https://heatmap.visualwebsiteoptimizer.com https://www.facebook.com/tr/ https://*.braintree-api.com https://www.paypal.com https://cdn.contentful.com https://preview.contentful.com https://api.recurly.com/ https://cdn.ampproject.org/ https://www.googletagmanager.com https://tagmanager.google.com ; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/architectural-digest 1 base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com 1 frame-ancestors 'self' *.pnet.ch *.post.ch *.becompany.ch *.signdemo.com 1 default-src 'none'; connect-src 'self' https://fastmail.innocraft.cloud; img-src 'self' data: https://*.fastmail.com https://fastmail.innocraft.cloud https://*.twimg.com; font-src 'self' data: https://*.fastmail.com; style-src 'self' 'unsafe-inline' https://*.fastmail.com; script-src 'self' 'unsafe-eval' https://*.fastmail.com https://api.pin.net.au https://api.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://www.youtube.com/embed/ https://www.google.com/recaptcha/; child-src https://www.youtube.com/embed/ https://www.google.com/recaptcha/; frame-ancestors 'none'; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=0442a26b-794f-41c8-8f2c-894017e7370b 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=fcef7f7c-a16b-4f2b-aa1e-503251113da4 1 default-src *.globalsign.com *.globalsign.fr www.globalsign.com r1.globalsign.com r2.globalsign.com *.twitter.com *.twimg.com www.facebook.com connect.facebook.net *.linkedin.com https://snap.licdn.com *.yandex.ru https://cache.img.gmo.jp *.crazyegg.com *.google.com *.google.co.uk *.youtube-nocookie.com *.youtube.com *.google-analytics.com *.imgix.net *.imgix.com themes.googleusercontent.com *.appspot-preview.com *.googleapis.com *.gstatic.com www.googleadservices.com googleads.g.doubleclick.net *.amazonaws.com *.segment.io *.mixpanel.com *.segment.com *.mxpnl.com *.fontawesome.com *.media.tumblr.com *.addthis.com *.addthisedge.com https://stats.g.doubleclick.net https://bat.r.msn.com https://static.ads-twitter.com *.g.doubleclick.net static.doubleclick.net https://okt.to *.disqus.com disqus.com *.disquscdn.com *.swiftype.com *.swiftypecdn.com *.livechatinc.com *.boldchat.com js.maxmind.com *.googletagmanager.com *.bing.com *.okt.to *.oktopost.com *.cloudfront.net *.reachforce.com 'unsafe-inline' 'unsafe-eval' data: *.g.doubleclick.net *.doubleclick.net static.doubleclick.net static.ads-twitter.com *.ads-twitter.com *.google.com https://www.google.com *.t.co https://t.co https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://www.google.com https://static.ads.twitter.com https://googleads.g.doubleclick.net *.cloudfront.net cloudfront.net *.youtube-nocookie.com secure.livechatinc.com; child-src 'self' *.globalsign.com *.cloudfront.net *.youtube-nocookie.com *.livechatinc.com *.boldchat.com *.imgix.net *.imgix.com *.addthis.com *.disqus.com https://disqus.com www.disqus.com https://www.google.com https://www.youtube.com www.youtube.com *.yandex.ru https://cache.img.gmo.jp *.linkedin.com https://snap.licdn.com *.amazonaws.com *.ads-twitter.com *.googleadservices.com *.segment.com *.g.doubleclick.net static.doubleclick.net *.fontawesome.com *.media.tumblr.com *.r.msn.com *.reachforce.com blob: 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-409b02667a8a6ea339af430624da1972' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=63e6290b-8f19-4307-941b-065fd6b357ac&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=63e6290b-8f19-4307-941b-065fd6b357ac&version=sha%3D08d263b5b0c8&report_only=false 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: wss://*.driver.ru https://*.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.by https://mc.yandex.uz https://mc.yandex.fr https://mc.yandex.com.tr https://yandex.st https://connect.ok.ru https://vk.com https://login.vk.com https://www.odnoklassniki.ru wss://*.driverscollection.com https://*.facebook.net https://*.facebook.com https://*.addthis.com https://*.addthisedge.com https://*.yadro.ru https://widgets.pinterest.com https://www.linkedin.com https://www.reddit.com https://cdn.ampproject.org https://googleads.g.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://translate.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://adservice.google.ad https://adservice.google.ae https://adservice.google.al https://adservice.google.am https://adservice.google.as https://adservice.google.at https://adservice.google.az https://adservice.google.ba https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.bi https://adservice.google.bj https://adservice.google.bs https://adservice.google.bt https://adservice.google.bt https://adservice.google.by https://adservice.google.ca https://adservice.google.cd https://adservice.google.cf https://adservice.google.cf https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.cl https://adservice.google.cm https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.ck https://adservice.google.co.cr https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.kr https://adservice.google.co.ls https://adservice.google.co.ma https://adservice.google.co.mz https://adservice.google.co.nz https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.ve https://adservice.google.co.vi https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw https://adservice.google.com https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.bd https://adservice.google.com.bh https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.com.bz https://adservice.google.com.co https://adservice.google.com.cu https://adservice.google.com.cy https://adservice.google.com.ec https://adservice.google.com.eg https://adservice.google.com.et https://adservice.google.com.fj https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.com.gt https://adservice.google.com.hk https://adservice.google.com.jm https://adservice.google.com.kh https://adservice.google.com.kw https://adservice.google.com.lb https://adservice.google.com.ly https://adservice.google.com.mm https://adservice.google.com.mt https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.com.na https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.com.np https://adservice.google.com.om https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.pg https://adservice.google.com.ph https://adservice.google.com.pk https://adservice.google.com.pr https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.com.sg https://adservice.google.com.sv https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.uy https://adservice.google.com.vc https://adservice.google.com.vn https://adservice.google.cv https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.dz https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gg https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.gy https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.ie https://adservice.google.im https://adservice.google.iq https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.jo https://adservice.google.ki https://adservice.google.kg https://adservice.google.kz https://adservice.google.la https://adservice.google.li https://adservice.google.lk https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.mn https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.ne https://adservice.google.nl https://adservice.google.no https://adservice.google.nr https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.sc https://adservice.google.se https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.sm https://adservice.google.sn https://adservice.google.so https://adservice.google.sr https://adservice.google.st https://adservice.google.td https://adservice.google.tg https://adservice.google.tl https://adservice.google.tm https://adservice.google.tn https://adservice.google.to https://adservice.google.tt https://adservice.google.vg https://adservice.google.vu https://adservice.google.ws https://cdnjs.cloudflare.com; report-uri https://driverscollection.com/csp-track.php; 1 default-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net static.zdassets.com ekr.zdassets.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com aax-eu.amazon-adsystem.com data: service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de track.adform.net maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube.com img.youtube.com *.xx.fbcdn.net www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.avm.de embedwistia-a.akamaihd.net data: blob: *.avm.de 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=92aea9bb-89d3-4bab-8776-363ab1ca9919 1 frame-ancestors 'self' http://cloudera.lookbookhq.com https://cloudera.lookbokhq.com http://pages.cloudera.com https://pages.cloudera.com 1 default-src blob: ;media-src blob: https://video.joomcdn.net https://*.amazonaws.com;form-action https:;frame-src 'self' https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' data: https:;script-src 'strict-dynamic' 'nonce-MC4xNTA5MzQ=' 'unsafe-inline' https:;style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://api.joom.com https://api.joompay.tech https://www.google-analytics.com https://fcm.googleapis.com https://www.facebook.com https://api.branch.io https://*.bugsnag.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://video.joomcdn.net https://*.amazonaws.com https://app.adjust.com 1 default-src 'self' https://api.mixpanel.com/ https://siteintercept.qualtrics.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://use.fontawesome.com https://*.siteintercept.qualtrics.com https://scholar.google.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com/ https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net/ https://cdn.mxpnl.com/ data:; connect-src 'self' https://api.mixpanel.com/ https://siteintercept.qualtrics.com https://scholar.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com/; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://www.googletagmanager.com; object-src 'self' 1 frame-ancestors 'self' *.ucr.ac.cr 1 frame-ancestors https://*.icicilombard.com/ https://www.icicibank.com/ https://www.icicidirect.com/ https://www.idfcbank.com/ 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com *.yandex.com; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com https://passport.yandex.com wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com *.yandex.com; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com https://*.yandex.com *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.com *.yandex.com; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.com.com&showid=1566533189.57698.140377.145872&h=vla1-8287-a86-vla-portal-morda-31387&csp=old&date=20190823&yandexuid=5829847631566533189; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com https://www.yandex.com https://pass.yandex.com https://mc.yandex.com an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com www.yandex.com suggest.yandex.com; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=aa26fc1d-8f15-4e84-9da7-a1b8fe2cdc3f 1 upgrade-insecure-requests; default-src * data: blob: https://hello.myfonts.net/count/39cfed; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://hello.myfonts.net/count/39cfed https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn browser-update.org *.blob.core.windows.net *.adobedtm.com *.demandbase.com *.s3.amazonaws.com *.ads.linkedin.com *.onetrust.com https://cdn.cookielaw.org https://snap.licdn.com https://www.google-analytics.com https://connect.facebook.net; style-src * data: blob: 'unsafe-inline' https://hello.myfonts.net/count/39cfed; connect-src 'self' https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://hello.myfonts.net/count/39cfed https://privacyportal-de.onetrust.com/request/v1/consentreceipts* *.3gl.net https://maps.googleapis.com https://fonts.googleapis.com/css https://maps.google.com/mapfiles/ms/icons/red-dot.png https://maps.google.com/mapfiles/ms/icons/green-dot.png https://*.zscaler.net *.st.com *.stmicroelectronics.com.cn *.demandbase.com *.company-target.com *.s3.amazonaws.com https://api.ipify.org https://stmicroelectronics.tt.omtrdc.net https://dpm.demdex.net 1 frame-ancestors *.oray.com 1 script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.truefitcorp.com http://*.truefitcorp.com https://www.googletagmanager.com http://*.bazaarvoice.com https://*.bazaarvoice.com https://code.jquery.com https://*.evergage.com http://*.evergage.com http://*.academy.com https://*.academy.com https://*.iesnare.com https://*.amazonaws.com http://*.google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.scene7.com http://*.scene7.com https://*.firstdata.com https://*.google.com https://*.paypalobjects.com https://unpkg.com https://*.evgnet.com http://www.youtube.com https://www.youtube.com https://*.go-mpulse.net http://*.go-mpulse.net https://*.ytimg.com https://*.googleadservices.com https://cdn.b0e8.com https://*.micpn.com https://*.pbbl.co https://*.pinimg.com https://*.myvisualiq.net https://*.facebook.net https://*.doubleclick.net http://*.googleapis.com https://*.googleapis.com https://*.evgnet.com https://tagmanager.google.com https://*.cdn-net.com http://*.cdn-net.com https://*.akamaihd.net https://*.paymentjs.firstdata.com https://*.paypal.com https://*.rfihub.net https://*.rfihub.com https://*.dealtime.com http://*.myregistry.com https://*.myregistry.com https://*.gstatic.com http://incl-v2.academy.com.searchdex.net https://incl-v2.academy.com.searchdex.net https://*.bing.com http://*.bing.com https://*.iovation.com https://*.googletagservices.com https://*.rewardstyle.com https://*.kaptcha.com https://*.pingdom.net 1 default-src https://report.s.csp.squarespace.com; script-src https://static3.squarespace.com https://www.google.com https://www.gstatic.com; style-src https://static3.squarespace.com 'unsafe-inline'; img-src data: 'self' https://static1.squarespace.com https://static3.squarespace.com; base-uri 'none'; form-action 5help.squarespace.com support.squarespace.com squarespace.zendesk.com circleforum.squarespace.com; font-src data:; connect-src 'self' https://www.squarespace.com; report-uri https://webhook.squarespace.com/api/1/webhook-service/csp/events?password=tOC3CjS%2FG1amWWS%2F%2FKqhdPjae0CQaN85mseViZ6D6Nc%3D; frame-src https://www.google.com; child-src https://www.google.com; report-to https://webhook.squarespace.com/api/1/webhook-service/csp/events?password=tOC3CjS%2FG1amWWS%2F%2FKqhdPjae0CQaN85mseViZ6D6Nc%3D; 1 default-src http: https: 'self' data:; base-uri 'self'; child-src *; connect-src *; frame-ancestors https://landing.credit-agricole.it/; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.credit-agricole.it http://*.credit-agricole.it https://*.credit-agricole.it *.cloudfront.net http://*.cloudfront.net https://*.cloudfront.net *.doubleclick.net http://*.doubleclick.net https://*.doubleclick.net connect.ekomi.de http://connect.ekomi.de https://connect.ekomi.de widgets.ekomi.com http://widgets.ekomi.com https://widgets.ekomi.com *.facebook.net http://*.facebook.net https://*.facebook.net www.google.com http://www.google.com https://www.google.com www.google.it http://www.google.it https://www.google.it *.google-analytics.com http://*.google-analytics.com https://*.google-analytics.com www.googleadservices.com http://www.googleadservices.com https://www.googleadservices.com www.googletagmanager.com http://www.googletagmanager.com https://www.googletagmanager.com www.gstatic.com http://www.gstatic.com https://www.gstatic.com script.hotjar.com http://script.hotjar.com https://script.hotjar.com static.hotjar.com http://static.hotjar.com https://static.hotjar.com cdn.jsdelivr.net http://cdn.jsdelivr.net https://cdn.jsdelivr.net maps.ubiest.com http://maps.ubiest.com https://maps.ubiest.com www.youtube.com http://www.youtube.com https://www.youtube.com ajax.googleapis.com http://ajax.googleapis.com https://ajax.googleapis.com tagmanager.google.com http://tagmanager.google.com https://tagmanager.google.com *.amazonaws.com http://*.amazonaws.com https://*.amazonaws.com cdn.ravenjs.com http://cdn.ravenjs.com https://cdn.ravenjs.com *.ekomiapps.de http://*.ekomiapps.de https://*.ekomiapps.de *.mynsystems.com http://*.mynsystems.com https://*.mynsystems.com secure.adnxs.com http://secure.adnxs.com https://secure.adnxs.com ads.avocet.io http://ads.avocet.io https://ads.avocet.io s.yimg.com http://s.yimg.com https://s.yimg.com *.analytics.yahoo.com http://*.analytics.yahoo.com https://*.analytics.yahoo.com; style-src 'unsafe-inline' 'self' *.credit-agricole.it http://*.credit-agricole.it https://*.credit-agricole.it *.amazonaws.com http://*.amazonaws.com https://*.amazonaws.com fonts.googleapis.com http://fonts.googleapis.com https://fonts.googleapis.com tagmanager.google.com http://tagmanager.google.com https://tagmanager.google.com widgets.ekomi.com http://widgets.ekomi.com https://widgets.ekomi.com *.ekomiapps.de http://*.ekomiapps.de https://*.ekomiapps.de 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.thesprucecrafts.com *.qa.aws.thesprucecrafts.com atlas.thesprucecrafts.com atlas.local.thesprucecrafts.com 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=9025b325-d689-4be0-825c-24060443e1b8&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=9025b325-d689-4be0-825c-24060443e1b8&version=sha%3D08d263b5b0c8&report_only=false 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.uz https://*.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.uz *.yandex.uz; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net zen.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.uz https://passport.yandex.uz wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.uz *.yandex.uz; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.uz https://*.yandex.uz awaps.yandex.net *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.uz *.yandex.uz; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.uz&showid=1566535878.95663.140409.130117&h=man2-6066-a90-man-portal-morda-29675&csp=old&date=20190823&yandexuid=6793319241566535878; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.uz https://www.yandex.uz https://pass.yandex.uz https://mc.yandex.uz zen.yandex.uz an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.uz www.yandex.uz suggest.yandex.uz; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net zen.yandex.uz static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 default-src 'self' *.adsrvr.org *.vmmpxl.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com fast.fonts.net *.cloudflare.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.lobbytools.com *.boldchat.com code.jquery.com www.healow.com js-agent.newrelic.com congress.api.sunlightfoundation.com maps.googleapis.com tagmanager.google.com sp.analytics.yahoo.com analytics.twitter.com static.ads-twitter.com s.yimg.com cdnjs.cloudflare.com t.sharethis.com www.googletagmanager.com *.google-analytics.com ws.sharethis.com www.youtube.com www.googleadservices.com secure.quantserve.com bat.bing.com *.e.akamai.net *.rfihub.com s.ytimg.com fast.fonts.net connect.facebook.net ppactionvoterguide.org *.ppactionvoterguide.org cdn.optimizely.com *.openlayers.org *.newtonsoftware.com bs.serving-sys.com i.simpli.fi secure.adnxs.com e.issuu.com d10lpsik1i8c69.cloudfront.net *.luckyorange.net *.luckyorange.com storify.com *.userzoom.com nextpatient.co *.nr-data.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish bbox.blackbaudhosting.com *.adroll.com *.optimizely.com widget.surveymonkey.com www.google.com www.gstatic.com *.instagram.com ajax.googleapis.com *.yelp.com *.yelpcdn.com ajax.cloudflare.com *.doubleclick.net optimizely.s3.amazonaws.com *.ad.gt www.tintup.com *.twitter.com *.tintup.com *.twimg.com *.ngpvan.com d3js.org *.gstatic.com *.sitomobile.com *.simpli.fi *.quantcount.com *.adsrvr.org *.vmmpxl.com *.d3js.org sc-static.net *.adnxs.com *.crwdcntrl.net *.google.com *.cloudfront.net; connect-src 'self' *.openlayers.org *.google-analytics.com secure.ppaction.org www.ppaction.org l.sharethis.com logx.optimizely.com e.issuu.com pingback.issuu.com nextpatient.co *.luckyorange.com *.luckyorange.net api-dot-lucky-orange.appspot.com pubsub.googleapis.com/v1/projects/lucky-orange/* pubsub.googleapis.com/v1/projects/lucky-orange/topics/recording-data:publish pubsub.googleapis.com/v1/projects/lucky-orange/topics/recordings:publish fifqau3zr2.execute-api.us-east-1.amazonaws.com ed7h91nn4l.execute-api.us-east-1.amazonaws.com *.optimizely.com *.everyaction.com *.myngp.com; img-src 'self' 'unsafe-inline' data: *.ib5k.com *.boldchat.com insight.adsrvr.org www.plannedparenthood.org i.ytimg.com *.gstatic.com maps.googleapis.com t.co www.googleadservices.com sb.scorecardresearch.com l.sharethis.com *.google-analytics.com www.googletagmanager.com www.google.com ping.chartbeat.net pixel.quantserve.com bat.bing.com bat.r.msn.com img.youtube.com *.vimeo.com *.facebook.com www.healow.com vmap0.tiles.osgeo.org *.doubleclick.net image.isu.pub bbox.blackbaudhosting.com *.googleusercontent.com *.simpli.fi *.adroll.com *.paypalobjects.com *.phreesia.com *.w55c.net *.userzoom.com acuityplatform.com *.twitter.com *.twimg.com *.myngp.com *.everyaction.com *.sitomobile.com *.adsrvr.org *.vmmpxl.com *.cloudfront.net *.google.com *.crwdcntrl.net *.adnxs.com sc-static.net gwmtracking.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com nextpatient.co tagmanager.google.com fonts.googleapis.com fast.fonts.net ws.sharethis.com *.phreesia.com bbox.blackbaudhosting.com *.userzoom.com *.twitter.com *.cloudfront.net *.adsrvr.org *.vmmpxl.com; frame-src 'self' *.boldchat.com www.healow.com docasap.com www.google.com maps.googleapis.com maps.google.com external.ppsne.org e.issuu.com www.tintup.com tagmanager.google.com fonts.googleapis.com t.sharethis.com *.70n7.com secure.ppaction.org seg.sharethis.com ws.sharethis.com www.youtube.com player.vimeo.com www.ppaction.org register2.rockthevote.com connect.facebook.net *.facebook.com *.rfihub.com docs.google.com *.newtonsoftware.com *.doubleclick.net mapsengine.google.com storify.com *.meltwater.com bbox.blackbaudhosting.com surveymonkey.com *.surveymonkey.com *.nomotraplaws.com *.yelp.com *.yelpcdn.com feed.meltwater.com/gyda feed.meltwater.com *.ppaction.org *.optimizely.com cdn.hypemarks.com *.everyaction.com *.userzoom.com *.twitter.com *.71n7.com *.nextgen.com register.vote.org myrvplist.com *.adsrvr.org *.vmmpxl.com *.weareplannedparenthood.org *.weareplannedparenthoodaction.org *.snapchat.com *.actblue.com javamatch.matchinggifts.com www.flipcause.com secure.everyaction.com; frame-ancestors 'self' *.twitter.com www.healow.com *.ppaction.org *.adsrvr.org *.vmmpxl.com; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://seal.verisign.com https://privacy-policy.truste.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://*.kayako.com https://js.pusher.com https://*.requestb.in https://d3pkntwtp2ukl5.cloudfront.net https://*.ubembed.com https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.licdn.com https://*.linkedin.com https://*.tiqcdn.com https://*.tealiumiq.com https://*.norton.com https://*.bing.com data: 1 default-src 'none'; base-uri 'self'; form-action platform.twitter.com syndication.twitter.