Values for content-security-policy-report-only:
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 154
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 151
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 90
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport 84
default-src https: 'self' *.publishing.service.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk *.dev.gov.uk 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.tax.service.gov.uk www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 70
23
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 21
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 21
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 16
default-src 'self'; img-src *; font-src 'self' https://public-assets.envato-static.com; media-src 'self' https://preview.s3.envato.com https://previews.customer.envatousercontent.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public-assets.envato-static.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://public-assets.envato-static.com; connect-src 'self' https://waveform.customer.envato.com; report-uri 16
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 15
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 15
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://firmsites.report-uri.com/r/t/csp/reportOnly 14
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; connect-src https: ws:; report-uri https://ls.getresponse.com/log/csp_report?source=www 13
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 13
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/app 13
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 12
frame-ancestors 'self'; report-uri /beacon/csp.php 11
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 11
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 11
report-uri https://sentry.pressly.io/api/66/csp-report/?sentry_key=d0e35ce9d59a42b8b1ec472c0792de84; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 11
default-src https: data: 'unsafe-inline' 'unsafe-eval' 10
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 10
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 9
default-src 'self' 9
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 9
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 8
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 8
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://1yl2eds5mhyzuzjhwlcikwnp.httpschecker.net/report 8
report-uri /report-csp-violation 8
block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 7
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=anonweb 7
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 7
default-src 'unsafe-inline' 'unsafe-eval' data: https: wss:; report-uri https://shk.betfair.com/csp 7
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 7
frame-ancestors 'self' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-experimental ; script-src 'unsafe-eval' 'unsafe-inline' https://* 6
block-all-mixed-content; report-uri https://1vniaou00a.execute-api.eu-west-1.amazonaws.com/prod/report 6
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 6
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ 6
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 6
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https:; base-uri 'self' https://optimize.google.com; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: android-webview-video-poster: data: *; report-uri https://sentry.io/api/119503/security/?sentry_key=06825940ca0b4f8da5840b18b93bc640 6
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 5
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_21 5
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 5
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 5
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://9s5nwozqcb.execute-api.eu-north-1.amazonaws.com/prod/sitemailalerts 5
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com *.abtasty.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com; connect-src 'self' *.dynatrace.com *.abtasty.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com; img-src 'self' *.abtasty.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; 5
upgrade-insecure-requests; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' www.google-analytics.com maps.googleapis.com maps.google.com ajax.googleapis.com *.addthis.com *.addthisedge.com *.facebook.net cdn.jsdelivr.net platform.twitter.com cdn.syndication.twimg.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com *.addthis.com *.twitter.com *.facebook.com www.cvkeskus.ee www.google.com dok.hm.ee; img-src 'self' data: www.google-analytics.com maps.google.com maps.gstatic.com static.xx.fbcdn.net stats.g.doubleclick.net *.twimg.com *.twitter.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com platform.twitter.com ton.twimg.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.addthis.com www.google-analytics.com; 5
report-uri /_/csp-reports 5
default-src * 'unsafe-eval' 'unsafe-inline'  data:;report-uri //pointman.alibaba.com/csp?app=ae_default 4
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 4
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://fivethirtyeight.report-uri.io/r/default/csp/reportOnly 4
default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru files.icq.com api.icq.net 'self'; style-src 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src 'self'; connect-src privacy.icq.com icq.com 'self'; report-uri /system/error 4
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 4
default-src 'self'; script-src blob: https://*.ytimg.com https://*.youtube.com https://*.wargaming.net https://*.gcdn.co https://u360.d-bi.fr https://*.adroll.com https://pixel-geo.prfct.co https://s.adroll.com *.wgcdn.co https://tag.marinsm.com https://*.hypercomments.com https://*.cedexis-test.com https://bat.bing.com https://bam.nr-data.net https://*.addthisedge.com https://*.addthis.com https://*.cedexis.com https://*.facebook.net https://*.fastlylb.net https://*.adform.net https://js-agent.newrelic.com http://*.wargaming.net *.google-analytics.com www.google-analytics.com ajax.googleapis.com https://*.google.ru https://*.google.com https://*.criteo.com https://dl.metabar.ru https://*.doubleclick.net https://embedr.flickr.com https://*.fbcdn.net https://*.cloudfront.net *.googleadservices.com *.googletagmanager.com cdn-cm.gcdn.co *.worldoftanks.com https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.gcdn.co http://*.wgcdn.co https://*.wgcdn.co https://static.hypercomments.com https://*.wargaming.net http://*.wargaming.net https://*.fastlylb.net *.worldofwarships.ru *.googleapis.com 'unsafe-inline'; img-src data: * 'self';font-src data: https://*.gcdn.co http://*.wgcdn.co https://*.wgcdn.co https://*.wargaming.net http://*.wargaming.net fonts.gstatic.com https://*.adform.net https://*.fastlylb.net; frame-src https://*.wargaming.net https://static.hypercomments.com https://*.youtube.com https://*.linkedin.com https://*.cedexis.com https://*.cloudfront.net https://*.