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com www.google-analytics.com code.jquery.com platform.twitter.com api.github.com www.ziprecruiter.com api.ziprecruiter.com codefund.app codefund.io 'nonce-MTA1NmVmMWItZmNhOS00MjMxLWE2NzQtYzI3Zjk2ZTM0Mzg5'; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com platform.twitter.com; img-src 'self' data: www.google-analytics.com bootswatch.com stats.g.doubleclick.net ad.doubleclick.net *.convertro.com *.c3tag.com *.2mdn.net codefund.app cdn2.codefund.app codefund.io cdn.codefund.io launchbit.com www.launchbit.com www.ziprecruiter.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' img.shields.io platform.twitter.com syndication.twitter.com; child-src 'self' img.shields.io platform.twitter.com syndication.twitter.com; connect-src syndication.twitter.com cdn2.codefund.app cdn.codefund.io; object-src img.shields.io; manifest-src 'self' 1 frame-ancestors https://www.expensify.com https://we.are.expensify.com https://*.salesforce.com chrome-extension://oiicpdkmeclmgmlmbajefnkalcfageek 1 default-src https: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob:; img-src https: data:; object-src 'none'; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation allow-modals; 1 report-uri https://www.asstr.org/csp-report.php ; upgrade-insecure-requests ; child-src https://*.google.com/ https://*.asstr.org http://*.nifty.org https://www.google.com ; img-src https://*.asstr.org http://*.nifty.org https://*.asstr.net https://*.creativecommons.org https://*.statcounter.com/ https://*.google-analytics.com https://*.google.com ; script-src https://cdn.jsdelivr.net/ https://*.tawk.to/ https://*.bootstrapcdn.com/ https://*.statcounter.com/ https://*.asstr.org http://*.nifty.org https://*.asstr.net https://*.creativecommons.org https://*.googleapis.com/ https://*.google-analytics.com https://*.google.com 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://*.asstr.org 1 frame-ancestors https://www.thetrainline.com https://www.liligo.fr 1 default-src 'self' https://www.koodomobile.com https://koodomobile.com https://b.koodomobile.com https://du4n2wiaamtmk.cloudfront.net/ https://*.googleapis.com https://*.gstatic.com https://nexus.ensighten.com https://assets.adobedtm.com telus.tt.omtrdc.net https://www.google.com https://www.youtube.com https://*.demdex.net https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.qualtrics.com https://dev.visualwebsiteoptimizer.com https://*.newrelic.com https://bam.nr-data.net https://static.ada.support https://koodo.ca.ada.support https://koodo-development.ca.ada.support https://cm.everesttech.net https://*.adgear.com https://mobility.telus.com https://koodo.sds.modeaondemand.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://www.koodomobile.com https://koodomobile.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: https://www.koodomobile.com https://koodomobile.com https://maps.gstatic.com https://maps.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.facebook.com https://b.koodomobile.com https://*.ensighten.com https://*.google-analytics.com https://*.youtube.com https://i.imgur.com https://static.ada.support; 1 frame-ancestors *.waves.com 1 frame-ancestors 'self' http://*.leroymerlin.fr https://*.leroymerlin.fr https://*.lmcdn.fr https://planv3.kazaplan.com 1 frame-ancestors https://*.modelmayhem.com; script-src * https://ssl.google-analytics.com https://pxlssl.ibpxl.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; object-src * 1 frame-ancestors 'self' https://*.atrapalo.com; report-uri /csp/report; 1 script-src 'sha256-929brH7diFRIdGzi0LQARuB5FwxpQLcFX/Wu52R8xvs=' 'self' 'self' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com http://static.hotjar.com https://static.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.geetest.com http://*.geetest.com https://www.bitmart.com http://script.hotjar.com/ https://script.hotjar.com/ http://vars.hotjar.com/ https://vars.hotjar.com/ http://dn-staticdown.qbox.me/ https://dn-staticdown.qbox.me/ https://*.atpsrv.net/ https://rum-static.pingdom.net https://*.zdassets.com; frame-ancestors 'self' http://vars.hotjar.com/ https://vars.hotjar.com/ https://*.zdassets.com 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=af4eedd7-73ae-476b-8495-ac3064bd7be8 1 frame-ancestors 'self' https://*.leetcode.com https://leetcode.com https://*.leetcode-cn.com https://leetcode-cn.com https://*.lingkou.com https://lingkou.com https://tongji.baidu.com https://www.growingio.com https://*.leetcode.pro https://leetcode.pro 1 script-src 'strict-dynamic' 'nonce-b20334472b404d6999476382b139407d' https: 'unsafe-inline' 'unsafe-eval' 'sha256-Uso0LfeBshT35JP1WDzn9KF9S1vFB3Qjf3whX63+p9Y' 'sha256-cWB6LeQeTPFHH9QCg8VrP0sPJfqqdgDupHwitbxysNo' 'sha256-up0uZfQVTmUQiOTQxNJmLrgq6IRkI7viZcpQMmVQl4o' 'sha256-1DKvbN+HgsZeFhE0aOvW80/CLSZqmIf80iKV8fr7Zms' 'sha256-Cew3JHaYZQh1NXER6+zMiIs0A5T4VeVm7LE56DDuTeQ' 'sha256-7IWl402jAQKfrGk0oeHEc2rO55/ibilfjzw9t/wh2zE' 'sha256-7kB9hVY6TOyKnT4HzvfGkVb5WepuCfi78o2NoWu0diI' 'sha256-rugzeIeOAbHu8C2ZBKnm6BEVkJn83Qjckw74j9LCVhg' 'sha256-8RIg1eUhopcNp9CzGBkk+nhNOkAoJ38tBWvNCcqx42M' 'sha256-kM5ZPLMOillb4HLQsbo7zB4ndziWbxu1/+OFjt7BHbE' 'sha256-4kdQEMufGIybwc/IpC5J8LiTAYOZ3uyqXbdNNxR9G18' 'sha256-MujPPKAkqxKI8F8pVMdmvdGMYzioyawJAheU44lV+ZY'; object-src https://secure.donorschoose.org/ https://donorschoose-storage.s3.amazonaws.com/ https://h.online-metrix.net/; base-uri https://www.donorschoose.org/ https://secure.donorschoose.org/; report-uri https://4bxqy2fn08.execute-api.us-east-1.amazonaws.com/default/csp-report-lambda; frame-ancestors 'self' https://*.donorschoose.org https://*.donorschoose.net 1 sandbox allow-scripts allow-same-origin allow-forms allow-popups allow-top-navigation allow-popups-to-escape-sandbox; 1 frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.verywellfamily.com *.qa.aws.verywellfamily.com atlas.verywellfamily.com atlas.local.verywellfamily.com https://specials.verywellfamily.com 1 frame-ancestors 4over.com *.4over.com *.authorize.net;†1 script-src 'report-sample' 'nonce-jHMh6H9Tn/KgG6xb5vzsaA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.yaru.ru&showid=1566553046.5982.155504.2654&h=man2-6027-e64-man-portal-morda-128-31667&csp=old&date=20190823&yandexuid=5003159751566553046; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=e07986d4-200d-4bfc-bd81-c1b6760d0ae5 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.imedia.cz *.sdn.szn.cz *.szn.cz *.sklik.cz http://*.imedia.cz https://*.imedia.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com cdn.ampproject.org *.twitter.com *.twimg.com *.facebook.net *.facebook.com https://www.gstatic.com https://ajax.googleapis.com https://track.adform.net *.seznam.cz https://www.seznam.cz *.prozeny.cz https://www.prozeny.cz *.pubmatic.com *.doubleverify.com *.serving-sys.com ads.celtra.com *.adform.net *.pliing.com *.adnxs.com *.adnxs.net *.doubleclick.net cdn.vistag.com login.szn.cz http://login.szn.cz https://login.szn.cz; frame-ancestors 'self' www.seznam.cz adminclanky.seznam.cz search.seznam.cz *.ampproject.org www.google.cz www.google.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.byrdie.com *.qa.aws.byrdie.com atlas.byrdie.com atlas.local.byrdie.com 1 default-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' data: https:; frame-src 'self' https:; font-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self'; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests; 1 style-src 'self' *.via.com/ *.googleapis.com/ *.google.com/ 'unsafe-eval' 'unsafe-inline' *.olark.com; font-src 'self' fonts.gstatic.com/ *.via.com/ *.facebook.com; img-src 'self' data: https://images.via.com https://cdn.via.com https://images4.via.com/ https://www.tripadvisor.com *.via.com/ *.googleapis.com *.gstatic.com *.google.com/ *.google.co.in/ googleads.g.doubleclick.net/ *.facebook.com www.google-analytics.com/ www.googleadservices.com/ stats.g.doubleclick.net/ www.tripadvisor.com/ *.firebaseio.com *.cloudfront.net/js/ct_logo.svg *.googletraveladservices.com www.googletagmanager.com/; script-src 'self' *.via.com/ *.olark.com *.googleapis.com *.google.com/ 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com/ www.google-analytics.com/ www.googleadservices.com/ *.clevertap.com/ *.facebook.net/ wzrkt.com/ *.cloudfront.net webchat.helpshift.com/ googleads.g.doubleclick.net/ bid.g.doubleclick.net/ *.firebaseio.com s3.ap-south-1.amazonaws.com/flexmoney-public/smart-detect/sud-kit/production/; frame-src *.facebook.com *.youtube.com *.google.com/ ads-feeder.appspot.com/ *.olark.com *.webchat.helpshift.com/ flightraja.helpshift.com *.firebaseio.com bid.g.doubleclick.net/; connect-src 'self' *.via.com/ *.googleapis.com *.google.com/ www.googletagmanager.com/ www.google-analytics.com/ www.googleadservices.com/ *.clevertap.com/ *.facebook.net/ wzrkt.com/ *.cloudfront.net *.firebaseio.com/ *.itzcash.com/ instacred.me/v1/smartUserDetect 1 default-src 'self' *.transunion.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net*.doubleclick.net *.company-target.com *.cibil.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com; script-src 'self' *.transunion.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.transunioncibil.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net cas.cluep.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.transunion.com *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com app.trustev.com pixel.mathtag.com; connect-src 'self' *.transunion.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.com; media-src 'self' *.transunion.com blob: *.brightcove.com; img-src * data:; font-src data: *.transunion.com *.cibil.com *.transunioncibil.com fonts.gstatic.com api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=0bfcb005-a4a3-4f11-92fa-e7d2a7fbccb6 1 frame-ancestors 'self' http://*.gobdigital.gba.gob.ar https://*.gobdigital.gba.gob.ar; 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-34c2099e131bc7f1e801b30ecad3147b' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cd6f1642-99b4-47d4-b48f-b31012f7fa33&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cd6f1642-99b4-47d4-b48f-b31012f7fa33&version=sha%3Db68f26972e89&report_only=false 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=eb09d83c-929a-45ce-8c6a-5eb6bd86b052 1 frame-src https://*.facebook.com http://*.facebook.com https://*.jollybuy.com http://*.jollybuy.com https://mfme.map.com.tw https://*.youtube.com;frame-ancestors https://*.facebook.com http://*.facebook.com https://*.jollybuy.com http://*.jollybuy.com http://admin.jollybuy.com 1 default-src 'self' *.pobeda.aero pobeda.aero *.google-analytics.com *.g.doubleclick.net mc.yandex.ru top-fwz1.mail.ru cors.io *.rentalcars.com *.ostrovok.ru *.clicktripz.com *.intentmedia.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.pobeda.aero yastatic.net *.googleadservices.com www.google-analytics.com *.g.doubleclick.net top-fwz1.mail.ru *.vk.com *.google.ru *.google.com *.google.de *.google.kz *.gstatic.com mc.yandex.ru cdn.sendpulse.com top-fwz1.mail.ru cors.io *.rentalcars.com *.ostrovok.ru *.clicktripz.com *.intentmedia.net code.createjs.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.pobeda.aero *.sendpulse.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.pobeda.aero; img-src 'self' *; child-src 'self' *; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.novobanco.pt srv.novobanco.pt ajax.googleapis.com code.createjs.com fonts.googleapis.com webcare.byside.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com s1.byside.com grmtech.net bs.serving-sys.com secure-ds.serving-sys.com s.ytimg.com www.youtube.com d3c3cq33003psk.cloudfront.net tagmanager.google.com www.googleadservices.com connect.facebook.net www.facebook.com cdn.cookielaw.org geolocation.onetrust.com optimize.google.com; frame-ancestors 'self' sec.novobanco.pt www.olx.pt m.olx.pt www.m.olx.pt www.imovirtual.com 1 default-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net; child-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net; frame-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net; img-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net; script-src 'self' *.360yield.com ad.ad-srv.net ad.doubleclick.net adfarm.mediaplex.com *.adnxs.com aka.spotxcdn.com *.atemda.com bam.nr-data.net *.bing.com cache.dtmpub.com *.calotag.com calotag.com *.facebook.com *.facebook.net *.casalemedia.com *.mouseflow.com *.cloudflare.com *.cloudfront.net d1.zedo.com data: *.dotomi.com *.brainsonic.com dpm.demdex.net *.fanplayr.com *.g.doubleclick.net go.flx1.com *.google-analytics.com *.googleapis.com *.google.com *.google.ie *.google.fr *.google.* *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com image2.pubmatic.com *.newrelic.com *.leetchi.com *.limonetik.com *.mathtag.com *.mediaplex.com *.mondialrelay.com *.nr-data.net *.ogone.com *.openx.net r.ad6media.fr r.casalemedia.com *.remintrex.com *.reussissonsensemble.fr smartbox-double-expresso-rtl2.xg1.li *.s3.amazonaws.com script.crazyegg.com secure.fastclick.net secure.img-cdn.mediaplex.com *.smartbox.com smartbox.d3.sc.omtrdc.net sv.ciblelink.com sync.adaptv.advertising.com sync.search.spotxchange.com track.effitarget.com *.tradedoubler.com *.email-reflex.com *.email-reflex.it *.email-reflex.es *.trustedshops.com ums.adtechus.com 'unsafe-eval' 'unsafe-inline' *.veinteractive.com vu.veoxa.com *.zanox.com s3-eu-west-1.amazonaws.com calotag.com track.effitarget.com rmta2.eperflex.com email-reflex.com email-reflex.it email-reflex.es lavidaesbella.es *.visualwebsiteoptimizer.com *.vwo.com widget.turba-webservices.com *.salesforceliveagent.com *.salesforceliveagent.com *.addthis.com *.addthisedge.com *.sandbox.local *.realytics.io *.realytics.net *.salesmanago.pl *.emlgrid.pl *.smgrid.pl *.youtube.com *.sharethis.com *.pinterest.com *.s3-us-west-2.amazonaws.com *.instagram.com *.w.org *.ampproject.org *.consensu.org *.fls.doubleclick.net *.sbxtest.net *.mplxtms.com *.optanon.blob.core.windows.net cdn.cookielaw.org *.retailmenot.fr *.onetrust.com *.amazon-adsystem.com *.everesttech.net *.demdex.net; 1 frame-ancestors 'self' *.wildberries.by 1 frame-src 'self' https://*.visualwebsiteoptimizer.com https://*.googletagmanager.com https://*.gryps.ch https://disqus.com https://*.g.doubleclick.net https://*.google.com https://*.bexio.com https://*.facebook.com https://*.twitter.com https://www.youtube.com https://*.ticketpark.ch; frame-ancestors 'self'; report-uri https://bexio.report-uri.io/r/default/csp/enforce; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https:; img-src https: data:; style-src 'unsafe-inline' fonts.googleapis.com https://kapitalbank.az https://livechat-static.brandembassy.com;font-src data: https://kapitalbank.az dq4irj27fs462.cloudfront.net https://fonts.gstatic.com https://livechat-static.brandembassy.com;connect-src wss://livechat-ws.brandembassy.com https://livechat-ws.brandembassy.com https://kapitalbank.az https://mc.yandex.ru https://onesignal.com https://www.facebook.com https://www.google-analytics.com; 1 default-src 'self' ssllabs.com *.ssllabs.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google.com/ https://cdn.bizible.com https://serve.albacross.com https://collect.albacross.com https://tagmanager.google.com; script-src 'self' https://cdnjs.cloudflare.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google.com/ https://cdn.bizible.com https://serve.albacross.com https://collect.albacross.com https://tagmanager.google.com 'sha256-b/ES1VZMgjYcvUcvmmSj/qEQTV6gTFugcTmkMS0E0qk=' 'sha256-MIHgzD5ZYexjYZVdlcHHJQONMefhA7YQw4t+st69/FA='; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=5c8a20d4-993d-43af-bc67-ae0faa580a23 1 default-src 'none'; connect-src 'self' https://yoast.com/feed/widget/; form-action 'self'; frame-ancestors 'self'; frame-src 'self' www.youtube.com https://www.instagram.com https://staticxx.facebook.com https://web.facebook.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://ajax.googleapis.com http://cdn.jsdelivr.net http://connect.facebook.net http://www.google-analytics.com http://www.gstatic.com http://www.instagram.com http://dmaps.daum.net http://t1.daumcdn.net; style-src 'self' 'unsafe-inline' https://cdn.outstanding.kr fonts.googleapis.com https://www.gstatic.com https://rgsharedweb.s3.amazonaws.com; font-src 'self' data: https://cdn.outstanding.kr https://fonts.gstatic.com; img-src * data:; 1 default-src 'self' https://d14jjfgstdxsoz.cloudfront.net http://platform.twitter.com https://platform.twitter.com http://syndication.twitter.com https://syndication.twitter.com http://*.olark.com https://*.olark.com http://meteor-frontpage-assets.s3.amazonaws.com https://meteor-frontpage-assets.s3.amazonaws.com http://*.marketo.com https://*.marketo.com http://*.marketo.net https://*.marketo.net http://*.cloudfront.net https://*.cloudfront.net http://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://d14jjfgstdxsoz.cloudfront.net 'unsafe-eval' http://cdn.optimizely.com https://cdn.optimizely.com http://www.googletagmanager.com https://www.googletagmanager.com http://cdn.heapanalytics.com https://cdn.heapanalytics.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://www.google-analytics.com https://www.google-analytics.com http://api.mixpanel.com https://api.mixpanel.com http://cdn.mxpnl.com https://cdn.mxpnl.com http://cdn.segment.com https://cdn.segment.com http://api.segment.io https://api.segment.io http://static.chartbeat.com https://static.chartbeat.com http://js.hs-analytics.net https://js.hs-analytics.net http://platform.twitter.com https://platform.twitter.com http://syndication.twitter.com https://syndication.twitter.com http://tag.perfectaudience.com https://tag.perfectaudience.com http://pixel-geo.prfct.co https://pixel-geo.prfct.co http://js.hsforms.net https://js.hsforms.net http://forms.hubspot.com https://forms.hubspot.com http://www.googleadservices.com https://www.googleadservices.com http://app.satismeter.com https://app.satismeter.com http://cdn.syndication.twimg.com https://cdn.syndication.twimg.com http://api.hubapi.com https://api.hubapi.com http://*.olark.com https://*.olark.com http://go.toutapp.com https://go.toutapp.com http://*.adroll.com https://*.adroll.com http://connect.facebook.net https://connect.facebook.net http://facebook.com https://facebook.com http://js.recurly.com https://js.recurly.com http://api.recurly.com https://api.recurly.com http://*.inspectlet.com https://*.inspectlet.com http://meteor-frontpage-assets.s3.amazonaws.com https://meteor-frontpage-assets.s3.amazonaws.com http://nectar.ninja https://nectar.ninja http://*.marketo.com https://*.marketo.com http://*.marketo.net https://*.marketo.net http://*.cloudfront.net https://*.cloudfront.net http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://threejs.org https://threejs.org http://cdn.jsdelivr.net https://cdn.jsdelivr.net http://www.fullstory.com https://www.fullstory.com http://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com http://my.hellobar.com https://my.hellobar.com; connect-src * 'self' https://d14jjfgstdxsoz.cloudfront.net http://platform.twitter.com https://platform.twitter.com http://syndication.twitter.com https://syndication.twitter.com http://*.olark.com https://*.olark.com http://meteor-frontpage-assets.s3.amazonaws.com https://meteor-frontpage-assets.s3.amazonaws.com http://*.marketo.com https://*.marketo.com http://*.marketo.net https://*.marketo.net http://*.cloudfront.net https://*.cloudfront.net http://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com wss://www.meteor.com; img-src data: 'self' https://d14jjfgstdxsoz.cloudfront.net http://* https://* http://platform.twitter.com https://platform.twitter.com http://syndication.twitter.com https://syndication.twitter.com http://*.olark.com https://*.olark.com http://meteor-frontpage-assets.s3.amazonaws.com https://meteor-frontpage-assets.s3.amazonaws.com http://*.marketo.com https://*.marketo.com http://*.marketo.net https://*.marketo.net http://*.cloudfront.net https://*.cloudfront.net http://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://d14jjfgstdxsoz.cloudfront.net http://platform.twitter.com https://platform.twitter.com http://syndication.twitter.com https://syndication.twitter.com http://*.olark.com https://*.olark.com http://meteor-frontpage-assets.s3.amazonaws.com https://meteor-frontpage-assets.s3.amazonaws.com http://*.marketo.com https://*.marketo.com http://*.marketo.net https://*.marketo.net http://*.cloudfront.net https://*.cloudfront.net http://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://d14jjfgstdxsoz.cloudfront.net http://* https://* http://platform.twitter.com https://platform.twitter.com http://syndication.twitter.com https://syndication.twitter.com http://*.olark.com https://*.olark.com http://meteor-frontpage-assets.s3.amazonaws.com https://meteor-frontpage-assets.s3.amazonaws.com http://*.marketo.com https://*.marketo.com http://*.marketo.net https://*.marketo.net http://*.cloudfront.net https://*.cloudfront.net http://maxcdn.bootstrapcdn.com https://maxcdn.bootstrapcdn.com; 1 default-src * blob:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; media-src * blob:; style-src 'self' 'unsafe-inline' * 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net https://*.muscache.cn; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-425736ca75f3bccee68b8888b68e45fa' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://a.alipayobjects.com https://gw.alipayobjects.com https://static.agrant.com.cn https://static.t.agrant.cn https://t.agrantsem.com https://ditu.google.com https://*.muscache.cn https://*.muscache.com https://ss.musthird.cn https://www.recaptcha.net/recaptcha https://m.baidu.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com 'sha256-00d8aUjZpHiuh3HoT5kPkSrDGA2vA9liaqGf9yg7w+I=' 'sha256-KqNAcQr2uMiAJPV3RQ68PYgokOQiVoFVXj8KmYUqaLI=' 'sha256-QQ28nMqgB+1t8z6ylTmBAdlBXm3iATmTPezSGkziFQs=' 'sha256-ei/yV0jofaAGqTKW+n8TwzNVNKXYaQIo2G1Kmau32Ig=' https://cms.gtags.net/ https://dat.gtags.net/ https://ut.gtags.net/; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' blob:; report-uri /tracking/csp?controller=china-guest-loop&action=%2F&req_uuid=cf0c177f-1a95-4c01-bdfa-a292a33520fc&version=sha%3Db38d015c9b7a&report_only=false; report-to /tracking/csp?controller=china-guest-loop&action=%2F&req_uuid=cf0c177f-1a95-4c01-bdfa-a292a33520fc&version=sha%3Db38d015c9b7a&report_only=false 1 script-src 'self'; 1 script-src 'nonce-2GkhBMOg2SZGeA/MWGXNQaMKLKA=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample'; object-src 'self' *.content.kidsa-z.com; frame-ancestors 'self' https://*.kidsa-z.com https://*.readinga-z.com https://*.raz-plus.com https://*.raz-kids.com https://*.headsprout.com https://*.sciencea-z.com https://*.writinga-z.com https://*.vocabularya-z.com https://*.readytesta-z.com;base-uri 'none'; report-uri /api/strict-csp-report; 1 frame-ancestors 'self' stageinsight.tax.deloitteonline.com stageinsight2.tax.deloitteonline.com 1 frame-ancestors 'self' http://jobspreader.com 1 default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-eval' tags.tiqcdn.com tealium.hs.llnwd.net service.maxymiser.net camelotcdn.abaresearch.uk www.google.com www.gstatic.com visitor-service-eu-west-1.tealiumiq.com visitor-service.tealiumiq.com cdn.otherlevels.com https://d1tbz2wut6tv8f.cloudfront.net/camelot/detect www.cdn-national-lottery.co.uk fls.doubleclick.net; style-src 'self' 'unsafe-inline' camelotcdn.abaresearch.uk service.maxymiser.net www.cdn-national-lottery.co.uk; frame-src 'self' https://payments1.national-lottery.co.uk https://payments2.national-lottery.co.uk *.doubleclick.net *.tealiumiq.com www.youtube.com service.maxymiser.net qgen.abaresearch.co.uk www.google.com chat.national-lottery.co.uk; img-src 'self' camelot.d3.sc.omtrdc.net service.maxymiser.net camelotcdn.abaresearch.uk i.ctnsnet.com www.cdn-national-lottery.co.uk blob:; connect-src 'self' camelotcdn.abaresearch.uk *.tealiumiq.com visitor-service-eu-west-1.tealiumiq.com visitor-service.tealiumiq.com js-api.otherlevels.com js-tags.otherlevels.com js-content.otherlevels.com js-mdn.otherlevels.com js-rich.otherlevels.com js-deliverability-api.otherlevels.com client-reporting.otherlevels.com https://d1tbz2wut6tv8f.cloudfront.net/camelot/detect prp-prod-ia-pub.national-lottery.co.uk www.cdn-national-lottery.co.uk chatapi.national-lottery.co.uk; frame-ancestors 'self'; font-src 'self' www.cdn-national-lottery.co.uk 1 default-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=38ddb6f7-4073-4c00-93de-88abfbc495cd 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.mx ; frame-src 'self' *.indeed.com *.indeed.com.mx https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.mx d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 script-src 'self' 'unsafe-inline' https://www.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.ampproject.org;script-src-elem 'self' 'unsafe-hashes' 'sha256-dQgnSPYbSvZYvivHGqzE9Pb9ds9FzRRbBDkxgt/sbDM=' 'sha256-G2CvDOSdZeixAGRXwWiD1g5ToAVLsVfFfDsDqC7plk0=' 'sha256-ASJm/SPXiz6HPHXG+mR/1tnV9JTzaX/T4lL3uC3CYIA=' 'sha256-dexky30Vnom/mzsCZDkyrb1ALQMZjYplIhc0r7CreyU=' 'sha256-d8wrfqLPNMzslaDdkRfyNHUDfDjfS93NG+JdKOADTD4=' 'sha256-yfaygvSe0Qd87FZBMVziH0SWhTtpJCZkKIRUO2oiX9I=' 'sha256-7vWo61O6x1krMhP326o1+t7OOikYdSD/z/e1mgj7/Ac=' 'sha256-mQcbTIdy0NnJqQGlpe1QUdS3WoY/BRil2t9CpP7peec=' 'sha256-kbxrHriawymV2s/j5ipepXD8uqW44SfyspWxb8Pg9Aw=' 'sha256-FO4a4vmnGKx9MDY0tiMmB7xtQTjoIPpm6B/FGCxb/20=' 'sha256-i2DuEj9Lv6oHFGHUSae7Qf6ev8x9VGPJ4cS39NBISL0=' 'sha256-0E0pvbXRioh5zfRKMA3W/qqFNqtKtZs/DDwW+oMIYOI=' https://www.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gp https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.nf https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tk https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.ampproject.org;script-src-attr 'unsafe-hashes' 'sha256-yidstvCyDn5kIvz2ZTPLozL+yFriA9MRNGaGmkfriaY=';style-src 'self' 'unsafe-inline';font-src 'self' https://*.gstatic.com;img-src 'self' https://images.dmca.com https://appn.center https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'none';object-src https://*.googlesyndication.com;frame-src 'self' https://*.doubleclick.net https://*.google.com;connect-src 'self' https://appn.center https://*.google-analytics.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://*.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;form-action https://*.paypal.com;base-uri 'self';manifest-src 'self';report-uri https://appn.center/apiv1/csp; 1 frame-ancestors 'self' *.brilliant.org *.online.tableau.com apps.facebook.com 1 frame-ancestors https://webvisor.com http://webvisor.com 1 frame-ancestors 'self' http://info.barchart.com 1 style-src 'unsafe-inline' 'self' *.yximgs.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.yximgs.com hm.baidu.com/hm.js retcode.alicdn.com/retcode/bl.js; img-src 'self' *.yximgs.com data: http: *.kuaishou.com hm.baidu.com/hm.gif arms-retcode.aliyuncs.com/r.png; media-src 'self' *.yximgs.com data:; font-src 'self' *.yximgs.com data:; worker-src 'self' *.yximgs.com blob:; report-uri /api/csp-report 1 child-src *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.facebook.com *.google.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.twitter.com *.sandbox.paypal.com *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.zmags.com; connect-src 'self' wss: *.accmats.com *.bronto.com:* *.brontops.com:* *.coremetrics.com ctiapi.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.livelook.com *.rollbar.com *.twitter.com *.paypalobjects.com *.paypal.com *.smartystreets.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.atechmotorsports.com *.zmags.com; font-src 'self' data: *.accmats.com *.paypalobjects.com *.googleapis.com *.gstatic.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com; frame-src 'self' *.cardinalcommerce.com *.covercraft.net *.coverking.com *.custhelp.com *.diffwizard.com *.doubleclick.net *.dxengineering.com *.facebook.com *.facebook.net funcaptcha.com *.google.com *.googleadservices.com *.oraclecloud.com *.powersportsplace.com *.saddleman.com *.summitracing.com *.atechmotorsports.com *.summit.network *.twitter.com *.pinterest.com *.paypalobjects.com *.paypal.com *.zscalerthree.net *.youtube.com *.hotjar.com *.hotjar.io *.zmags.com; img-src 'self' data: blob: *.abmr.net *.accmats.com *.amazonaws.com *.atechmotorsports.com *.bazaarvoice.com *.bbb.org *.bing.com *.bronto.com *.bron.to *.caltrend.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.doubleclick.net *.dxengineering.com *.facebook.com *.genuinehotrod.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com jwpltx.com *.mathtag.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.powersportsplace.com *.upsrow.com *.rnengage.com *.summitracing.com *.atechmotorsports.com *.trickflow.com *.twitter.com *.youtube.com *.riskified.com *.certcapture.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accmats.com *.adtag.where.com ajax.googleapis.com *.bing.com *.bronto.com *.caltrend.com *.channeladvisor.com *.cloudflare.com *.cloudfront.net *.coremetrics.com ctiapi.com *.custhelp.com *.facebook.net funcaptcha.com *.funcaptcha.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com googleads.g.doubleclick.net *.googletagmanager.com *.gstatic.com *.iesnare.com *.jquery.com *.jwpcdn.com *.livelook.com *.oraclecloud.com *.paypal.com *.paypalobjects.com *.pinterest.com *.rightnowtech.com *.rnengage.com *.summit.network *.summitracing.com *.atechmotorsports.com *.twitter.com *.certona.net *.res-x.com *.riskified.com *.certcapture.com *.zscalerthree.net *.hotjar.com *.hotjar.io *.zmags.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.accmats.com *.bronto.com *.caltrend.com cdn.materialdesignicons.com ctiapi.com *.custhelp.com *.livelook.com *.oraclecloud.com *.certcapture.com *.gstatic.com *.googleapis.com *.hotjar.com *.hotjar.io *.zmags.com *.zscalerthree.net; 1 frame-ancestors 'none'; base-uri 'none'; form-action 'self'; script-src 'self'; default-src 'self'; img-src 'self' data: 1 upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com 1 frame-ancestors 'self' http://vodafone.lookbookhq.com https://vodafone.lookbookhq.com http://*.vodafone.com https://*.vodafone.com; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d0ad2014-8011-48a3-bf1b-ce4e6471aac0 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-aKuoNcYUra' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com login.raiffeisen.ch ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; img-src 'self' data: statistics.raiffeisen.ch dmp.adform.net maps.googleapis.com maps.gstatic.com csi.gstatic.com khms0.googleapis.com khms1.googleapis.com www.homegate.ch dpm.demdex.net raiffeisen.demdex.net export.highcharts.com www.facebook.com ; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' api.raiffeisen.ch statistics.raiffeisen.ch www.homegate.ch prod1.solutions.webfg.ch dpm.demdex.net login.raiffeisen.ch raiffeisen.tt.omtrdc.net export.highcharts.com boersebeta.raiffeisen.ch boerse.raiffeisen.ch ; media-src 'self' ruz.ch www.ruz.ch media10.simplex.tv; frame-src * ; block-all-mixed-content ; report-uri https://api.rreports.ch/svreport/v1/api/wwwrch/csp ; 1 frame-ancestors 'self' https://*.cosmote.gr https://*.ote.gr https://*.11888.gr https://*.giaola.gr 1 default-src blob: data: 'unsafe-inline' 'unsafe-eval' https:; form-action https:; upgrade-insecure-requests; 1 frame-ancestors https://*.jobs.cz https://my.teamio.com https://*.facebook.com https://*.kurzy.cz; 1 script-src 'self' http: 'unsafe-eval' 'unsafe-inline' blob: 1 frame-ancestors https://adm.findagrave.com 1 frame-ancestors https://test-usertesting.skilljar.com https://university.usertesting.com 'self' 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: * ; font-src 'self' data: * ; frame-ancestors 'self' https://*.ualberta.ca 1 frame-ancestors *.citibank.com.au 1 default-src https: 'self' *.getpostman.com *.postman.co; font-src https: 'self' *.getpostman.com *.postman.co fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'none'; img-src * data:; script-src https: 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.pstmn.io www.google-analytics.com www.googletagmanager.com; style-src https: 'self' *.getpostman.com *.postman.co *.pstmn.io fonts.gstatic.com fonts.googleapis.com 'unsafe-inline'; connect-src wss: https: 1 default-src 'self'; script-src 'self' https://www.openhub.net; child-src 'self' https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com; object-src 'none'; media-src 'self' https://download.gimp.org https://www.mirrorservice.org; 1 frame-ancestors 'self'; upgrade-insecure-requests; report-uri /api/csp-report 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: ws: *.gifer.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.google.com *.googleapis.com *.gstatic.com *.googletagservices.com *.polyfill.io tagmanager.google.com gifer.b-cdn.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.googlesyndication.com gifer.b-cdn.net 1 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 1 frame-ancestors 'self' *.lumosity.com 1 frame-ancestors *.american.edu 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=4ae77767-4b01-4df5-b320-ba6e5fef101a 1 default-src 'self' https://analytics.aklamio.com https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.aklamio.com https://*.doubleclick.net https://java.com https://optimizely.s3.amazonaws.com https://tags.tiqcdn.com https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 1 frame-ancestors *.edfringe.com 1 style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' *.thinglink.com cdn.thinglink.me *.tlsrv.net teams.microsoft.com *.teams.microsoft.com *.skype.com *.itslearning.com *.itsltest.com; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d8172cbc-4ab9-4a4a-80fb-80fc37a0ad08 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.br ; frame-src 'self' *.indeed.com *.indeed.com.br https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.br d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 connect-src *; frame-src *; media-src blob: https:; style-src * 'unsafe-inline'; 1 default-src 'self';frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com;child-src 'self';img-src 'self' data: *.kromtech.net *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.doubleclick.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net;object-src 'self';connect-src 'self' *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com wss://*.hotjar.com 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.comwww.aboutespanol.com *.qa.aws.aboutespanol.com atlas.aboutespanol.com atlas.local.aboutespanol.com 1 frame-ancestors 'self' *.tennis-warehouse.com www.tenniswarehouse-europe.com www.tennisonly.com.au; 1 default-src *.webstaurantstore.com; object-src 'none'; base-uri 'self' https://optimize.google.com/optimize/editor/; script-src *.webstaurantstore.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googlecommerce.com *.gstatic.com *.googleadservices.com *.google.com *.google-analytics.com *.facebook.net *.yimg.com *.yahoo.com *.bing.com *.bizrate.com *.shopzilla.com api.instagram.com *.twitter.com *.linkedin.com *.longtailvideo.com *.pinterest.com www.googletagmanager.com www.resellerratings.com *.g.doubleclick.net *.scarabresearch.com a.quora.com js-agent.newrelic.com bam.nr-data.net *.sitejabber.com s.pinimg.com; style-src 'unsafe-inline' *.webstaurantstore.com *.googleapis.com *.google.com *.resellerratings.com *.sitejabber.com; img-src data: blob: *.webstaurantstore.com *.gstatic.com *.googlecommerce.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.facebook.com *.staticflickr.com *.msn.com *.bing.com *.pricegrabber.com *.bizrate.com *.bizrateinsights.com *.googleadservices.com *.amazon-adsystem.com *.connexity.net *.doubleclick.net *.google.com *.cdninstagram.com *.linkedin.com *.twitter.com *.longtailvideo.com *.pinterest.com securetracking.adsprotection.com *.resellerratings.com q.quora.com alb.reddit.com cx.atdmt.com bam.nr-data.net *.sitejabber.com www.commerce-connector.com pinterest.adsymptotic.com *.cloudfront.net; frame-src *.webstaurantstore.com *.googlecommerce.com *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.youtube.com apps.kaonadn.net *.pinterest.com www.googletagmanager.com *.twitter.com; font-src data: *.webstaurantstore.com *.gstatic.com *.sitejabber.com; connect-src *.webstaurantstore.com *.google-analytics.com www.resellerratings.com *.google.com *.scarabresearch.com *.linkedin.com stats.g.doubleclick.net *.clarkinc.biz bam.nr-data.net *.facebook.com *.sitejabber.com ct.pinterest.com s.yimg.com; report-uri //www.webstaurantstore.com/api/v2/logs/?ReportingOnly=0 1 default-src 'self'; img-src https://optimize.google.com * data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com; frame-src www.youtube-nocookie.com https://optimize.google.com; connect-src https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=a65a8c34-c94a-4f52-b160-e94d75db3145 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flyasiana.com *.googleapis.com *.youtube.com *.google-analytics.com sslwidget.criteo.com static.criteo.net connect.facebook.net eba-amadeus.netdna-ssl.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.kr h.online-metrix.net www.vpay.co.kr *.bankpay.or.kr nsp.pay.naver.com pay.naver.com *.easypay.co.kr developers.kakao.com code.jquery.com kmpay.lgcns.com pg.cnspay.co.kr developers.kakao.com s.ytimg.com *.gstatic.com remote.captcha.com facebook.com twitter.com service.weibo.com vbv.samsungcard.co.kr *.recopick.com onsalemobile.uplus.co.kr *.connect.travelaudience.com secureapi.eximbay.com 1 frame-ancestors 'self' millenniumimoveis.janeladigital.com; 1 frame-ancestors 'self' https://*.crowdrise.com https://www.alstexas.org https://www.dreamcenters.com https://www.gaucherdisease.org https://fundraise.weizmann-usa.org https://www.americansforthearts.org https://www.hamiltoninpuertorico.org https://*.crowdrise.com https://www.soul-cycle.com/ https://rocpcc.org https://www.cyjsproutlake.org https://edit-www.umassmed.edu https://engage.active.com https://friends-national.my.salesforce.com https://lusciouslumberjack.com https://mobile.suntory.co.jp https://translate.googleusercontent.com https://*.mailchimp.com https://www.baycove.org https://www.bing.com https://www.bostonbulldogsrunning.com https://www.eventbrite.com https://www.fundamental.nyc https://www.huffingtonpost.com https://www.kidsaap.org https://www.kqtcon.org https://www.laounyawintergala.com https://www.lifestrawpr.org https://www.omidfoundation.com https://www.stmaryes.org https://www.streakingthelawn.com https://www.thecalliopejoyfoundation.org https://www.un-scripted.com https://www.williammurraygolf.com https://www.marchforscience.com https://www.womensmarch.com https://zachburris.com https://www.lpcenters.com; report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-yVuSstXhel' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 frame-ancestors 'self' *.ampproject.org *.zdbb.net 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=7cc4787a-fef7-4014-9638-9d292e07b824 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com *.yandex.com; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com https://passport.yandex.com wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com *.yandex.com; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com https://*.yandex.com *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.com *.yandex.com; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.com.com&showid=1566523228.74237.176055.144801&h=vla1-8817-936-vla-portal-morda-pre-fb0-9235&csp=old&date=20190823&yandexuid=7925084901566523228; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com https://www.yandex.com https://pass.yandex.com https://mc.yandex.com an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com www.yandex.com suggest.yandex.com; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 frame-ancestors 'self' piwik.mpg.de statistics.mpg.de analytics.mpg.de; 1 default-src 'self' https://img.zumpercdn.com; script-src 'self' 'unsafe-eval' www.googleadservices.com *.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.getblueshift.com *.scorecardresearch.com connect.facebook.net djnf6e5yyirys.cloudfront.net tracking.listhub.net cdnjs.cloudflare.com static.criteo.net *.criteo.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net 'nonce-a8f1b9cb-c998-4c36-961f-6c19f3c3804e' *.friendbuy.com cdn.jsdelivr.net *.trovit.com *.stripe.com; connect-src 'self' *.zumper.com api.getblueshift.com www.google-analytics.com www.facebook.com ssl.geoplugin.net *.doubleclick.net api.rollbar.com logx.optimizely.com cdn.optimizely.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.friendbuy.com *.recombee.us *.stripe.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; frame-src 'self' *.facebook.com *.doubleclick.net *.criteo.com *.criteo.net *.googletagmanager.com www.youtube-nocookie.com my.matterport.com geocv.com *.stripe.com; img-src 'self' data: blob: *.googleapis.com *.gstatic.com www.google-analytics.com www.googletagmanager.com www.facebook.com *.ggpht.com *.scorecardresearch.com *.doubleclick.net *.criteo.com *.criteo.net d2t1047w253zzm.cloudfront.net img.youtube.com *.matterport.com https://static.zumpercdn.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net www.google.com www.google.ca rd.trovit.com tracking.listhub.com tracking.listhub.net tracking.listhub.biz techcrunch.com img.buzzfeed.com housemethod.com i.amz.mshcdn.com *.stripe.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://api.tiles.mapbox.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; form-action 'self' www.facebook.com; worker-src blob:; child-src blob:; report-uri https://1bf96f85da4d4d6fd196bd9500cbb0b6.report-uri.com/r/t/csp/enforce; frame-ancestors *.relocation-portal.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=675a71fc-9a31-41a6-81cb-aefc8d849506 1 connect-src 'self' wss://webasr.yandex.net https://mc.webvisor.com https://mc.webvisor.org wss://push.yandex.ru wss://portal-xiva.yandex.net https://yastatic.net https://home.yastatic.net https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com static.yandex.sx brotli.yastatic.net et.yastatic.net *.serving-sys.com an.yandex.ru awaps.yandex.ru storage.mds.yandex.net music.yandex.ru music-browser.music.yandex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net portal-xiva.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.yandex.net yandex.st yandex.com *.yandex.com; default-src 'self' blob: wss://portal-xiva.yandex.net yastatic.net yastat.net portal-xiva.yandex.net; font-src 'self' https://yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net; frame-src 'self' yabrowser: data: https://www.youtube.com https://player.video.yandex.net https://ya.ru https://ok.ru https://yastatic.net https://yandex.ru https://*.yandex.ru https://downloader.yandex.net https://pass.yandex.com https://passport.yandex.com wfarm.yandex.net secure-ds.serving-sys.com yandexadexchange.net *.yandexadexchange.net music.yandex.ru music.yandex.kz yastatic.net yandex.ru *.yandex.ru awaps.yandex.net *.cdn.yandex.net yandex.com *.yandex.com; img-src 'self' data: https://yastatic.net https://home.yastatic.net https://*.yandex.ru https://*.yandex.net https://*.tns-counter.ru https://yandex.com https://*.yandex.com *.yastatic.net gdeua.hit.gemius.pl pa.tns-ua.com mc.yandex.com mc.webvisor.com mc.webvisor.org static.yandex.sx brotli.yastatic.net et.yastatic.net *.moatads.com avatars.mds.yandex.net bs.serving-sys.com an.yandex.ru awaps.yandex.ru nissanhelioseurope.demdex.net mc.admetrica.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net *.yandex.net resize.yandex.net yastatic.net home.yastatic.net yandex.ru *.yandex.ru *.tns-counter.ru yandex.st yandex.com *.yandex.com; media-src 'self' blob: data: *.storage.yandex.net *.yandex.net strm.yandex.ru strm.yandex.net *.strm.yandex.net *.cdn.yandex.net storage.mds.yandex.net *.storage.mds.yandex.net yastatic.net kiks.yandex.ru; object-src 'self' *.yandex.net music.yandex.ru strm.yandex.ru flashservice.adobe.com yastatic.net kiks.yandex.ru awaps.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?project=morda&from=morda.com.com&showid=1566526029.38551.140476.130475&h=man2-5141-c89-man-portal-morda-29675&csp=old&date=20190823&yandexuid=4289863601566526029; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://suburban-widget.rasp.yandex.ru https://suburban-widget.rasp.yandex.net https://music.yandex.ru https://mc.yandex.fr https://mc.webvisor.com https://yandex.fr https://mc.webvisor.org https://yastatic.net https://home.yastatic.net https://mc.yandex.ru https://pass.yandex.ru https://yandex.com https://www.yandex.com https://pass.yandex.com https://mc.yandex.com an.yandex.ru api-maps.yandex.ru static.yandex.sx webasr.yandex.net brotli.yastatic.net et.yastatic.net z.moatads.com bs.serving-sys.com secure-ds.serving-sys.com zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru awaps.yandex.ru storage.mds.yandex.net msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net yandex.ru www.yandex.ru mc.yandex.ru suggest.yandex.ru clck.yandex.ru awaps.yandex.net yandex.com www.yandex.com suggest.yandex.com; style-src 'self' 'unsafe-inline' https://yastatic.net https://home.yastatic.net static.yandex.sx brotli.yastatic.net et.yastatic.net zen.yandex.ru yabro1.zen-test.yandex.ru main.zdevx.yandex.ru msk-cdn-exp.yastatic.net msk-cdn-etl.yastatic.net yastat.net br.yastatic.net yastatic.net home.yastatic.net; 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cdfa9514-9179-4dba-9104-708f2daa307f 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=36c3a952-3ba7-4bdb-9036-1a008c67f301 1 connect-src 'self' *.ocs.fr; font-src 'self' https://github.com/google/fonts/blob/master/apache/opensans/* fonts.gstatic.com fonts.googleapis.com https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-Light.ttf https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-Semibold.ttf https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-Bold.ttf https://github.com/google/fonts/blob/master/apache/opensans/OpenSans-LightItalic.ttf; img-src 'unsafe-inline' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdnjs.cloudflare.com *.ocs.fr *.ads-twitter.com connect.facebook.net *.google-analytics.com *.googletagmanager.com google-analytics.com/* *.qualifio.com/* platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com platform.twitter.com; report-uri https://www.ocs.fr/report-uri/enforce 1 default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src http: https: data: 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: https: data: 'unsafe-inline' 'unsafe-eval'; worker-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; font-src http: https: data: 'unsafe-inline' 'unsafe-eval'; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f6120fa4-1115-4864-9b6d-2293f4f9fd14 1 default-src 'self' *.thehartford.com *.hfdstatic.com aa.agkn.com ecf.d41.co ; font-src 'self' *.thehartford.com *.hfdstatic.com fonts.gstatic.com ; frame-ancestors 'self' *.thehartford.com ; frame-src *.thehartford.com service.maxymiser.net www.youtube.com pub.s1.exacttarget.com *.fls.doubleclick.net bid.g.doubleclick.net hosted.where2getit.com nebula-cdn.kampyle.com 4198899.fls.doubleclick.net 8941796.fls.doubleclick.net uk132.infusionsoft.com datacloud.tealiumiq.com connect.facebook.net *.akamaihd.net; connect-src *.thehartford.com api4391.d41.co rules.atgsvcs.com collect.tealiumiq.com www.google-analytics.com stats.g.doubleclick.net img.c3tag.com www.googletagmanager.com ui.powerreviews.com ampcid.google.com s.srvsynd.com readservices-b2c.powerreviews.com ct.pinterest.com api.genesyscloud.com 530-ct.c3tag.com my.tealiumiq.com display.powerreviews.com *.akamaihd.net; img-src 'self' data: *.thehartford.com *.hfdstatic.com api4391.d41.co cdn-0.d41.co ecf.d41.co aa.agkn.com so.rlcdn.com service.maxymiser.net aa.agkn.com res.cloudinary.com http://image.insurance.thehartford.com ct.pinterest.com pinterest.adsymptotic.com uconnect.tealiumiq.com da.usaa.com uk132.infusionsoft.com hits.convergetrack.com pixel.quantserve.com t.powerreviews.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com secure.adnxs.com login.dotomi.com nebula-cdn.kampyle.com udc-neb.kampyle.com www.googletagmanager.com sp.analytics.yahoo.com bat.bing.com googleads.g.doubleclick.net my.tealiumiq.com analytics.convertlanguage.com *.akamaihd.net; style-src 'self' *.thehartford.com *.hfdstatic.com ui.powerreviews.com fonts.googleapis.com thehartford-consumer--tst.widget.custhelp.com *.akamaihd.net 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thehartford.com *.hfdstatic.com api4391.d41.co cdn-0.d41.co so.rlcdn.com vsvipmw01.rightnowtech.com thehartford-consumer.widget.custhelp.com rules.atgsvcs.com display.powerreviews.com www.linkedin.com s.pinimg.com ni.thehartford.com uconnect.tealiumiq.com my.tealiumiq.com datacloud.tealiumiq.com googleads.g.doubleclick.net secure.quantserve.com *.akamaihd.net secure.adnxs.com insight.adsrvr.org data.adxcel-ec2.com aa.agkn.com aa.agkn.com sp.analytics.yahoo.com static.atgsvcs.com beacon.krxd.net bat.bing.com sjs.bizographics.com 530 ct.c3tag.com assets.contently.com track.contently.com hits.convergetrack.com thehartford-consumer--tst1.custhelp.com thehartford-consumer--tst1.widget.custhelp.com s.delvenetworks.com login.dotomi.com 2576829.fls.doubleclick.net 4198899.fls.doubleclick.net 4980559.fls.doubleclick.net 8941796.fls.doubleclick.net pubads.g.doubleclick.net stats.g.doubleclick.net as00.estara.com conv-tm.everesttech.net www.facebook.com connect.facebook.net adservice.google.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com mpsnare.iesnare.com uk132.infusionsoft.com solutions.invocacdn.com nebula-cdn.kampyle.com secure.leadforensics.com video.limelight.com www.limelight.com px.ads.linkedin.com www.livelook.com service.maxymiser.net cdn.mouseflow.com mpp.mxptint.net onlinebusinessservicsc60333118us1.cobrowse.oraclecloud.com public.cobrowse.oraclecloud.com pixelg.adswizz.com readservices-b2c.powerreviews.com t.powerreviews.com ui.powerreviews.com pixel.quantserve.com www.rackcdn.com bcvipmw11.rightnowtech.com www.rnengage.com s.srvsynd.com trc.taboola.com tags.tiqcdn.com www.youtube.com i.ytimg.com i9.ytimg.com s.ytimg.com adadvisor.net cdn.ampproject.org fontawesome.io rules.quantcount.com analytics.convertlanguage.com 1 default-src *; script-src 'unsafe-eval' 'unsafe-inline' http: https:; style-src 'unsafe-inline' http: https:; img-src * data: https: http: 1 connect-src 'self' https://*.google-analytics.com https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self' *.bootstrapcdn.com *.google-analytics.com *.gstatic.com https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://*.vimeo.com https://www.youtube.com https://*.google.com https://*.index-education.com http://*.index-education.com http://index-education.com;media-src 'self' https://*.vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'; report-uri https://www.index-education.com/violationReportCSP.php;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://*.vimeo.com https://*.vimeocdn.com https://*.google.com *.gstatic.com code.jquery.com http://*.google-analytics.com https://*.google-analytics.com *.datatables.net https://*.index-education.com http://*.index-education.com https://*.bootstrapcdn.com http://index-education.com;style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com *.bootstrapcdn.com https://*.index-education.com http://*.index-education.com;font-src 'self' *.bootstrapcdn.com *.gstatic.com https://*.index-education.com http://*.index-education.com;img-src 'self' *.google-analytics.com *.gstatic.com *.doubleclick.net *.google.com *.google.fr data:; 1 frame-ancestors 'self' https://*.uit.no https://app.xtramile.no https://www.kunnskapscim.no 1 frame-ancestors *.dowjones.net *.mansionglobal.com *.huanyuju.com 1 default-src * 'unsafe-inline' 'unsafe-eval'; child-src http: https: 'self' data: blob:; font-src http: https: 'self' data:; frame-src http: https: 'self'; img-src http: https: 'self' data:; script-src http: https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: wss:; style-src http: https: 'self' 'unsafe-inline' 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=c5350456-4bd6-4cf6-b9b6-dd38e2430c75 1 default-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov *.e.internal.r1s-prod.com 'self' blob: ; script-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://cdn.ravenjs.com https://sentry.io https://www.google.com/recaptcha/ https://connect.facebook.net https://*.sharethis.com 'unsafe-eval' 'unsafe-inline' ; style-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://use.fontawesome.com https://*.mapbox.com https://mapbox.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline' ; img-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://stats.g.doubleclick.net https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://www.google-analytics.com https://ridb.recreation.gov https://fs.usda.gov https://www.fs.usda.gov https://*.staticflickr.com https://*.googleusercontent.com https://www.googletagmanager.com https://www.google.com https://google.com https://*.siteintercept.qualtrics.com https://co1.qualtrics.com https://siteintercept.qualtrics.com https://*.sharethis.com https://s3.amazonaws.com/sharethis-socialab-prod/ 'self' data: blob: ; media-src https://www.nps.gov https://www.youtube.com https://youtu.be 'self' ; font-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://fonts.gstatic.com https://use.fontawesome.com; connect-src https://recreation.gov https://*.recreation.gov https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.recreation.gov https://*.mapbox.com https://mapbox.com https://freegeoip.net https://*.launchdarkly.com https://sentry.io https://siteintercept.qualtrics.com https://*.sharethis.com 'self' ; object-src 'self' blob: ; worker-src https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com 'self' blob: ; frame-src https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://*.cdc.nicusa.com https://www.google.com https://google.com https://tagmanager.google.com https://www.googletagmanager.com https://*.consensu.org 'self' blob: ; 1 frame-ancestors 'self' http://acquia.lookbookhq.com https://acquia.lookbookhq.com https://acquia.docebosaas.com https://confluence.acquia.com; report-uri /report-csp-violation 1 default-src 'self'; img-src 'self' data: https://s3.amazonaws.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' https://js.stripe.com https://s3.amazonaws.com; frame-src 'self' https://js.stripe.com https://www.youtube.com;script-src 'self' https://js.stripe.com; 1 frame-ancestors 'self' http: https: *.simplywall.st simplywall.st capacitor: localhost; 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.zenaps.com https://ln-rules.rewardstyle.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://translate.googleapis.com https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.mybag.com https://checkout.mybag.com https://www.mybag.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://remote.captcha.com https://seal.digicert.com https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1 default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src static.ycx.santander.pl https://static3.santander.pl https://stats.g.doubleclick.net https://www.facebook.com https://my.tealiumiq.com https://*.googleapis.com static.yourcx.io https://www.google.pl https://maps.gstatic.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://bankmozliwosci.santander.pl https://www.googletagmanager.com www.google.com www.google-analytics.com 'self' data:; frame-src http://bank.santander.pl https://invis.io https://optimize.google.com https://ent.activeforms.com http://ent.activeforms.com opinia.santander.pl http://formularze.santander.pl https://cloud.webankieta.pl https://formularze.santander.pl https://projects.invisionapp.com http://santanderleasing.pl https://tutajdoladuj.blue.pl https://static.ycx.santander.pl https://datacloud.tealiumiq.com https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://www.static.ycx.santander.pl https://www.script.crazyegg.com static.ycx.santander.pl https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://maps.googleapis.com http://static.ycx.santander.pl http://www.script.crazyegg.com https://googleads.g.doubleclick.net https://user-event-tracker.crazyegg.com www.google.com https://visitor-service-eu-central-1.tealiumiq.com https://www.youtube.com www.google-analytics.com https://www.google.com https://connect.facebook.net https://tags.tiqcdn.com https://s.ytimg.com https://script.crazyegg.com https://cloud.webankieta.pl static.yourcx.io https://maps.gstatic.com https://static.ycx.santander.pl https://www.google-analytics.com http://script.crazyegg.com http://www.static.ycx.santander.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://collect.tealiumiq.com https://my.tealiumiq.com 'self' 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/wmag 1 frame-ancestors *.macsales.com *.ntdist.com *.owcnow.com 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-oCBnFKviLt' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.mydomaine.com *.qa.aws.mydomaine.com atlas.mydomaine.com atlas.local.mydomaine.com 1 default-src wss: https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src data: https: 1 base-uri 'self'; default-src 'self'; script-src 'self' https://dreambroker.com 'nonce-04ae02b5-2956-4da4-a72c-b50fb0381849'; style-src 'self' 'nonce-04ae02b5-2956-4da4-a72c-b50fb0381849'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://yhteystietohakemisto.valtori.fi https://api.digitransit.fi; child-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:; frame-src 'self' https://hkptesti.maanmittauslaitos.fi https://hkp.maanmittauslaitos.fi https://api.digitransit.fi https://dreambroker.com data:; object-src 'none'; frame-ancestors 'none' https://*.tunnistus.fi 1 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;object-src *;style-src 'unsafe-inline' *;img-src * data:;media-src *;font-src *;connect-src *;child-src * callback:;form-action *;frame-ancestors *;worker-src * 1 upgrade-insecure-requests; frame-ancestors 'self' *.orange.ro 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/; img-src 'self' https://www.google-analytics.com/ https://www.paypalobjects.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none' 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-763d20c3794bfe074f5c1224a1966b02' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=df705f3f-57b3-49c9-a6e3-631d09378eda&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=df705f3f-57b3-49c9-a6e3-631d09378eda&version=sha%3Db68f26972e89&report_only=false 1 frame-ancestors 'self' https://rapid7.lookbookhq.com https://content.rapid7.com 1 frame-ancestors 'self'; block-all-mixed-content; report-uri https://lidlcsp.report-uri.io/r/default/csp/enforce; 1 frame-ancestors https://www.bottegaveneta.com/ https://www.bottegaveneta.com/ ; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=ee4a9a3b-eabd-4ed9-b6ff-a9e1928823b9 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=01306de1-4878-41dd-9069-16a141469814 1 upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' *; 1 default-src 'self' ; style-src 'self' ; media-src 'self' https://download.elster.de ; img-src 'self' https://anycast.elster.de ; connect-src 'self' https://lxelma5p.bfinv.de wss://www.elster.de https://datenabholung1.elster.de https://datenabholung2.elster.de ; object-src 'self' blob: ; form-action 'self' ; frame-ancestors 'self' 1 default-src * wss: data: 'unsafe-inline' 'unsafe-eval' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.belfius.be https://assets.adobedtm.com https://maps.googleapis.com https://www.youtube.com/iframe_api https://*.salemove.eu https://*.salemove.com https://s.ytimg.com; 1 default-src 'self'; script-src 'self' service.bmf.gv.at bksuche.brz.gv.at static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' www.etracker.de; connect-src 'self' www.etracker.de bksuche.brz.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; child-src 'self'; frame-src *; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; 1 frame-ancestors *.ooredoo.qa 1 frame-ancestors 'self' http://*.sharecare.com https://*.sharecare.com http://*.qualityhealth.com https://*.qualityhealth.com 1 default-src 'self' blob:; img-src 'self' *.nextsphere.com *.nstitan.com *.oppwa.com *.flptitanqa.com mecdb.myecheck.com www1.myecheck.com oppwa.com *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com www.google-analytics.com stats.g.doubleclick.net www.google.com *.clicktale.net data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com s3-us-west-2.amazonaws.com x1.xingassets.com maps.gstatic.com *.googletagmanager.com maps.googleapis.com optimize.google.com; script-src 'self' *.authorize.net www.youtube.com *.oppwa.com *.s3-us-west-2.amazonaws.com mecdb.myecheck.com www1.myecheck.com oppwa.com *.googleapis.com *.flptitanqa.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com *.s3.amazonaws.com *.nextsphere.com *.nstitan.com optimize.google.com www.googletagmanager.com www.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com acaptureservices.com test.oppwa.com maxcdn.bootstrapcdn.com *.clicktale.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.nextsphere.com *.typekit.net *.nstitan.com *.oppwa.com mecdb.myecheck.com *.flptitanqa.com www1.myecheck.com oppwa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com optimize.google.com fonts.googleapis.com cdnjs.cloudflare.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src 'self' *.nextsphere.com *.typekit.net *.bootstrapcdn.com *.nstitan.com *.oppwa.com *.flptitanqa.com www1.myecheck.com oppwa.com mecdb.myecheck.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.s3.amazonaws.com 'unsafe-inline'; connect-src 'self' *.nextsphere.com *.authorize.net *.flptitanqa.com mecdb.myecheck.com *.oppwa.com www1.myecheck.com oppwa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.nstitan.com *.s3.us-west-2.amazonaws.com *.s3.amazonaws.com *.s3-us-west-2.amazonaws.com s3-us-west-2.amazonaws.com *.clicktale.net; frame-src 'self' *.youtube.com *.worldpay.com *.nextsphere.com *.vimeo.com *.oppwa.com socialsites.io mecdb.myecheck.com www1.myecheck.com oppwa.com *.nstitan.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com optimize.google.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.optimizely.com https://checkout.stripe.com https://connect.facebook.net https://d.adroll.com/ https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://js.intercomcdn.com https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://platform.twitter.com https://px.ads.linkedin.com/ https://quip-cdn.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://widget.intercom.io https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; report-uri /csp-report 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://capture.condenastdigital.com/csp/conde-nast-traveler 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=49a37195-8046-49df-81da-b36fbc2b458b 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/; font-src 'self' https://fonts.gstatic.com/ https://use.typekit.net/ data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.youtube.com/iframe_api https://s.ytimg.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/ https://embed.videodelivery.net/embed/; media-src 'self' https://videodelivery.net/ blob:; connect-src 'self' https://videodelivery.net/ https://stats.videodelivery.net/ https://sentry.hytale.com/; worker-src 'self' blob:; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; img-src 'self' https://cdn.hytale.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://videodelivery.net/ https://stats.videodelivery.net/ https://i3.ytimg.com/ data:; block-all-mixed-content; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2befe573-84dc-451d-8f7a-b6f05853db65 1 frame-ancestors 'self' https://tracfone.experiencecloud.adobe.com 1 base-uri https://www.mbank.cz; report-uri https://wwwcz.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://www.youtube.com https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://i.ctnsnet.com https://c.imedia.cz https://track.adform.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.cz https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' 'report-sample' data: https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://*.fls.doubleclick.net https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://i.ctnsnet.com https://gcm.ctnsnet.com https://cm.ctnsnet.com https://ipac.ctnsnet.com https://scm.ctnsnet.com https://inl.ctnsnet.com https://cdn.ctnsnet.com https://ib.adnxs.com https://secure.adnxs.com https://bcp.crwdcntrl.net https://c.imedia.cz https://track.adform.net; font-src 'self' 'report-sample' https://www.mbank.cz https://fonts.gstatic.com/; connect-src 'self' 'report-sample' https://www.mbank.cz https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; media-src 'self' 'report-sample' https://www.mbank.cz; object-src 'self' 'report-sample' https://www.mbank.cz https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com https://c.imedia.cz; child-src 'self' 'report-sample' https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; form-action 'self' 'report-sample' https://www.mbank.cz https://form.mbank.cz; frame-ancestors 'self' 'report-sample' https://www.mbank.cz; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2e70e9yced57e.cloudfront.net d2k0escgkdw2ev.cloudfront.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net cdn.ampproject.org bat.bing.com s.yimg.com cdn.taboola.com trc.taboola.com sp.analytics.yahoo.com *.facebook.com connect.facebook.net www.linkedin.com www.reddit.com *.twitter.com static.ads-twitter.com *.linkedin.com *.pinterest.com *.reddit.com www.dianomi.com loadus.exelator.com ct.buyright.com affiliate.icclicktracker.com amplify.outbrain.com track.supersonicads.com ads.trafficjunky.net cdn.ckeditor.com *.wistia.com sentry.io opensharecount.com *.mediaalpha.com smartforms.ekomi.com *.amazonaws.com ; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https:; img-src data: 'self' https:;frame-ancestors 'none'; block-all-mixed-content; report-uri https://www.serienjunkies.de/r/; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=93bf96f8-a9cf-4d2c-a7b4-f5e05490813d 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.m3.com:* *.m3img.com:* *.uliza.jp *.twitter.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.jp *.doubleclick.net b92.yahoo.co.jp ybx.yahoo.co.jp *.twimg.com *.googleapis.com *.facebook.net t.co *.facebook.com *.ads-twitter.com *.fout.jp *.adjust-net.jp *.mcube-stream.com player.vimeo.com s.yimg.jp b97.yahoo.co.jp *.youtube.com *.googletagmanager.com 1 default-src 'none'; img-src 'self' data: https://matomo.localethereum.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.localethereum.com https://onesignal.com; style-src 'self' 'unsafe-inline' https://onesignal.com; object-src 'none'; connect-src 'self' https://api.localethereum.com https://api.localethereumapi.com https://proxy.api.localethereumapi.com https://localethereum-user-blobs.s3.amazonaws.com https://mainnet.infura.io wss://bridge.walletconnect.org https://onesignal.com; font-src 'self' https://fonts.gstatic.com; media-src 'self'; frame-src https://onesignal.com https://widget.portis.io https://x2.fortmatic.com; frame-ancestors https://myethvault.com; manifest-src 'self'; base-uri 'self'; form-action 'self' 1 script-src https: data: 'unsafe-inline' 'unsafe-eval' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de; style-src https: 'unsafe-inline' https://www.tu-dortmund.de https://*.itmc.tu-dortmund.de https://*.relaunch.tu-dortmund.de 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' search.usa.gov www.google-analytics.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' search.usa.gov platform.twitter.com; img-src 'self' www.google-analytics.com data: platform.twitter.com pbs.twimg.com scontent.cdninstagram.com syndication.twitter.com; frame-src 'self' www.youtube.com syndication.twitter.com platform.twitter.com www.dhs.gov; connect-src 'self' www.google-analytics.com; report-uri /report-csp-violation 1 script-src 'nonce-lDNO9RZ2cmFk6suSPm6Njbl9zRc=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample'; object-src 'self' *.content.kidsa-z.com; frame-ancestors 'self' https://*.kidsa-z.com https://*.readinga-z.com https://*.raz-plus.com https://*.raz-kids.com https://*.headsprout.com https://*.sciencea-z.com https://*.writinga-z.com https://*.vocabularya-z.com https://*.readytesta-z.com;base-uri 'none'; report-uri /api/strict-csp-report; 1 frame-ancestors 'self' *.ufc.ge *.adjarabet.com 1 block-all-mixed-content; connect-src 'self' wss://*.amateri.com www.google-analytics.com amateri-video-original.s3.eu-west-1.amazonaws.com sentry.amateri.com; default-src 'self' https://video-cdn.amateri.com; font-src 'self'; frame-src www.google.com promo-bc.com; img-src 'self' *.amateri.com data: www.google-analytics.com stats.g.doubleclick.net chart.googleapis.com; media-src 'self' https://video-cdn.amateri.com blob:; script-src 'unsafe-inline' 'self' www.google-analytics.com www.google.com www.gstatic.com browser.sentry-cdn.com 'nonce-6uorcuP33qL9rLG0mD84Ig==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' *;object-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *; frame-ancestors http://aarth.com http://*.aarth.com http://aarth.net http://*.aarth.net http://iplclub.com http://*.iplclub.com; 1 script-src 'report-sample' 'nonce-8pPVGRdMLf20SQfr8TmxcQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport 1 script-src 'self' 'unsafe-inline' 125.21.185.24 maps.mapmyindia.com *.imd.gov.in *.mapmyindia.com *.googletagmanager.com maps.gstatic.com maps.googleapis.com www.google-analytics.com ajax.googleapis.com *.gov.in *.google.co.in https://apis.google.com ; img-src 'self' maps.gstatic.com *.gov.in maps.mapmyindia.com *.imd.gov.in *.mapmyindia.com maps.googleapis.com 125.21.185.24 14.139.247.11 *.google.co.in https://apis.google.com; frame-src 'self' maps.googleapis.com maps.gstatic.com *.gov.in https://apis.google.com 121.241.116.157 117.247.187.38:8085 city.imd.gov.in 14.139.247.11 125.21.185.24 125.21.185.19 *.google.co.in *.imd.gov.in; 1 child-src 'http://test.datalex.org'; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f7cf8e68-fc64-4b19-b2a3-035381be2bb0 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net a.jimdo.com *.jimstatic.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com s.yimg.jp *.hotjar.com b97.yahoo.co.jp *.bunchbox.co *.tvsquared.com *.doubleclick.net *.outbrain.com *.quantserve.com *.peaksandpies.io pvn.jimdo.com td.jimdo.com 3jveabar50.execute-api.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' jimdo.github.io tagmanager.google.com fonts.googleapis.com webteam.jimstatic.com *.jimstatic.com; font-src 'self' data: jimdo.github.io fonts.gstatic.com *.jimstatic.com; connect-src 'self' *.hotjar.com; img-src 'self' www.facebook.com www.google-analytics.com www.google.com www.google.de ssl.gstatic.com www.gstatic.com *.doubleclick.net *.tvsquared.com t.jimdo-platform.net b97.yahoo.co.jp *.bunchbox.co www.googleadservices.com *.outbrain.com td.jimdo.com *.quantserve.com *.peaksandpies.io data: *.jimstatic.com; frame-src 'self' www.facebook.com staticxx.facebook.com cms.e.jimdo.com dashboard.e.jimdo.com dash.e.jimdo.com register.jimdo.com cms.jimdo.com *.hotjar.com a.jimdo.com *.fls.doubleclick.net td.jimdo.com 1 base-uri https://www.mbank.pl; report-uri https://wwwsk.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://www.youtube.com https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://i.ctnsnet.com https://c.imedia.cz https://track.adform.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.sk https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' 'report-sample' data: https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://*.fls.doubleclick.net https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://i.ctnsnet.com https://gcm.ctnsnet.com https://cm.ctnsnet.com https://ipac.ctnsnet.com https://scm.ctnsnet.com https://inl.ctnsnet.com https://cdn.ctnsnet.com https://ib.adnxs.com https://secure.adnxs.com https://bcp.crwdcntrl.net https://c.imedia.cz https://track.adform.net; font-src 'self' 'report-sample' https://www.mbank.sk https://fonts.gstatic.com/; connect-src 'self' 'report-sample' https://www.mbank.sk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; media-src 'self' 'report-sample' https://www.mbank.sk; object-src 'self' 'report-sample' https://www.mbank.sk https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com https://c.imedia.cz; child-src 'self' 'report-sample' https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; form-action 'self' 'report-sample' https://www.mbank.sk https://form.mbank.sk; frame-ancestors 'self' 'report-sample' https://www.mbank.sk; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.toodledo.com https://*.toodledo.com https://*.cookielaw.org https://*.onetrust.com https://*.stripe.com https://*.filepicker.io http://*.filepicker.io http://*.twitter.com https://*.twitter.com https://apis.google.com https://*.googleapis.com https://maps.gstatic.com http://apis.google.com http://*.googleapis.com http://maps.gstatic.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com http://*.google.com https://*.google.com http://d1h9d4exwfthxc.cloudfront.net https://www.googletagmanager.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net http://connect.facebook.net http://assets.pinterest.com https://*.heapanalytics.com http://*.heapanalytics.com https://cdn.firstpromoter.com https://canny.io https://*.chargebee.com https://*.adroll.com https://www.youtube.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.usemessages.com https://www.gstatic.com; report-uri /ajax/csp_report.php; 1 default-src 'none';base-uri 'none';connect-src 'self' https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect;font-src 'self';img-src 'self' https:;media-src 'self' https://d21v5rjx8s17cr.cloudfront.net/ https://d2gl1b374o3yzk.cloudfront.net/;script-src 'self' https://www.google-analytics.com/analytics.js;style-src 'self'; 1 frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk *.houseofwellness.com.au 1 frame-ancestors 'self' https://sso.kabelmail.de 1 frame-ancestors 'self' *.wildberries.kz 1 frame-ancestors *.toast.com *.dooray.com dooray.com 1 frame-ancestors 'self' http://www.momondo.com.br http://www.mundi.com.br http://www.kayak.com.br http://www.kayak.com https://viajala.com.br https://www.infomoney.com.br https://lp.infomoney.com.br https://blog.maxmilhas.com.br https://pontos-cartao.maxmilhas.com.br 1 frame-ancestors 'self' apps.blms.co.il www.leumitech.com hb2.bankleumi.co.il hb3.bankleumi.co.il trade.bankleumi.co.il mortgage.blms.co.il hb.unionbank.co.il ; 1 frame-ancestors 'self' www.amwaylive.com admin.amwaylive.com www.amwaylive.com 1 frame-ancestors 'self' *.gisher.org https://gisher.news http://kentron.tv 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-2df3a192a73bd9d4a1209e17dad73bbc' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=ff39eb1e-fc5f-44c1-a631-cd53ecdab102&version=sha%3D08d263b5b0c8&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=ff39eb1e-fc5f-44c1-a631-cd53ecdab102&version=sha%3D08d263b5b0c8&report_only=false 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; 1 default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: 1 default-src blob: data: https://*.akamaihd.net https://*.akamaized.net https://*.analytics.edgekey.net https://*.linkpulse.com https://*.scribblelive.com https://*.svt.se https://*.twimg.com https://analytics.codigo.se https://cm.everesttech.net https://dpm.demdex.net https://pp.lp4.io https://sb.scorecardresearch.com https://sentry.io https://svt.d3.sc.omtrdc.net https://svt.demdex.net https://time.akamai.com https://trafficgateway.research-int.se https://translate.google.com https://www.gstatic.com https://www.svtstatic.se https://event-center-fwwc.sports.gracenote.com/ https://svt.html.infostradasports.com https://media-svt.stormgeo.com 'self' 'unsafe-eval' 'unsafe-inline';report-uri https://sentry.app.svt.se/api/2/csp-report/?sentry_key=6b8a1f48bd324aa489a252588099964b 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=be730387-3cae-47aa-93d6-cc7f0479df45 1 default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' d3svog4tlx445w.cloudfront.net *.fullstory.com *.googletagmanager.com *.google.com *.getclicky.com *.getdrip.com *.pingdom.net *.pardot.com *.freshdesk.com *.freshchat.com data:; style-src * 'self' 'unsafe-inline' d34uoa9py2cgca.cloudfront.net d3svog4tlx445w.cloudfront.net unpkg.com d36mpcpuzc4ztk.cloudfront.net; img-src * data: blob:; font-src * data:; connect-src * 'self' *.fullstory.com *.googletagmanager.com *.google.com *.getclicky.com; media-src * *.getdrip.com *.pingdom.net d36mpcpuzc4ztk.cloudfront.net *.freshdesk.com *.freshchat.com; frame-src * ; worker-src * blob: ; child-src * 1 default-src 'self'; style-src 'self' 'unsafe-inline' 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com www.structube.com static.structube.com hello.myfonts.net cdnjs.cloudflare.com cdn.rawgit.com api.getcandid.com maxcdn.bootstrapcdn.com *.listrakbi.com use.typekit.net p.typekit.net gi7a.structube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com www.googletagmanager.com www.googleleadservices.com *.firebaseapp.com googleads.g.doubleclick.net s.ytimg.com www.gstatic.com use.typekit.net www.structube.com static.structube.com cdnjs.cloudflare.com cdn.rawgit.com connect.facebook.net *.cloudfront.net static.hotjar.com script.hotjar.com s.adroll.com d.adroll.com *.trackedlink.net bat.bing.com cdn.jsdelivr.net webinsight.s3.amazonaws.com s.pinimg.com *.zopim.com platform.twitter.com analytics.twitter.com static.ads-twitter.com api.getcandid.com content-getcandid.netdna-ssl.com sp.analytics.yahoo.com s.yimg.com *.stripe.com sc-static.net secure.quantserve.com rules.quantcount.com *.listrakbi.com quantcast.mgr.consensu.org js.gleam.io *.filepicker.io snap.licdn.com *.linkedin.com eulerian.structube.com *.eulerian.net ca.ew3.io gi7a.structube.com *.myregistry.com *.alexametrics.com; font-src 'self' data: 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com use.typekit.net www.structube.com static.structube.com maxcdn.bootstrapcdn.com *.zopim.com fonts.gstatic.com themes.googleusercontent.com gi7a.structube.com; img-src 'self' data: android-webview-video-poster: * 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.online-metrix.net; frame-src 'self' 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com bid.g.doubleclick.net www.googletagmanager.com s.amazon-adsystem.com vars.hotjar.com www.facebook.com connect.facebook.net staticxx.facebook.com api.getcandid.com *.doubleclick.net player.vimeo.com *.stripe.com *.moneris.com *.snapchat.com static.quantcast.mgr.consensu.org gleam.io *.filepicker.io *.myregistry.com bca.ea.eulerian.com h.online-metrix.net; connect-src 'self' 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io performance.typekit.net services.structube.com wss://www.structube.com wss://*.zopim.com wss://*.hotjar.com *.cloudfront.net s.adroll.com api.smartrecruiters.com cdn.contentful.com api.quantcast.mgr.consensu.org *.pinterest.com *.cloudinary.com gi7a.structube.com enews.structube.com; media-src 'self' 'self' *.signifyd.com *.addthis.com *.addthisedge.com *.google.com *.google.ca *.youtube.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.structube.com player.vimeo.com *.vimeocdn.com gcs-vimeo.akamaized.net *.cdninstagram.com; report-uri /csp-violation.php; 1 frame-ancestors *.diffen.com 1 frame-ancestors 'self' https://*.allhomes.com.au 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=69212c3a-982a-44f8-bbf6-341ede33cb3f 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=4d6fcd9f-15a0-44f2-9d51-745a62c13f87 1 default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ostrovok.ru ostrovok.ru *.worldota.net *.zenhotels.com zenhotels.com ads.adfox.ru yastatic.net *.yandex.ru *.adfox.yandex.ru api-cis.exponea.com ps.eyeota.net api.payota.net t.skyscnr.com vc.hotjar.io secde.trivago.com unpkg.com *.smartadserver.com smartadserver.com *.rubiconproject.com rubiconproject.com www.adservice.google.pl www.googletraveladservices.com www.tripadvisor.com cdnjs.cloudflare.com www.kayak.com www.clicktripz.com www.youtube.com s3-eu-west-1.amazonaws.com travel.mediaalpha.com notify.bugsnag.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com *.hotjar.com fonts.gstatic.com *.livetex.ru ostrovokru003.webim.ru tagmanager.google.com www.tamgrt.com cdn.branch.io app.link api.branch.io api2.branch.io www.googleadservices.com www.adservice.google.pl sslwidget.criteo.com static.criteo.net vk.com connect.facebook.net www.facebook.com top-fwz1.mail.ru *.intentmedia.net www.hometogo.com secure.wego.com static.tacdn.com static.clicktripz.com pixel.sojern.com ads.travelaudience.com tms-st.cdn.ngenix.net hit.acstat.com c.riskified.com beacon.riskified.com cdn.siftscience.com d3c3cq33003psk.cloudfront.net www.awin.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru tag.yieldoptimizer.com a.cdn.intentmedia.net *.intentmedia.net st.dynamicyield.com static.dynamicyield.com *.criteo.com a.intentmedia.net *.intentmedia.net px.dynamicyield.com opentag-stats.qubit.com *.g.doubleclick.net 6ytvy2ekla.execute-api.us-east-1.amazonaws.com fonts.googleapis.com maps.googleapis.com www.google.com www.googletagservices.com adservice.google.com www.adservice.google.pl c.triptech.ai s.clickiocdn.com *.googlesyndication.com cdn.ampproject.org clickiocdn.com adservice.google.ru csi.gstatic.com *.braintreegateway.com tag.crsspxl.com aa.agkn.com blip.bizrate.com c1.adform.net ce.lijit.com cm.g.doubleclick.net cms.analytics.yahoo.com d.turn.com dmp.truoptik.com dpm.demdex.net e.dlx.addthis.com ib.adnxs.com idsync.rlcdn.com io.narrative.io match.adsrvr.org partner.mediawallahscript.com pm.w55c.net pxl.connexity.net sync.crwdcntrl.net sync.mathtag.com tags.bluekai.com thrtle.com; frame-src 'self' *.ostrovok.ru yastatic.net *.worldota.net *.zenhotels.com www.youtube.com widgets-2-omni-iframe.livetex.ru tracking.bonusway.com checkout.paypal.com static.criteo.net gum.criteo.com dis.eu.criteo.com www.google.com www.adservice.google.pl *.intentmedia.net a.cdn.intentmedia.net d1jaw4ep1lbbt9.cloudfront.net www.tamgrt.com bid.g.doubleclick.net clickioadvd.com googleads.g.doubleclick.net www.googletagservices.com www.facebook.com web.facebook.com tpc.googlesyndication.com vars.hotjar.com vk.com staticxx.facebook.com tag.crsspxl.com; img-src * data:; report-uri /hc/csp 1 frame-ancestors 'self' step.samba.com 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypalobjects.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://*.cloudflare.com https://*.m1finance.com https://*.doubleclick.net https://cdn.ravenjs.com https://*.googleapis.com https://*.google-analytics.com https://*.zendesk.com https://*.googletagmanager.com https://*.twitter.com https://*.facebook.com https://*.facebook.net https://*.activehosted.com https://*.plaid.com https://*.googleadservices.com https://*.google.com https://*.ads-twitter.com https://conversionfly.com https://load.sumome.com https://sumome-140a.kxcdn.com https://js.center.io https://mbsy.co https://*.google.com https://*.gstatic.com https://www.youtube.com https://s.ytimg.com https://bat.bing.com https://*.quora.com data:; img-src 'self' https://s3.amazonaws.com https://*.m1finance.com https://sumome-140a.kxcdn.com https://*.cloudfront.net https://*.googleusercontent.com https://*.placeholder.com https://*.clearbit.com https://*.facebook.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://conversionfly.com https://t.co https://bat.bing.com https://*.quora.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.braintreegateway.com https://*.cloudflare.com https://sumome-140a.kxcdn.com https://*.bootstrapcdn.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; font-src 'self' https://*.bootstrapcdn.com https://themes.googleusercontent.com https://fonts.gstatic.com data:; frame-src 'self' https://*.paypal.com https://*.braintreegateway.com https://*.google.com https://*.doubleclick.net https://*.facebook.com https://*.zendesk.com https://*.youtube.com https://*.youtube-nocookie.com https://*.plaid.com https://*.googletagmanager.com https://*.m1finance.com/; object-src 'self' https://*.m1finance.com; connect-src 'self' https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://*.cloudflare.com https://*.salesforce.com https://sentry.io https://api.center.io https://*.m1finance.com https://*.zendesk.com https://sumome.com https://*.quora.com https://*.plaid.com; 1 frame-ancestors 'self' search.edweek.org blogs.edweek.org webadmin.edweek.org edweek.org www.edweek.org edweekevents.org app.optimizely.com www.optimizelyedit.com www.clearslide.com; 1 frame-ancestors 'self' https://my.kinsta.com https://mydev.kinsta.com 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=6a165459-1a67-4536-9c55-a1126406edbf 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.sams.com.mx https://*.ampproject.org https://*.googlesyndication.com https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://optimize.google.com https://*.google.co.mx https://*.google.co.in https://*.gstatic.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googletagservices.com https://*.googleadservices.com https://*.adform.net https://*.evergage.com https://*.contentsquare.net https://*.veinteractive.com https://*.pages05.net https://*.bing.com https://*.azureedge.net https://*.bazaarvoice.com https://log.pinterest.com https://*.twitter.com https://*.pinterest.com https://*.criteo.com https://*.criteo.net https://*.facebook.net https://www.youtube.com https://*.ibmmarketingcloud.com https://contentsquare.com https://kenshoo.com/ https://rakutenlinkshare.com https://openpay.s3.amazonaws.com https://*.accpg.accertify.net https://ci-mpsnare.iovation.com https://*.2mdn.net https://*.atdmt.com https://*.ytimg.com mediastream: blob:; connect-src 'self' *; object-src 'self' https://*.sams.com.mx blob:; base-uri 'self' https://*.google.com; report-uri https://csp.walmart.com/c/r/samsmx 1 block-all-mixed-content; upgrade-insecure-requests; base-uri 'self' *.dynamicyield.com *.dynamicyield.eu; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.braintree-api.com *.braintreegateway.com *.brightcove.com *.commander1.com *.commandersact.com *.cube-net.pub *.custhelp.com *.decathlon.com *.decathlon.es *.decathlon.net *.doubleclick.net *.dynamicyield.com *.dynamicyield.eu *.fitanalytics.com *.iadvize.com *.mopinion.com *.mydecathlon.com *.paypal.com *.s3.eu-west-1.amazonaws.com *.tagcommander.com *.tiendeo.com/ *.woosmap.com *.y-track.com *.youtube.com abtastylab.com adserving.ancoraplatform.com api.oney.io app.beampulse.com blob: bp-1c51.kxcdn.com browser-update.org bs.serving-sys.com cdnjs.cloudflare.com code.jquery.com/ui/1.12.1/jquery-ui.js code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css comunidad.decathlon.es connect.facebook.net contents.mediadecathlon.com ct.pinterest.com data: decathlon-prod.pertimm.net decathlon-v2-preprod.pertimm.net decathlon-v2-prod.pertimm.net dis.eu.criteo.com fonts.googleapis.com fonts.gstatic.com google-maps-utility-library-v3.googlecode.com gum.criteo.com https://ssl.google-analytics.com ib.adnxs.com keepyeyes.cube-net.org localhost maps.google.com maps.googleapis.com maps.gstatic.com maxcdn.bootstrapcdn.com oney-staging.azure-api.net operacionesdecathlon.es players.brightcove.net pre-comunidad.decathlon.es preprod-keepyeyes.cube-net.org pro-decathloneventostienda.s3.amazonaws.com recommendation-js.woosmap.com s.pinimg.com s.ytimg.com s3.eu-west-1.amazonaws.com secure-ds.serving-sys.com secure.adnxs.com sslwidget.criteo.com static-cdn.mydecathlon.com static.criteo.net staticxx.faceboook.com vjs.zencdn.net ws: wss://*.iadvize.com www.decathlon.fr www.facebook.com www.google-analytics.com www.google.com www.google.es www.google.fr www.googleadservices.com www.googletagmanager.com www.gstatic.com; font-src 'self' *.brightcove.com *.decathlon.es *.dynamicyield.com *.dynamicyield.eu *.iadvize.com blob: cdnjs.cloudflare.com customizations.fitanalytics.com data: fonts.gstatic.com keepyeyes.cube-net.org localhost maxcdn.bootstrapcdn.com players.brightcove.net preprod-keepyeyes.cube-net.org static-cdn.mydecathlon.com vjs.zencdn.net; media-src 'self' *.brightcove.com blob: brightcove.hs.llnwd.net players.brightcove.net; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob:; 1 frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com www.learnreligions.com *.qa.aws.learnreligions.com atlas.learnreligions.com atlas.local.learnreligions.com 1 default-src https: data: 'self' https://*.adriver.ru https://*.kontur.ru https://kontur.ru https://dl.metabar.ru https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://ssl.google-analytics.com/ https://*.yandex.ru https://yastatic.net https://*.yandex.ua ya.ru https://counter.yadro.ru https://top-fwz1.mail.ru https://*.facebook.com https://*.twitter.com https://*.vk.com https://vk.com https://*.facebook.net https://*.ok.ru https://*.doubleclick.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.buhonline.ru/private/csp-report 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=29d2dcf3-8155-4dea-a4bd-8bc8a50b251c 1 default-src 'unsafe-inline' 'unsafe-eval' blob: ws: wss: data: *.chloe.com *.chloe.cn *.boltdns.net *.yoox.biz *.tagcommander.com players.brightcove.net *.brightcove.com secure.gravatar.com seal.geotrust.com sealserver.trustwave.com code.jquery.com d3h2bjlx1klawa.cloudfront.net *.fls.doubleclick.net *.g.doubleclick.net *.akamaihd.net *.crazyegg.com s.pinimg.com platform.twitter.com *.optimizely.com *.log.optimizely.com *.s3.amazonaws.com s3.amazonaws.com s3-eu-west-1.amazonaws.com secure.social.yoox.it scontent.cdninstagram.com www.facebook.com connect.facebook.net *.akstat.io *.hotjar.com cdnjs.cloudflare.com *.applemusic.com widgets.itunes.apple.com open.spotify.com *.typekit.net opengraphprotocol.org ogp.me vjs.zencdn.net engage.commander1.com *.pinterest.com *.online-metrix.net *.d.aa.online-metrix.net googleadservices.com *.googleadservices.com *.googletagmanager.com tracker.marinsm.com bs.serving-sys.com s.yimg.jp *.salecycle.com:* static.ads-twitter.com player.freecaster.com fcst.tv freecaster.com freecaster.net freecaster.tv youbora.com youboranqs01.com nice264.com jwpcd.com jwpltx.com jwpsrv.com *.googleapis.com *.gstatic.com *.google.com *.google.it *.google-analytics.com *.api.baidu.com *.baidu.com *.jsdelivr.net *.usehero.com chunder.gll.twilio.com matrix.twilio.com matrix.twilio.com px.ads.linkedin.com snap.licdn.com *.boltdns.net www.linkedin.com *.layer.com *.go-mpulse.net *.hotjar.io; frame-ancestors *.chloe.com *.chloe.cn *.boltdns.net; report-uri https://c2rg5eauc1.execute-api.eu-west-1.amazonaws.com/prod/cspreport; base-uri 'self' 1 frame-ancestors 'self' http://*.waldenfacts.com http://waldenfacts.com http://laureate.postclickmarketing.com 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.booking.com *.rentalcars.com *.hotjar.com *.google.com *.youtube.com *.criteo.com *.facebook.com *.facebook.net *.doubleclick.net *.safetypay.com *.e-tsw.com *.cartrawler.com platform-api.sharethis.com cdn.apixu.com *.intentmedia.net *.sandbox.paypal.com *.paypal.com *.cdn.viajala.com *.playbuzz.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.google-analytics.com *.googleapis.com *.fusion.com *.google.com *.google.se *.google.com.mx *.vivaaerobus.com *.facebook.com *.cloudflare.com *.ckeditor.com *.doubleclick.net *.placeholder.com *.googletraveladservices.com *.kayak.com *.criteo.com *.criteo.net *.yldr.io *.cartrawler.com services.paynet.com.mx api.openpay.mx ota-cars.imgix.net *.bing.com platform-api.sharethis.com cdn.apixu.com ts.tradetracker.net ad.soicos.com *.intentmedia.net data: *.cdn-net.com *.paypalobjects.com *.paypal.com *.cdn.viajala.com *.viajala.com viajala.com *.playbuzz.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.fusion.com *.google.com *.google.com.mx maxcdn.bootstrapcdn.com *.vivaaerobus.com *.cloudflare.com *.hotjar.com *.googleapis.com *.ckeditor.com *.cartrawler.com platform-api.sharethis.com cdn.apixu.com *.paypal.com *.playbuzz.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.googletagservices.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com *.google.com cdn.jsdelivr.net *.fusion.com *.google-analytics.com *.google.se *.googletagmanager.com *.g.doubleclick.net *.facebook.net *.hotjar.com *.googleadservices.com *.ckeditor.com *.cloudfront.net *.boxever.com *.cdn.intentmedia.net *.google-analytics.com *.yldr.io *.gstatic.com *.criteo.com *.criteo.net a.intentmedia.net *.google.com.mx *.cartrawler.com bat.bing.com platform-api.sharethis.com cdn.apixu.com tm.tradetracker.net *.intentmedia.net *.viajamas.com 201.131.2.241 *.tradetracker.net *.crazyegg.com *.skyscanner.net *.cdn-net.com *.paypal.com *.paypalobjects.com *.cdn.viajala.com *.viajala.com *.bidflyer.com cdn.kueskipay.io/v1/checkout.js *.playbuzz.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.booking.com *.rentalcars.com *.hotjar.com *.google.com *.youtube.com *.criteo.com *.facebook.com *.facebook.net *.doubleclick.net *.safetypay.com *.e-tsw.com *.cartrawler.com platform-api.sharethis.com cdn.apixu.com *.intentmedia.net *.cdn-net.com *.sandbox.paypal.com *.paypal.com us.creativecdn.com *.playbuzz.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.bootstrapcdn.com *.gstatic.com *.cartrawler.com *.playbuzz.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com wss://*.bidflyer.com *.fusion.com *.facebook.com *.google-analytics.com *.viajamas.com *.intentmedia.net *.skyscanner.net *.cdn-net.com *.paypal.com *.bidflyer.com 3kxrt0l29e.execute-api.us-east-1.amazonaws.com vmvpz7tc32.execute-api.us-east-1.amazonaws.com enc1wnyb87.execute-api.us-east-1.amazonaws.com 6ytvy2ekla.execute-api.us-east-1.amazonaws.com api.kueskipay.io/v1/validate-keys api.kueskipay.com/v1/validate-keys api.kueskipay.io/v1/payments api.kueskipay.com/v1/payments *.playbuzz.com; form-action 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.vivaaerobus.com data: *.cdn-net.com *.bidflyer.com *.vivaaerobus.com *.facebook.net *.facebook.com *.e-tsw.com *.cdn-net.com *.playbuzz.com; 1 media-src *; img-src 'self' data: blob: filesystem: https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com *.amazonaws.com *.google.com http://ps.w.org http://i0.wp.com http://i1.wp.com *.gravatar.com *.googleapis.com *.gstatic.com http://www.google-analytics.com *.twitter.com *.twimg.com https://dly4mho8u118u.cloudfront.net https://stats.g.doubleclick.net https://v2.zopim.com https://dashboard.zopim.com https://imp2.ads.linkedin.com *.google.fr http://ck-wwwcorp.s3.amazonaws.com http://dly4mho8u118u.cloudfront.net https://learningwire.crossknowledge.com https://ssl.google-analytics.com https://bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crossknowledge.com *.gstatic.com https://use.fontawesome.com *.fontawesome.com http://s7.addthis.com *.google.com *.google.fr *.googleapis.com www.google-analytics.com *.twitter.com https://cdn.syndication.twimg.com https://code.jquery.com http://maps.google.com https://maps.googleapis.com http://maps.googleapis.com https://static.hotjar.com https://app-lon02.marketo.com https://static.ads-twitter.com https://connect.facebook.net https://munchkin.marketo.net https://www.googleadservices.com https://snap.licdn.com https://v2.zopim.com https://cdn.jsdelivr.net https://www.geoplugin.net https://js-agent.newrelic.com https://script.hotjar.com https://googleads.g.doubleclick.net https://dc.ads.linkedin.com https://px.ads.linkedin.com https://bam.nr-data.net https://www.bizographics.com https://eu-west-1.dc.ads.linkedin.com https://secure.adnxs.com https://insights.hotjar.com *.marketo.com http://d3d8qnlcu0b7xk.cloudfront.net https://d3d8qnlcu0b7xk.cloudfront.net http://static.ads-twitter.com http://munchkin.marketo.net https://www.googletagmanager.com https://ssl.google-analytics.com https://cdn.polyfill.io https://dashboard.zopim.com https://djtflbt20bdde.cloudfront.net https://mastertag.effiliation.com https://track.effiliation.com https://www.linkedin.com https://bat.bing.com https://fb99820f32444afca60ce4a9dcf7267a.js.ubembed.com https://assets.ubembed.com; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.google.com *.jsdelivr.net https://app-lon02.marketo.com http://app-lon02.marketo.com; 1 default-src 'self' https: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'; 1 frame-ancestors 'self' https://*.adultdvdtalk.com 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=739ea696-38f6-40af-a75d-0ae3cc3fcff2 1 frame-ancestors 'self' crmchina.microsoftstore.com.cn mapi.alipay.com www.microsoft.com account.microsoft.com support.microsoft.com vortex.data.microsoft.com products.office.com 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src data: https: 'unsafe-inline' 'unsafe-eval' http://tableau-internal 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=c4a77d97-ff08-4d44-8b35-cc69b16fd09b 1 default-src 'self' https://www.youtube.com https://analytics.gpo.gov https://*.addthis.com https://*.addthisedge.com https://maxcdn.bootstrapcdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.addthis.com https://*.addthisedge.com http://*.addthis.com http://*.addthisedge.com http://*.addthis.com https://maxcdn.bootstrapcdn.com https://*.addthis.com; object-src 'unsafe-inline' 'self' https://www.youtube.com; style-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'unsafe-inline' 'self' http://insideanalytics.gpo.gov https://maxcdn.bootstrapcdn.com https://analytics.gpo.gov data:; font-src 'unsafe-inline' 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self'; frame-src 'self' https://www.youtube.com https://maxcdn.bootstrapcdn.com https://*.addthis.com http://*.addthis.com; 1 base-uri 'self';connect-src 'self' www.google-analytics.com *.abtasty.com *.mapbox.com *.mixpanel.com *.segment.io;default-src 'self';form-action *;img-src 'self' data: *.abtasty.com *.cloudinary.com *.blob.core.windows.net *.amazonaws.com *.tagcommander.com *.commander1.com *.g.doubleclick.net *.google-analytics.com *.google.com *.google.fr *.d-bi.fr *.criteo.com *.facebook.fr *.facebook.com *.twimg.com *.twitter.com *.atdmt.com heapanalytics.com;media-src 'self' *.cloudinary.com;object-src 'none';script-src 'self' 'unsafe-eval' 'strict-dynamic' *.abtasty.com *.google-analytics.com *.tagcommander.com *.criteo.net *.criteo.com *.d-bi.fr *.facebook.net *.youtube.com *.ytimg.com *.smartrecruiters.com *.twitter.com *.twimg.com *.googletagmanager.com 'nonce-9k4BryNlNOs0mQ13FU5v7kxxPwggQK8G';style-src 'self' 'unsafe-inline' *.abtasty.com *.googleapis.com *.twitter.com;font-src 'self' *.gstatic.com data: *.abtasty.com;frame-src 'self' *.abtasty.com *.netatmo.com *.facebook.com *.awltovhc.com *.youtube.com *.twitter.com 1 default-src 'self' *.google.com *.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com:* *.google-analytics.com:* *.googlesyndication.com:* *.youtube.com:* *.ytimg.com:* about; style-src 'self' data: 'unsafe-inline' *; worker-src * blob: 1 default-src 'self' https://*.copaair.com http://*.copaair.com https://*.copa.com http://*.copa.com https://*.sam4m.com/ http://*.adnxs.com http://*.bing.com http://*.copa.com http://*.copaair.com http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.fltmaps.com http://*.frequentflyer.aero http://*.google-analytics.co http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.havasdigitalcolombia.com http://*.innosked.com http://*.intelliresponse.com http://*.msn.com http://*.qualtrics.com http://*.trackedlink.net http://*.w55c.net http://*.youtube.com http://ads.dtravelconnection.com http://miparaisoatlantis.com http://panamaesposible.com https://*.copa.com https://*.copaair.com https://*.facebook.com https://*.flightcontrol.io https://*.flightview.com https://*.fltmaps.com https://*.frequentflyer.aero https://*.google.com https://www.google.com.co https://www.google.com.pa https://*.google.sk https://*.googleapis.com https://*.gstatic.com https://*.havasdigitalcolombia.com https://*.innosked.com https://*.intelliresponse.com https://*.mcafeesecure.com https://*.nbxapps.com https://*.sojern.com https://*.twitter.com https://*.w55c.net https://*.websecurity.norton.com https://*.youtube.com https://acuityplatform.com https://beacon.walmart.com https://pr-bh.ybp.yahoo.com https://r1.dotmailer-surveys.com https://static.ads-twitter.com https://t.co https://t.wayfair.com https://*.airtrfx.com http://*.airtrfx.com https://*.hotjar.com https://*.securitytrfx.com http://*.securitytrfx.com https://*.addthis.com https://*.addthisedge.com https://kirnhn54sa.execute-api.us-east-1.amazonaws.com https://*.yimg.com https://*.analytics.yahoo.com https://*.trackedweb.net https://*.groovinads.com https://*.beatdevelop.co https://*.sam4m.co https://*.a3cloud.net https://trackedweb.net https://gwmtracking.com https://kontentroom.com 'unsafe-inline' 'unsafe-eval' data: blob: 1 script-src 'self' https://www.homebank.kz https://homebank.kz https://cdn.homebank.kz *.zopim.com https://static.zdassets.com *.homebank.kz *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.googletagmanager.com api-maps.yandex.ru *.yandex.net 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src http: https: data:; 1 frame-ancestors 'self' http://allmed.mdlink.org https://allmed.mdlink.org http://allmedx.com https://allmedx.com https://demo.allmedx.com https://dev.allmedx.com; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=cc3e3a75-f9b5-4661-86b5-f81fe74200ff 1 default-src 'self' https://docs.google.com *.googleapis.com https://music.yandex.ru *.googletagmanager.com *.googlesyndication.com *.calameo.com *.facebook.com *.vk.com vk.com https://apis.google.com *.google.com *.google.ru *.google.com.ua *.twitter.com *.youtube.com http://*.youtube.com *.ok.ru ok.ru https://www.youtube.com *.odnoklassniki.ru *.yandex.ru https://accounts.google.com https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com *.getloupe.com *.padlet.com *.twitter.com schoodle.ru https://prezi.com http://vedomosti.media.eagleplatform.com https://learningapps.org https://*.revolvermaps.com https://player.vgtrk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net *.gstatic.com *.google.com *.google.ru https://docs.google.com https://apis.google.com ajax.googleapis.com mc.yandex.ru an.yandex.ru *.yandex.ua *.yandex.ru vk.com *.twitter.com connect.facebook.net graph.facebook.com connect.mail.ru counter.rambler.ru www.googletagservices.com www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com *.odnoklassniki.ru *.ok.ru counter.rambler.ru https://www.googleapis.com relap.io schoodle.ru https://*.revolvermaps.com; object-src *; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com relap.io *.twitter.com *.bootstrapcdn.com ton.twimg.com cdn.jsdelivr.net uroki-maya.online; img-src * 'self' data: https:; media-src 'self'; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' mc.yandex.ru www.google-analytics.com www.googleapis.com; 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://tags.tiqcdn.com https://cdn.optimizely.com https://cdn3.optimizely.com https://flex.cybersource.com https://cbi.boldchat.com https://marketing.logmeininc.com https://*.online-metrix.net https://s3.amazonaws.com https://cl.qualaroo.com https://www.google-analytics.com https://www.googletagmanager.com https://vmss.boldchat.com https://s.yimg.com https://munchkin.marketo.net https://vmss.boldchat.com https://vms.boldchat.com https://vmp.boldchat.com https://api.demandbase.com https://sp.analytics.yahoo.com https://livechat.boldchat.com https://secure.leadforensics.com https://ad.doubleclick.net https://snap.licdn.com https://ci.boldchat.com https://px.ads.linkedin.com https://www.linkedin.com https://bat.bing.com https://app-sj04.marketo.com https://cdnssl.clicktale.net https://www.googleadservices.com blob: https://googleads.g.doubleclick.net https://scripts.demandbase.com https://a.quora.com https://ct.capterra.com https://connect.facebook.net; img-src 'self' https://assets.cdngetgo.com https://privacy-policy.truste.com https://h.online-metrix.net https://lmi.sc.omtrdc.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.online-metrix.net https://cm.everesttech.net https://dpm.demdex.net https://images.boldchat.com https://livechat.boldchat.com https://www.googletagmanager.com https://lmistatic.blob.core.windows.net https://bat.bing.com https://ci.boldchat.com https://vmp.boldchat.com https://googleads4.g.doubleclick.net https://googleads.g.doubleclick.net https://citrixsaas.d1.sc.omtrdc.net https://ssl.google-analytics.com https://match.prod.bidr.io https://id.rlcdn.com https://insight.adsrvr.org https://ad.doubleclick.net https://porsche.adagility.com https://www.google.com https://adservice.google.com https://q.quora.com; connect-src 'self' https://ggc-gateway-prod.servers.getgo.com https://logx.optimizely.com https://677-xnu-203.mktoresp.com https://dpm.demdex.net https://vms.boldchat.com https://lmi.sc.omtrdc.net https://iam.servers.getgo.com https://www.google-analytics.com https://ing-district.clicktale.net https://api.company-target.com https://h.online-metrix.net https://rum.optimizely.com; style-src 'self' 'unsafe-inline' https://app-sj04.marketo.com https://fonts.googleapis.com; frame-src 'self' https://a72135589.cdn.optimizely.com https://flex.cybersource.com https://dntcl.qualaroo.com https://5285806.fls.doubleclick.net https://h.online-metrix.net https://lmi.demdex.net https://www.youtube.com https://livechat.boldchat.com https://9252042.fls.doubleclick.net https://secureacceptance.cybersource.com https://8209721.fls.doubleclick.net https://app-sj04.marketo.com https://lb0-ggc-gateway-prod-us-east-1.servers.getgo.com https://*.fls.doubleclick.net https://support.logmeininc.com https://bid.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com; object-src 'none'; 1 default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.iliad.it osm.proxad.net *.googleapis.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com connect.facebook.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net www.google.com www.google.fr 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=8b191ef8-4de2-462a-b9a8-8d119a0c0fde 1 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercom.io https://app.brand24.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://mc.yandex.ru https://sumo.com https://clients6.google.com https://app.userengage.com wss://app.userengage.com http://cdn.heapanalytics.com http://heapanalytics.com https://cdn.heapanalytics.com https://heapanalytics.com https://proxy.synerise.com https://tck.synerise.com wss://messenger.synerise.com 1 frame-ancestors 'self' porkbun.weeblycloud.com; default-src 'none'; object-src 'self'; media-src 'self' beacon-v2.helpscout.net; frame-src www.facebook.com hooks.stripe.com stripe.com www.youtube.com bid.g.doubleclick.net 'self' www.google.com www.googletagmanager.com *.fls.doubleclick.net js.stripe.com nonce-d3ca906d260487cd4d3a4dce9b716988806156f4; script-src data: 'self' 'unsafe-eval' tpc.googlesyndication.com beacon-v2.helpscout.net translate.google.com translate.googleapis.com www.gstatic.com js.stripe.com use.fontawesome.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net www.google.com js.stripe.com 'unsafe-inline'; connect-src 'self' nonce-d3ca906d260487cd4d3a4dce9b716988806156f4 wss://ws-helpscout.pusher.com core33-helpscout.pusher.com sentry.io sockjs-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net chatapi.helpscout.net translate.googleapis.com translate.google.com stats.g.doubleclick.net www.google-analytics.com; img-src 'self' data: porkbun.com q.quora.com d33v4339jhl8k0.cloudfront.net porkbunblog.files.wordpress.com www.googletagmanager.com www.gstatic.com translate.google.com translate.googleapis.com shareasale.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net www.google-analytics.com www.facebook.com q.stripe.com nonce-d3ca906d260487cd4d3a4dce9b716988806156f4; style-src 'self' translate.googleapis.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com nonce-d3ca906d260487cd4d3a4dce9b716988806156f4; 1 frame-ancestors 'self' http://stfrontdeskstg.smartone.com http://stfrontdesk.smartone.com http://smartone-pro.redso.com.hk https://smartone-pro.redso.com.hk 1 default-src 'self'; img-src 'self' data: apccdn.apsis1.com tpgpost.d3.sc.omtrdc.net api.innomdc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' apccdn.apsis1.com d3u9kj2t4eazrw.cloudfront.net s3-eu-west-1.amazonaws.com s3.amazonaws.com api.innomdc.com w.usabilla.com; style-src 'self' 'unsafe-inline' apccdn.apsis1.com; font-src 'self'; connect-src 'self'; frame-src 'self' apccdn.apsis1.com; 1 default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.tt.omtrdc.net *.vjs.zencdn.net *.adobedtm.com *.googleapis.com *.gstatic.com *.cloudfront.net mercyhealth.sc.omtrdc.net st1.dialogtech.com *.dialogtech.com *.demdex.net cm.everesttech.net *.mymercy.net *.mercy.net dev.day.com ixbapi.healthwise.net *.docscores.com *.google-analytics.com *.youtube.com *.zencdn.net *.selfcare.info *.ytimg.com *.boltdns.net *.alexametrics.com *.brightcove.com *.brightcove.net bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com *.2o7.net *.omtrdc.net stats.g.doubleclick.net *.googletagmanager.com *.yextpages.net *.yext-static.com *.yext-pixel.com *.flickr.com *.googleadservices.com googleads.g.doubleclick.net *.google.com 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.ytimg.com *.facebook.com *.healthwise.net *.humanavitality.com *.go365.com *.requirejs.org *.cdc.gov *.outbrain.com *.eloqua.com *.4see.mobi *.foreseeresults.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com humananews.com *.humananews.com *.en25.com *.msecnd.net *.visualstudio.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.googletagmanager.com data:; object-src 'none'; 1 frame-ancestors http://*.house.gov https://*.house.gov http://*.senate.gov https://*.senate.gov http://*.loc.gov https://*.loc.gov 1 default-src 'none'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'nonce-5b3acebfa9944f52a5e553d22ca9167c'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com localhost; frame-ancestors 'none'; 1 default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 1 frame-ancestors 'self' *.freenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 1 frame-ancestors 'self' https://*.pottermore.com 1 default-src 'self' https://*.rhrz.uni-bonn.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rhrz.uni-bonn.de https://www.youtube.com https://s.ytimg.com https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://maps.google.com https://maps.googleapis.com https://apis.google.com https://ajax.googleapis.com https://matomo-test.hrz.uni-bonn.de; img-src 'self' data: https://*.rhrz.uni-bonn.de https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://i.ytimg.com https://maps.gstatic.com https://maps.google.com https://www.uni-bonn.de https://*.googleapis.com https://*.uni-bonn.de; style-src 'self' 'unsafe-inline' https://msa-extern.uni-bonn.de https://msa-intern.uni-bonn.de https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' https://*.uni-bonn.de:* https://www.youtube.com https://www.youtube-nocookie.com https://content.googleapis.com mailto://*; frame-ancestors 'self' https://*.uni-bonn.de; connect-src 'self' https://shortener.rhrz.uni-bonn.de https://apis.google.com; 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.parsons.com *.twitter.com *.twimg.com *.amazonaws.com *.typekit.net *.google-analytics.com *.webtrendslive.com *.googleapis.com *.google.com *.gstatic.com *.cloudfront.net; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=3b534733-683c-4794-845e-9a771ee8add9 1 default-src https: 'unsafe-eval' 'unsafe-inline';img-src data: https:;font-src data: https: 1 script-src 'nonce-bkuC3QpK68VaxL5c' 'self' https://cache.vtrcdn.com/ *.gstatic.com *.nr-data.net *.newrelic.com *.youtube.com *.ytimg.com *.googleapis.com *.hotjar.com *.tamgrt.com *.facebook.net s.yimg.com js-agent.newrelic.com *.cdn-net.com *.ict.infinity-tracking.net; frame-src 'self' https://cache.vtrcdn.com/ https://www.tamgrt.com/ https://pay.google.com/ https://*.facebook.com *.youtube.com *.cdn-net.com *.viatorinc.com *.vtrcdn.com *.hotjar.com *.tripadvisor.at *.tripadvisor.be *.tripadvisor.ca *.tripadvisor.ch *.tripadvisor.cl *.tripadvisor.cn *.tripadvisor.co *.tripadvisor.co.uk *.tripadvisor.co.nz *.tripadvisor.co.za *.tripadvisor.com *.tripadvisor.com.ar *.tripadvisor.com.au *.tripadvisor.com.br *.tripadvisor.com.hk *.tripadvisor.com.mx *.tripadvisor.com.my *.tripadvisor.com.pe *.tripadvisor.com.ph *.tripadvisor.com.sg *.tripadvisor.com.tw *.tripadvisor.com.ve *.tripadvisor.de *.tripadvisor.dk *.tripadvisor.es *.tripadvisor.fr *.tripadvisor.ie *.tripadvisor.in *.tripadvisor.it *.tripadvisor.jp *.tripadvisor.nl *.tripadvisor.pt *.tripadvisor.se *.paypal.com *.tapayments.com https://siteintercept.qualtrics.com https://tripadvisor.co1.qualtrics.com/; connect-src 'self' https://cache.vtrcdn.com/ *.facebook.com *.hotjar.com wss://*.hotjar.com/api/v1/client/ws https://graylog.hotjar.com:12443/gelf *.paypal.com *.braintreegateway.com *.braintree-api.com bam.nr-data.net *.authoritycrm.com https://siteintercept.qualtrics.com https://ict.infinity-tracking.net/track https://ict.infinity-tracking.net/allocate https://sentry.io https://ipa.elev.io https://cdn.elev.io https://events.elev.io; object-src 'self' https://cache.vtrcdn.com/; style-src 'self' 'unsafe-inline' https://cache.vtrcdn.com/ *.google.com *.googleapis.com *.hotjar.com; default-src 'self'; media-src 'self' https://cache.vtrcdn.com/; report-uri /orion/csp/report; font-src 'self' https://cache.vtrcdn.com/ data:; form-action 'self' https://*.facebook.com https://accounts.google.com/* https://staging.cdn-net.com https://www.cdn-net.com https://*.paypal.com https://www.tamgrt.com/RT; img-src 'self' https://cache.vtrcdn.com/ https://cache-graphicslib.viator.com/graphicslib/ https://media.tacdn.com/media/ data: *.gstatic.com *.viator.com *.facebook.com *.zanox.com https://*.paypal.com *.zenaps.com *.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; child-src 'self' https://cache.vtrcdn.com/ 1 default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' spellcheck.boe.es svc.webspellchecker.net www.google-analytics.com ajax.googleapis.com ; connect-src 'self' spellcheck.boe.es ; img-src 'self' spellcheck.boe.es data: www.google-analytics.com ajax.googleapis.com chart.apis.google.com servicios.mpr.es ; style-src 'unsafe-inline' 'self' *.boe.es fonts.googleapis.com ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; child-src 'self' spellcheck.boe.es www.youtube.com afirma: ; object-src 'self' ; media-src 'self' 1 style-src points.com 'self'; default-src 'self' points.com static.smartrecruiters.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net wallet.points.com www.points.com fonts.gstatic.com; font-src 'self' data points.com fonts.gstatic.com https://points.com; frame-ancestors 'self' points.com https://www.points.com; img-src 'self' points.com stats.g.doubleclick.net wallet.points.com www.google-analytics.com www.googletagmanager.com www.points.com www.gstatic.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; script-src-elem 'self' 'unsafe-inline' points.com static.smartrecruiters.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com; script-src points.com static.smartrecruiters.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'self'; style-src-elem 'self' points.com; child-src www.googletagmanager.com; 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d3538592-bd5e-41cc-9b8b-cbb425ac1ceb 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=caf4df14-0740-4bfa-88f8-4da688712cca 1 default-src 'self' *.everesttech.net *.hotjar.com; style-src 'self' 'unsafe-inline' *.everesttech.net *.hotjar.com; frame-src 'self' *.everesttech.net *.hotjar.com assets.adobedtm.com fast.originenergyservices.demdex.net https://authorize.omniture.com originenergyservices.demdex.net servedby.flashtalking.com sitecatalyst.omniture.com; img-src 'self' *.everesttech.net *.hotjar.com *.monsido.com data: originenergyservices.tt.omtrdc.net https://dpm.demdex.net https://res.cloudinary.com/originenergy/ https://ssl.google-analytics.com https://www.facebook.com origin.sc.omtrdc.net www.google-analytics.com; connect-src *.everesttech.net *.hotjar.com *.hotjar.io *.origindigital-dac.com.au *.origindigital-pac.com.au dpm.demdex.net https://bam.nr-data.net origin.sc.omtrdc.net originenergyservices.tt.omtrdc.net *.originenergy.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.everesttech.net *.hotjar.com assets.adobedtm.com doubleclick.net googleadservices.com https://assets-digital.origindigital-dac.com.au/ https://assets-digital.origindigital-pac.com.au/ https://bam.nr-data.net https://connect.facebook.net https://js-agent.newrelic.com https://ssl.google-analytics.com https://www.everestjs.net https://www.evertesttech.net https://www.facebook.com https://www.googletagmanager.com https://www.realestate.com.au origin.sc.omtrdc.net *.demdex.net servedby.flashtalking.com www.google-analytics.com *.monsido.com *.originenergy.com.au; 1 default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.omtrdc.net *.adobedtm.com *.epoq.de *.worldshop.eu *.miles-and-more.com *.milesandmore.com *.lufthansa.com *.points.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.googleapis.com *.swiss-shop.com *.mamtools.com *.demdex.net data:; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval';worker-src blob: https://*.ampproject.org/* 1 frame-src data: 'self'; 1 default-src 'self' https://www.s1gateway.com https://my.matterport.com/ https://landing.claro.com.ar https://cdnqa.s1gateway.com/ https://claroarg.s1gateway.com https://chat.claroarg.s1gateway.com http://www.googletagmanager.com http://agentcore.s3.amazonaws.com http://agentbot.s3.amazonaws.com https://www.ssbue-nwc.com/ http://www.ssbue-nwc.com/ http://pagead2.googlesyndication.com http://d2fl436cxqx5bs.cloudfront.net http://prod-agentim.agentbot.net http://cdn.agentbot.net http://*.inbenta.com http://*.sohosq-nwc.com.ar http://ad.doubleclick.net http://red.natura.cl http://adserve.atedra.com http://*.hotjar.com http://*.google.com http://ajax.aspnetcdn.com http://adapter.aivo.co http://*.gstatic.com http://*.googleapis.com http://*.clarovideo.net http://*.claromusica.com http://*.facebook.com http://*.facebook.net http://www.claromusica.com http://*.googleadservices.com http://claroarg.s1gateway.com http://corp.maplink.com.br http://*.doubleclick.net http://claro-ar.agentbot.net http://tienda.claro.com.ar http://cdn.jsdelivr.net http://apibot.agentbot.net http://apibot2.agentbot.net http://*.google.com http://s.ytimg.com http://*.google.com.mx http://red.natura.cl http://www.google-analytics.com http://agentbot.net http://rawgit.com http://auth0.com http://pusher.com http://intercom.io http://gravatar.com http://cloudfront.net http://jsdelivr.net http://rollbar.com http://ravenjs.com http://google-analytics.com http://s3.amazonaws.com https://integracion.s1gateway.com/ http://adapter.aivo.co data: 'unsafe-inline' 'unsafe-eval' https://www.youtube.com 1 default-src https: *.hwcdn.net *.teeitup.com *.golfid.io; connect-src https: wss:; script-src https: data: *.hwcdn.net 'unsafe-inline' 'unsafe-eval'; style-src https: data: *.hwcdn.net 'unsafe-inline'; img-src https: data: *.hwcdn.net s3.amazonaws.com; frame-ancestors 'self' https://www.onlinereservationsystems.com; 1 frame-ancestors 'self' https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; default-src 'self' 'unsafe-inline' https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; script-src 'self' 'unsafe-inline' https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; script-src-elem 'self' 'unsafe-inline' https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; style-src 'self' 'unsafe-inline' https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; img-src 'self' data: https://static-akmai-cdn.com https://bin.bnbstatic.com https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; font-src 'self' data: https://at.alicdn.com https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com; object-src 'none'; connect-src 'self' wss://wallet-bridge.binance.org wss://dex.binance.org wss://dex-asiapacific.binance.org wss://dex-european.binance.org wss://dex-atlantic.binance.org https://dex-bin.bnbstatic.com https://dex-bin-1259603563.file.myqcloud.com https://ud.binance.org https://testnet-ud.binance.org https://frontend-m.binance.cloud https://wallet-bridge.binance.org https://www.binance.com https://bin.bnbstatic.com https://dex.binance.org https://dex-asiapacific.binance.org https://dex-european.binance.org https://dex-atlantic.binance.org https://dex-api.binance.org https://i18n.bnbstatic.com https://at.alicdn.com 1 script-src 'self' *.visual-paradigm.com *.google-analytics.com *.recaptcha.net *.gstatic.cn *.google.com *.gstatic.com *.googleapis.com graph.facebook.com share.yandex.ru *.tawk.to *.addthis.com *.addthisedge.com *.linkedin.com cdn.jsdelivr.net *.cloudfront.net *.gitbook.io *.stripe.com 'unsafe-inline' 'unsafe-eval' 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=23d5e5f2-3942-4af6-ac76-e96a1b534d7f 1 default-src 'self' i3j3u3u9.ssl.hwcdn.net *.sendmepixel.com *.keepmypixel.com *.pxcollect.com maps.googleapis.com; img-src * data:; media-src 'self' i3j3u3u9.ssl.hwcdn.net *.sendmepixel.com *.keepmypixel.com *.pxcollect.com maps.googleapis.com data:; connect-src 'self' i3j3u3u9.ssl.hwcdn.net *.sendmepixel.com *.keepmypixel.com *.pxcollect.com *.fontawesome.com sqs.us-west-2.amazonaws.com *.notify-service.com; script-src 'self' 'nonce-pgican2qzz' i3j3u3u9.ssl.hwcdn.net *.sendmepixel.com *.keepmypixel.com *.pxcollect.com *.google-analytics.com maps.googleapis.com code.jquery.com cdnjs.cloudflare.com script.crazyegg.com *.fontawesome.com d3owq2fdwtdp2j.cloudfront.net *.googlesyndication.com; style-src i3j3u3u9.ssl.hwcdn.net fonts.gstatic.com fonts.googleapis.com code.jquery.com *.fontawesome.com 'unsafe-inline'; font-src fonts.gstatic.com fonts.googleapis.com i3j3u3u9.ssl.hwcdn.net *.fontawesome.com; frame-src i3j3u3u9.ssl.hwcdn.net *.searchboxlive.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.facebook.net *.amazonaws.com *.alexametrics.com *.google.com *.google.fr *.googleapis.com *.gstatic.com *.doubleclick.net *.googlesyndication.com *.twitter.com *.facebook.com *.google-analytics.com *.googleadservices.com *.addthis.com *.addthisedge.com *.onesignal.com onesignal.com www.googleadservices.com www.googletagmanager.com 1 default-src https: data: 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://market.opstechnology.com/ https://demomarket.opstechnology.com/ https://preview.opstechnology.com/ https://www.rcashasp1.com/ http://www.mypartinfo.com 1 default-src 'self' staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com;script-src 'self' 'nonce-hKmRgEyzEF' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' checkout.stripe.com staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com use.typekit.net www.google-analytics.com www.google.com www.gstatic.com cdn.carbonads.com srv.carbonads.net;font-src 'self' staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com *.typekit.net netdna.bootstrapcdn.com;style-src 'self' netdna.bootstrapcdn.com staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com 'unsafe-inline';connect-src 'self' checkout.stripe.com;frame-src 'self' checkout.stripe.com *.youtube.com youtube.com *.vimeo.com vimeo.com www.google.com;img-src * data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' ws://localhost:3000 *.postmarkapp.com fonts.googleapis.com app.vwo.com *.cloudfront.net wildbit.sinter-collect.com createsend.com wildbit.createsend.com js.createsend1.com *.createsend.com *.typekit.net fast.fonts.net fast.fonts.com *.helpscout.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.visualwebsiteoptimizer.com *.simplecast.com *.twitter.com *.ads-twitter.com t.co *.facebook.net *.hs-analytics.net *.fullstory.com *.gstatic.com *.getsitecontrol.com *.helpscoutdocs.com *.github.io *.twimg.com *.vimeo.com *.youtube.com api.usemessages.com tag.rightmessage.com js.hs-scripts.com *.wistia.com *.wistia.net *.akamaihd.net src.litix.io data: blob: https://api.keen.io https://*.rightmessage.com; img-src * data: blob:; frame-ancestors 'self' http://app.vwo.com https://*.rightmessage.com 1 default-src c.wgr.de 'self'; script-src c.wgr.de track.westermann.de connect.facebook.net www.googleadservices.com maps.googleapis.com 'self' 'unsafe-inline'; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de track.westermann.de www.econda-monitor.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net maps.googleapis.com *.gstatic.com 'self' data:; frame-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de track.westermann.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src secure.schulbuchzentrum-online.de track.westermann.de 'self'; report-uri /backend/csp 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=f8043ee9-45d5-45d7-87f5-a155722ff1d8 1 default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss://socket.showtalk.jp 1 default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; child-src *; frame-ancestors 'self' chrome-extension://* *.linkedin.com *.salesforce.com *.lightning.force.com *.visual.force.com app.salesloft.com *.outreach.io *.amazon.com *.amazon.ca *.amazon.co.uk *.eloqua.com *.groove.co *.hubspot.com sendoso.ngrok.io sendoso1.ngrok.io vimeo.com/*; script-src * 'unsafe-eval' 'unsafe-inline' 1 default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://uxdesign.cc https://*.uxdesign.cc https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1 frame-src www.neobux.com https://cdns.us1.gigya.com/ *.facebook.com *.twitter.com 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-CYMLNUDkvP' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 default-src * blob: 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=84e8f6e9-f7e9-412f-b085-b3ab37097ad7 1 default-src 'self' static.integromat.com; style-src 'self' static.integromat.com fonts.googleapis.com checkout.stripe.com; font-src 'self' static.integromat.com fonts.gstatic.com data:; img-src 'self' static.integromat.com data: stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.cz placehold.it placeholdit.imgix.net secure.gravatar.com usage.trackjs.com q.stripe.com img.youtube.com www.facebook.com t.co www.googletagmanager.com; connect-src 'self' static.integromat.com iql.integromat.com wss://www.integromat.com capture.trackjs.com checkout.stripe.com integromat.zendesk.com; frame-src 'self' static.integromat.com www.facebook.com www.youtube.com checkout.stripe.com; script-src 'self' static.integromat.com www.google-analytics.com checkout.stripe.com connect.facebook.net static.ads-twitter.com analytics.twitter.com; object-src 'self' static.integromat.com 1 default-src *; img-src * data: blob:; object-src 'self'; worker-src 'self'; manifest-src 'self'; script-src 'self' *.mailtrap.io *.uservoice.com google.com www.google.com recaptcha.net www.recaptcha.net gstatic.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net optimize.google.com js.hs-scripts.com js.hs-analytics.net *.braintreegateway.com *.paypalobjects.com *.uvcdn.com connect.facebook.net *.youtube.com s.ytimg.com https://s3.amazonaws.com/assets.heroku.com/boomerang/boomerang.js 'sha256-HwOpYBUjhJt/xN8OJ9FOm/3SMfiXvWGGJL5KontA4ok='; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.mailtrap.io fonts.googleapis.com optimize.google.com https://s3.amazonaws.com/assets.heroku.com/boomerang/boomerang.css; font-src 'self' data: *.mailtrap.io fonts.gstatic.com; frame-src 'self' google.com www.google.com www.googletagmanager.com *.doubleclick.net optimize.google.com widget.uservoice.com *.braintreegateway.com *.kaptcha.com *.paypal.com connect.facebook.net *.youtube-nocookie.com; connect-src 'self' wss://mailtrap.io *.mailtrap.io www.google-analytics.com stats.g.doubleclick.net errors.rw.rw *.braintreegateway.com *.sandbox.braintreegateway.com *.braintree-api.com *.sandbox.braintree-api.com *.uservoice.com; media-src 'self' 1 connect-src 'self' *.pinimg.com *.pinterest.com *.branch.io *.facebook.com accounts.google.com *.dropboxapi.com cdn.ampproject.org *.cdn.ampproject.org pinterest-aberdeen.s3.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-waterloo.s3.amazonaws.com *.cedexis.com *.cedexis-radar.net *.zendesk.com *.zdassets.com wss://*.zopim.com *.zopim.com blob: *.adyen.com *.adyenpayments.com; media-src 'self' *.pinimg.com blob: data:; object-src 'self'; prefetch-src *; script-src 'nonce-glKpmUSZXh' 'strict-dynamic' 'report-sample' 'self' *.pinterest.com *.pinimg.com *.google.com connect.facebook.net *.google-analytics.com *.accountkit.com *.facebook.com *.googletagmanager.com *.bnc.lt bnc.lt *.branch.io *.yozio.com cdn.ampproject.org *.cdn.ampproject.org radar.cedexis.com *.cedexis-test.com static.zdassets.com ekr.zdassets.com *.zopim.com *.zopim.org *.zopim.io 'unsafe-inline' 'unsafe-eval' *.adyen.com *.adyenpayments.com; base-uri 'none'; report-uri /_/_/csp_report/ 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=d815d91d-7bc1-4949-8c07-06e09ab0e505 1 frame-ancestors 'self' *.suunto.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=70b4ae49-5f1c-44c5-a4ce-fe5b063f7ed6 1 base-uri 'self';connect-src 'self' https://creditkarmacdn-a.akamaihd.net https://6033355.fls.doubleclick.net *.creditkarma.com *.nr-data.net https://stats.g.doubleclick.net https://sentry.io wss://www.creditkarma.ca https://www.google-analytics.com https://siteintercept.qualtrics.com;default-src 'self' https://creditkarmacdn-a.akamaihd.net *.creditkarma.com;font-src 'self' https://creditkarmacdn-a.akamaihd.net *.creditkarma.com data:;frame-src 'self' https://6033355.fls.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://tags.creditkarma.ca https://tags.creditkarma.com https://tpc.googlesyndication.com https://siteintercept.qualtrics.com https://creditkarma.az1.qualtrics.com;img-src 'self' https://creditkarmacdn-a.akamaihd.net https://6033355.fls.doubleclick.net *.creditkarma.com *.nr-data.net https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.facebook.com data: https://ckpoc.imgix.net/ https://seal.digicert.com https://www.googletagmanager.com https://sierra.kilo.ckapis.com https://ck-assets.imgix.net https://siteintercept.qualtrics.com https://az1.qualtrics.com;script-src 'self' https://creditkarmacdn-a.akamaihd.net data: blob: https://tpc.googlesyndication.com *.creditkarma.com https://bam.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net 'unsafe-inline' https://seal.digicert.com https://js-agent.newrelic.com 'report-sample' https://sierra.kilo.ckapis.com https://siteintercept.qualtrics.com;style-src 'self' https://creditkarmacdn-a.akamaihd.net *.creditkarma.com 'unsafe-inline' https://creditkarma-com.go-vip.co data:;report-uri https://sentry.io/api/1217228/security/?sentry_key=096b021d1234444e8052ffd5e4540f6e 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://optimize.google.com https://a.optnmstr.com https://platform.twitter.com https://static.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://*.typekit.net; 1 default-src https: data: kolps: 'unsafe-inline' 'unsafe-eval';frame-ancestors *.webassessor.com https://webassessor.com https://www.webassessor.com https://pay.webassessor.com https://admin.webassessor.com *.onlineproctoring.com https://www.kryteriononline.com https://kryteriononline.com 1 default-src 'self'; script-src 'self' c.mql5.com trade.mql5.com www.mql5.com content.mql5.com search.mql5.com connect.facebook.net www.facebook.com player.youku.com 'unsafe-inline' 'unsafe-eval'; style-src player.youku.com c.mql5.com 'unsafe-inline'; img-src 'self' msg1.mql5.com c.mql5.com www.mql5.com content.mql5.com download.mql5.com charts.mql5.com www.metatrader5.com www.metatrader4.com www.metaquotes.net www.metaquotes.ru trade.mql5.com blob: *.tile.openstreetmap.org connect.facebook.net www.facebook.com; media-src 'self' msg1.mql5.com trade.mql5.com c.mql5.com; font-src c.mql5.com trade.mql5.com; connect-src 'self' content.mql5.com trade.mql5.com https://msg1.mql5.com wss://msg1.mql5.com gwt1.mql5.com gwt2.mql5.com gwt3.mql5.com gwt4.mql5.com gwt5.mql5.com gwt6.mql5.com gwt7.mql5.com gwt8.mql5.com gwt9.mql5.com gwt10.mql5.com gwt11.mql5.com connect.facebook.net www.facebook.com; frame-src 'self' c.mql5.com trade.mql5.com content.mql5.com player.youku.com www.youtube.com www.facebook.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; child-src 'self' c.mql5.com trade.mql5.com player.youku.com www.youtube.com blob:; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=ec59706c-86d6-4e25-ac47-b3ab9d598e32 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://d.la1-c2-phx.salesforceliveagent.com; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://fast.wistia.net fast.wistia.com https://widen--c.na44.visual.force.com https://embed.widencdn.net https://d1z9ryalr1cz6s.cloudfront.net http://embed.widencdn.net https://lh5.googleusercontent.com https://cf-store.widencdn.net; img-src 'self' data: blob: https://widen.my.salesforce.com http://widen--c.na44.content.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://na44.salesforce.com/icons/ https://fast.wistia.net fast.wistia.com https://widen--c.na44.visual.force.com https://embed.widencdn.net https://d1z9ryalr1cz6s.cloudfront.net http://embed.widencdn.net https://lh5.googleusercontent.com https://cf-store.widencdn.net; media-src 'self' blob: https://fast.wistia.net fast.wistia.com https://widen--c.na44.visual.force.com https://embed.widencdn.net https://d1z9ryalr1cz6s.cloudfront.net http://embed.widencdn.net https://lh5.googleusercontent.com https://cf-store.widencdn.net; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://na44.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://fast.wistia.net fast.wistia.com https://widen--c.na44.visual.force.com https://embed.widencdn.net https://d1z9ryalr1cz6s.cloudfront.net http://embed.widencdn.net https://lh5.googleusercontent.com https://cf-store.widencdn.net; font-src 'self' data: https://fast.wistia.net fast.wistia.com https://widen--c.na44.visual.force.com https://embed.widencdn.net https://d1z9ryalr1cz6s.cloudfront.net http://embed.widencdn.net https://lh5.googleusercontent.com https://cf-store.widencdn.net; connect-src 'self' https://fast.wistia.net fast.wistia.com https://widen--c.na44.visual.force.com https://embed.widencdn.net https://d1z9ryalr1cz6s.cloudfront.net http://embed.widencdn.net https://lh5.googleusercontent.com https://cf-store.widencdn.net 1 frame-ancestors 'self' www.cajasur.es; 1 default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *; upgrade-insecure-requests; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cnzz.com *.luosimao.com rules.quantcount.com www.google-analytics.com secure.quantserve.com stats.g.doubleclick.net *.bdstatic.com *.baidu.com www.googletagmanager.com dn-cowlevel.qbox.me *.cdncl.net o922x45ft.qnssl.com interface.bilibili.com api.bilibili.com static.hdslb.com cdn.bootcss.com; frame-src 'self' cowlevel.net *.steampowered.com *.luosimao.com bandcamp.com *.missevan.com *.tudou.com itch.io *.acfun.cn *.youku.com *.163.com *.bilibili.com *.kickstarter.com cowlevel-bridge-loaded cowlevel-wvjb-queue-message; 1 frame-ancestors 'self' *.marmara.edu.tr 1 connect-src https://api.posteo.de https://payment.posteo.de https://cdn.posteo.de wss://posteo.de 'self'; child-src 'self'; font-src 'self' data:; form-action https://www.paypal.com 'self' data:; frame-ancestors 'self'; frame-src 'self' blob:; img-src data: *; media-src 'self' https://cdn.posteo.de; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'none'; reflected-xss block; referrer no-referrer; 1 style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; upgrade-insecure-requests; 1 frame-ancestors 'self' *.smhi.se klimatanpassning.se sudplan.eu nordicadaptation2018.net http://infoteve.com ; report-uri /userv/cspreporting 1 block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=6e3a17ce-05f1-40ac-8f06-8322ca8ad259 1 block-all-mixed-content;frame-ancestors 'self' https://www.dashlane.com https://www.google.com https://www-dashlane-com.cdn.ampproject.org https://www-dashlane-com.amp.cloudflare.com;base-uri 'none';default-src https://d38muu3h4xeqr1.cloudfront.net;style-src 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://app-ab14.marketo.com;font-src data: https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kck3hlb9.dashlane.com https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://cdn.ampproject.org https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://cdn.heapanalytics.com https://js.stripe.com https://js.processout.com https://widget.trustpilot.com https://munchkin.marketo.net https://app-ab14.marketo.com https://api.greenhouse.io https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://tagmanager.google.com https://platform.twitter.com https://script.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/e/t.js https://*.visualwebsiteoptimizer.com https://static.ads-twitter.com/uwt.js https://analytics.twitter.com https://connect.facebook.net https://static.criteo.net/js/ld/ld.js https://widget.criteo.com/event https://widget.us.criteo.com/event https://sslwidget.criteo.com/event https://cm.g.doubleclick.net https://bid.g.doubleclick.net/ https://googleads.g.doubleclick.net https://s.pinimg.com/ct/ https://a.quora.com/qevents.js https://b-code.liadm.com/a-00ou.min.js https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/ https://platform.twitter.com/oct.js https://www.redditstatic.com/ads/pixel.js;img-src 'self' data: https://d38muu3h4xeqr1.cloudfront.net https://d1sk9wm475w15q.cloudfront.net https://d2erpoudwvue5y.cloudfront.net https://kwift-icons-desktop.s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com/static-icons/_web/ https://blog.dashlane.com https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://q.stripe.com https://www.gstatic.com https://ssl.gstatic.com https://app-ab14.marketo.com https://user-event-tracker.crazyegg.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://ct.pinterest.com/v3/ https://*.liadm.com https://goo.gl https://trc.taboola.com/geistm2-dashlane-sc/ https://stats.g.doubleclick.net https://*.us.criteo.net https://pinterest.adsymptotic.com https://q.quora.com https://i.geistm.com/x/ https://api.nanigans.com/event.php https://gravatar.com https://t.co https://bat.bing.com/action/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://safecart.com https://alb.reddit.com https://pubads.g.doubleclick.net https://sp.analytics.yahoo.com https://trkn.us https://www.google.ad https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.cl https://www.google.co.ao https://www.google.co.bw https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.sa https://www.google.com.sg https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.et https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gp https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.mu https://www.google.mv https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.si https://www.google.sn https://www.google.tt;media-src 'self' https://d38muu3h4xeqr1.cloudfront.net;connect-src 'self' https://ws1.dashlane.com https://api.dashlane.com https://kck3hlb9.dashlane.com https://cdn.ampproject.org https://www.google-analytics.com https://www.googletagmanager.com https://heapanalytics.com https://api.stripe.com https://widget.trustpilot.com https://*.mktoresp.com https://api.trustpilot.com https://blog.dashlane.com https://sample-api-v2.crazyegg.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://ct.pinterest.com/user/ https://lcidc.liadm.com/api/v1/dynamic-conversion https://stats.g.doubleclick.net https://ampcid.google.ad https://ampcid.google.ae https://ampcid.google.am https://ampcid.google.at https://ampcid.google.be https://ampcid.google.bg https://ampcid.google.bs https://ampcid.google.by https://ampcid.google.ca https://ampcid.google.cd https://ampcid.google.ch https://ampcid.google.cl https://ampcid.google.co.ao https://ampcid.google.co.bw https://ampcid.google.co.id https://ampcid.google.co.il https://ampcid.google.co.in https://ampcid.google.co.jp https://ampcid.google.co.kr https://ampcid.google.co.ma https://ampcid.google.co.nz https://ampcid.google.co.th https://ampcid.google.co.uk https://ampcid.google.co.ve https://ampcid.google.co.za https://ampcid.google.co.zw https://ampcid.google.com https://ampcid.google.com.af https://ampcid.google.com.ar https://ampcid.google.com.au https://ampcid.google.com.bo https://ampcid.google.com.br https://ampcid.google.com.co https://ampcid.google.com.do https://ampcid.google.com.ec https://ampcid.google.com.eg https://ampcid.google.com.et https://ampcid.google.com.gh https://ampcid.google.com.gt https://ampcid.google.com.hk https://ampcid.google.com.jm https://ampcid.google.com.kw https://ampcid.google.com.lb https://ampcid.google.com.mt https://ampcid.google.com.mx https://ampcid.google.com.my https://ampcid.google.com.na https://ampcid.google.com.ng https://ampcid.google.com.ni https://ampcid.google.com.np https://ampcid.google.com.pe https://ampcid.google.com.ph https://ampcid.google.com.pk https://ampcid.google.com.pr https://ampcid.google.com.py https://ampcid.google.com.sa https://ampcid.google.com.sg https://ampcid.google.com.sl https://ampcid.google.com.tr https://ampcid.google.com.tw https://ampcid.google.com.ua https://ampcid.google.com.uy https://ampcid.google.com.vn https://ampcid.google.cz https://ampcid.google.de https://ampcid.google.dk https://ampcid.google.dz https://ampcid.google.ee https://ampcid.google.es https://ampcid.google.et https://ampcid.google.fi https://ampcid.google.fr https://ampcid.google.ge https://ampcid.google.gp https://ampcid.google.hn https://ampcid.google.hr https://ampcid.google.hu https://ampcid.google.ie https://ampcid.google.iq https://ampcid.google.is https://ampcid.google.it https://ampcid.google.lk https://ampcid.google.lt https://ampcid.google.lu https://ampcid.google.mu https://ampcid.google.mv https://ampcid.google.nl https://ampcid.google.no https://ampcid.google.pl https://ampcid.google.pt https://ampcid.google.ro https://ampcid.google.rs https://ampcid.google.ru https://ampcid.google.se https://ampcid.google.si https://ampcid.google.sn https://ampcid.google.tt;object-src 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' https://d1sk9wm475w15q.cloudfront.net https://d3mfqat9ni8wb5.cloudfront.net https://d3qm0vl2sdkrc.cloudfront.net https://s3.eu-west-1.amazonaws.com/mac.dashlane.com/ https://s3.eu-west-1.amazonaws.com/binaries.dashlane.com/ https://app.adjust.com https://amp.dashlane.com https://webui.dashlane.com safari-extension://com.dashlane.dashlanesafari-5p72e3gc48 dashlane: https://js.stripe.com https://js.processout.com https://widget.trustpilot.com https://app-ab14.marketo.com https://www.youtube.com https://staticxx.facebook.com https://platform.twitter.com https://www.facebook.com https://dis.us.criteo.com https://gum.criteo.com https://static.criteo.com https://static.criteo.net https://i.liadm.com 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=58dd791b-1b64-4206-85eb-e81a23437300 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=7dbd5599-ba3a-4320-8ea7-5f5b359e796f 1 default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com https://*.vimeo.com; font-src 'self'; img-src http: data: *; style-src 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tutanota.com https://api.github.com https://www.reddit.com; 1 frame-ancestors https://*.facebook.com https://*.residentportal.com https://*.residentportaldev.com https://*.tokenex.com 1 frame-ancestors 'self'; default-src 'self' https://*.youtube.com https://*.ytimg.com https://*.iesnare.com https://assets.secure.checkout.visa.com https://static.masterpass.com https://www.paypalobjects.com https://thm.visa.com; img-src 'self' data: blob: *.indigo.ca *.indigoimages.ca *.bazaarvoice.com *.nr-data.net https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.google.ca https://www.googletagmanager.com https://*.gstatic.com https://*.pinimg.com https://*.twimg.com https://*.twitter.com https://*.webtype.com *.omtrdc.net https://t.co https://notify.bugsnag.com https://s3.amazonaws.com https://*.checkout.visa.com https://*.visa.com https://tracker.marinsm.com https://kbimages1-a.akamaihd.net https://ds-aksb-a.akamaihd.net www.paypalobjects.com https://*.paypal.com https://*.piwikpro.com https://secure.adnxs.com https://www.offlinx.com https://gtrk.s3.amazonaws.com https://heapanalytics.com https://*.cdninstagram.com https://dpm.demdex.net https://cm.everesttech.net https://*.online-metrix.net https://insights.hotjar.com https://static.hotjar.com https://ct.pinterest.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.indigo.ca *.indigoimages.ca ajax.aspnetcdn.com code.jquery.com *.bazaarvoice.com https://*.cloudflare.com https://www.myregistry.com https://www.babylist.com/ https://*.cloudfront.net https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://*.gstatic.com https://*.googleapis.com *.omtrdc.net https://*.richrelevance.com https://*.twimg.com https://*.twitter.com https://*.ads-twitter.com https://*.vimeo.com https://*.youtube.com https://*.ytimg.com https://ajax.aspnetcdn.com https://api.pinterest.com https://bam.nr-data.net https://dpm.demdex.net https://fbstatic-a.akamaihd.net https://ds-aksb-a.akamaihd.net https://indigo.soapboxhq.com https://maps.gstatic.com https://s3.amazonaws.com https://*.checkout.visa.com https://script.crazyegg.com https://www.bluecore.com js-agent.newrelic.com tracker.marinsm.com https://mpsnare.iesnare.com www.googleadservices.com www.paypalobjects.com www.paypal.com https://*.iesnare.com https://*.masterpass.com https://*.smartrecruiters.com https://cdn.heapanalytics.com https://api.instagram.com https://www.buyatab.com https://www.googletagmanager.com https://thm.visa.com https://static.hotjar.com https://script.hotjar.com https://ln-rules.rewardstyle.com https://members.cj.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' blob: https://*.bazaarvoice.com https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://*.indigoimages.ca https://*.twitter.com https://*.webtype.com https://*.masterpass.com https://masterpass.com https://*.smartrecruiters.com https://ln-rules.rewardstyle.com https://members.cj.com; connect-src 'self' https://*.indigo.ca https://*.indigoimages.ca https://bam.nr-data.net https://triggeredmail.appspot.com www.chapters.indigo.ca *.omtrdc.net https://www.paypal.com https://dpm.demdex.net https://kbepubs1-a.akamaihd.net https://*.google.ca https://*.google.com https://*.bluecore.com https://ds-aksb-a.akamaihd.net https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://www.facebook.com https://ct.pinterest.com; font-src 'self' https://*.indigoimages.ca https://*.googleapis.com https://*.gstatic.com https://*.webtype.com data: https://static.hotjar.com https://members.cj.com; frame-src 'self' https://*.bazaarvoice.com blob: https://www.myregistry.com https://www.babylist.com/ https://ln-rules.rewardstyle.com https://ln.rewardstyle.com https://members.cj.com https://*.doubleclick.net https://*.facebook.com https://*.google.ca https://*.google.com https://*.indigo.ca https://*.indigoimages.ca https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://indigo.soapboxhq.com https://indigo.taleo.net https://*.checkout.visa.com https://thm.visa.com https://snapwidget.com https://www.google.com https://display.ugc.bazaarvoice.com http://assessment.taleo.net www.paypalobjects.com https://*.paypal.com https://*.masterpass.com https://masterpass.com https://cdn-akamai.mookie1.com https://www.buyatab.com https://*.facebook.net https://h.online-metrix.net/ https://indigo.demdex.net/ *.lrgrewards.com https://vars.hotjar.com; child-src https://vars.hotjar.com; upgrade-insecure-requests; report-uri https://indigo.report-uri.com/r/d/csp/enforce; 1 default-src 'self' * 'unsafe-inline' 'unsafe-eval' 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src https: 'unsafe-inline'; 1 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; 1 default-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.swiftype.com https://*.twitter.com https://*.twimg.com; script-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.swiftype.com https://*.twitter.com https://*.twimg.com 'unsafe-inline'; style-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.swiftype.com https://*.twitter.com https://*.twimg.com 'unsafe-inline'; img-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.swiftype.com https://*.twitter.com https://*.twimg.com data:; frame-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.swiftype.com https://*.twitter.com https://*.twimg.com https://*.youtube.com https://*.serverpilot-phpversions.info; font-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.swiftype.com https://*.twitter.com https://*.twimg.com data:; 1 base-uri 'none'; child-src 'self' * blob:; connect-src 'self' https://cdn.coda.io wss://coda.io https://coda.io wss://*.intercom.io https://coda-us-west-2-prod-blobs.s3.us-west-2.amazonaws.com https://coda-us-west-2-prod-blobs-upload.s3-us-west-2.amazonaws.com https://*.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://app.getsentry.com https://iframe.ly https://cdn.iframe.ly https://api.rollbar.com https://baconipsum.com https://api.trello.com https://www.google-analytics.com https://rum-collector-2.pingdom.net https://api.stripe.com; default-src 'self' https://cdn.coda.io; font-src data: https://cdn.coda.io https://js.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://messenger-apps.intercom.io https://intercom.help; frame-ancestors 'self' *.coda.io ; frame-src *; img-src * blob: data:; media-src https://js.intercomcdn.com; object-src 'none'; report-uri /csp-violation; script-src 'strict-dynamic' 'nonce-208620d40f114af6b46aa4b3fa73b431' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' blob: https://cdn.coda.io https://fonts.googleapis.com; worker-src 'self' blob: 1 script-src 'self' *.xlovecam.com *.wlresources.com *.acwebconnecting.com http://*.google-analytics.com https://*.google-analytics.com https://*.gstatic.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net https://www.google.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' www.xlovecam.com:9080 www.xlovecam.com:9443 *.xlovecam.com *.wlresources.com *.acwebconnecting.com http://*.google-analytics.com https://*.google-analytics.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xlovecam.com wss://www.xlovecam.com; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com; worker-src 'self' blob:; report-uri /en/jserror/?ts=1566549385 1 default-src 'none'; img-src data:; style-src 'unsafe-inline' 1 default-src *; base-uri *; font-src data: *; frame-src 'self' fbrpc: *; img-src data: *; media-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' blob: * 1 default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com; img-src 'unsafe-inline' 'unsafe-eval' * data:; 1 default-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about:; base-uri 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about:; child-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: itunes.apple.com www.facebook.com staticxx.facebook.com accounts.google.com apis.google.com googletagmanager.com www.googletagmanager.com js.stripe.com syndication.twitter.com widget.uservoice.com www.youtube.com www.youtube-nocookie.com player.vimeo.com; connect-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: api.airbrake.io www.facebook.com ajax.googleapis.com translate.googleapis.com www.google-analytics.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io uploads.intercomcdn.com code.jquery.com www.kidsafeseal.com api.mixpanel.com api.stripe.com ct.pinterest.com; font-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: maxcdn.bootstrapcdn.com use.fontawesome.com translate.googleapis.com fonts.gstatic.com use.typekit.net fonts.typekit.net fonts.googleapis.com; frame-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: itunes.apple.com www.facebook.com staticxx.facebook.com accounts.google.com apis.google.com googletagmanager.com www.googletagmanager.com js.stripe.com syndication.twitter.com widget.uservoice.com www.youtube.com www.youtube-nocookie.com player.vimeo.com; img-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: bat.bing.com www.facebook.com www.google-analytics.com google-analytics.com ssl.google-analytics.com www.google.com accounts.google.com www.google.ae www.google.com.au www.google.ca www.google.ch www.google.es www.google.co.in www.google.co.kr www.google.com.qa www.google.com.sa www.google.co.th www.google.co.uk www.google.com.vn www.google.com.ph www.google.com.za translate.google.com translate.googleapis.com www.gstatic.com csi.gstatic.com ssl.gstatic.com googletagmanager.com www.googletagmanager.com static.intercomassets.com downloads.intercomcdn.com cdn-mxpnl.com q.stripe.com syndication.twitter.com p.typekit.net i.vimeocdn.com googleads.g.doubleclick.net www.kidsafeseal.com cdn.mxpnl.com ct.pinterest.com; script-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: bat.bing.com google-analytics.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com googletagmanager.com www.googletagmanager.com translate.googleapis.com cdn-mxpnl.com api.stripe.com by2.uservoice.com s.yimg.com s7.addthis.com cdnjs.cloudflare.com cdn.ampproject.org dnn506yrbagrg.cloudfront.net html5shim.googlecode.com www.google-analytics.com apis.google.com widget.intercom.io code.jquery.com cdn.mxpnl.com cdn.optimizely.com js.stripe.com use.typekit.net widget.uservoice.com s.pinimg.com ct.pinterest.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.splashmath.com d3ojqz9vsge2vl.cloudfront.net d1n5c9e0gk9gm5.cloudfront.net djq5eqy4vbh27.cloudfront.net connect.facebook.net bid.g.doubleclick.net optimize.google.com *.hotjar.com:* *.hotjar.io wss://*.hotjar.com js-agent.newrelic.com bam.nr-data.net platform.twitter.com performance.typekit.net js.intercomcdn.com tagmanager.google.com js.driftt.com blob: data: about: maxcdn.bootstrapcdn.com use.fontawesome.com translate.googleapis.com fonts.gstatic.com use.typekit.net fonts.typekit.net fonts.googleapis.com 'unsafe-inline'; upgrade-insecure-requests; report-uri /csp-report 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-6167e000ec52a51f84c959d8c2f0c07a' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=2061a84a-66e7-4784-83e7-c9394587cc93&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=2061a84a-66e7-4784-83e7-c9394587cc93&version=sha%3Db68f26972e89&report_only=false 1 frame-ancestors 'self' http://www.philips.de *.philips.com *.philips.de 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=50b5f883-cdea-4804-86cb-800fe09cf5c1 1 block-all-mixed-content; object-src 'none'; form-action 'self' *.indeed.com *.indeed.com.sg ; frame-src 'self' *.indeed.com *.indeed.com.sg https://smartlock.google.com/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'self' 'unsafe-inline' data: *.indeed.com *.indeed.com.sg d3hbwax96mbv6t.cloudfront.net d3hbwax96mbv6t.cloudfront.net https://smartlock.google.com/ https://accounts.google.com/ https://cdn.ravenjs.com/3.14.2/raven.min.js d3hbwax96mbv6t.cloudfront.net d12632ofg6v5f7.cloudfront.net d2q79iu7y748jz.cloudfront.net d3s4xzh46vzktb.cloudfront.net d1ymdoy4af119w.cloudfront.net d3fw5vlhllyvee.cloudfront.net www.google-analytics.com https://www.facebook.com/tr/ https://sb.scorecardresearch.com https://connect.facebook.net *.serving-sys.com maps.googleapis.com csi.gstatic.com https://ad.doubleclick.net/ddm/activity/ https://www.google.com/recaptcha/ https://www.gstatic.com https://www.youtube.com https://pp.d2-apps.net/v1/impressions/log dpuk71x9wlmkf.cloudfront.net; 1 default-src 'self' www.neighborhoodscout.com www.google.com http://s3.amazonaws.com d2eaq8dxqroec3.cloudfront.net *.youtube.com *.gstatic.com *.googleapis.com stats.bluebillywig.com adklip.bbvms.com *.g.doubleclick.net *.googlesyndication.com *.hotjar.com sentry.hotjar.com *.marketingautomation.services *.addthis.com stats.g.doubleclick.net s7.addthis.com www.google-analytics.com tether.io *.mapbox.com *.netdna-ssl.com data: ; script-src 'self' use.fontawesome.com schema.org www.googletagservices.com use.fontawesome.com *.googleapis.com www.neighborhoodscout.com wchat.freshchat.com s7.addthis.com www.google-analytics.com www.google.com *.netdna-ssl.com *.addthisedge.com *.addthis.com gmpg.org ajax.googleapis.com s.w.org *.hotjar.com *.google.com securepubads.g.doubleclick.net cdnjs.cloudflare.com tether.io *.marketingautomation.services adklip.bbvms.com *.googlesyndication.com cdn.bluebillywig.com s0.2mdn.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval' ; style-src 'self' fonts.googleapis.com 'unsafe-inline' ; font-src 'self' fonts.gstatic.com use.fontawesome.com ; base-uri 'none' ; connect-src 'self' wss://*.hotjar.com in.hotjar.com https://*.addthis.com https://www.google.com https://securepubads.g.doubleclick.net https://vc.hotjar.io https://*.netdna-ssl.com https://api.mapbox.com https://csi.gstatic.com www.google-analytics.com https://*.doubleclick.net; 1 default-src 'self' ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.upc.edu tagmanager.google.com https://*.twimg.com https://*.twitter.com *.gstatic.com *.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com data: ;font-src * data: ; style-src * data: 'unsafe-inline' 'unsafe-eval'; child-src *.upc.edu https://*.twitter.com https://*.google.com ; worker-src *.upc.edu https://*.twitter.com https://*.google.com https://cercador.upc.edu ; media-src *.upc.edu; frame-src *.youtube.com *.twitter.com twitter.com *.upc.edu www.google.com https://cercador.upc.edu ; connect-src https://cercador.upc.edu 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: * 1 child-src blob:; connect-src 'self' https: wss://ws.airbnb.com https://netverify.com https://*.netverify.com *.inspectlet.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net; frame-ancestors *; frame-src *; img-src 'self' https: data: *.inspectlet.com https://*.mapbox.com; media-src 'self' https: blob:; script-src 'nonce-6a3c0702e7b44e871fd2402f9567451b' 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://a.cdn.intentmedia.net https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://sslwidget.criteo.com https://static.criteo.net https://dis.criteo.com https://widget.us.criteo.com https://*.gbc.criteo.net https://ethn.io https://s.yimg.jp https://api.geetest.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-ck0NYnSq6evDrSU3QAgDAso6GSMHXE8SDlqTKWnxpKI=' 'sha256-9ZdLPFhnEQLHZCKEYdkKXUj5at+zztFTTILAt3y65+0=' 'sha256-anj/wlPABxVCuYmPnySD3CBbxtX3l2p5OQbQvHP9FsA=' 'sha256-MnioL5BuRJUruaRXOEDN6ssuUoUDtjvvCVp2PicfIIM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com *.inspectlet.com blob: https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://includes.ccdc02.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self'; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=401cd775-d8d4-4804-9fb6-a8def5222325&version=sha%3Db68f26972e89&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=401cd775-d8d4-4804-9fb6-a8def5222325&version=sha%3Db68f26972e89&report_only=false 1 frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com 1 default-src http: data 'unsafe-inline' 'unsafe-eval' 1 connect-src 'self' https://app.sgwidget.com https://sgwidget.leaderapps.co;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;frame-ancestors chrome-extension://mnojpmjdmbbfmejpflffifhffcmidifd;frame-src https://player.vimeo.com https://boards.greenhouse.io https://www.youtube-nocookie.com;img-src 'self' data: https://brave.com https://basicattentiontoken.org https://analytics.brave.com https://boards.greenhouse.io https://s.gravatar.com https://*.gravatar.com https://*.githubusercontent.com https://secure.gravatar.com https://www.gravatar.com https://blog.brave.com https://*.ggpht.com https://*.jtvnw.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.brave.com https://cdn.jsdelivr.net https://secure.gaug.es https://boards.greenhouse.io https://code.jquery.com https://app.sgwidget.com https://sgwidget.leaderapps.co;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cloud.typography.com 1 default-src 'self' 'unsafe-eval' *.googleapis.com *.google.com *.mapbox.com *.cloudfront.net http://*.cloudfront.net *.google-analytics.com *.doubleclick.net *.google.co.uk *.intercomassets.com *.gstatic.com *.intercom.io *.intercomcdn.com *.cloudflare.com wss://*.intercom.io *.receptive.io receptive.io *.facebook.com *.fbsbx.com unpkg.com *.twimg.com *.purpleportal.net *.fbcdn.net https://*.amazonaws.com *.youtube.com *.a3cloud.net https://*.purple.ai *.ggpht.com https://*.delighted.com *.googletagmanager.com https://*.blackfire.io https://*.venuewifi.net https://*.venuewifi.com data: 'unsafe-inline'; 1 frame-ancestors *.bluenile.com; object-src *.bluenile.com; base-uri *.bluenile.com; form-action *.bluenile.com https://livechat.boldchat.com; report-uri /api/csp-report 1 frame-ancestors 'self' https://piwik.mz.tu-dresden.de 1 frame-ancestors 'self' vk.com ; 1 block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=2ea252fc-256b-4897-b2c8-778d7b70ae73 1 script-src 'self' https://www.google-analytics.com/analytics.js; style-src 'self' https://fonts.googleapis.com https://*.gstatic.com; object-src 'none'; default-src 'self' https://www.google-analytics.com ; frame-src 'self' https://www.google.com https://www.youtube.com https://analytics.google.com https://google.exceedlms.com https://google.appitierre.com/; connect-src 'self' https://inputtools.google.com ; child-src 'self' https://www.google.com https://www.youtube.com https://analytics.google.com https://google.exceedlms.com https://google.appitierre.com/; font-src 'self' https://themes.googleusercontent.com https://*.gstatic.com; report-uri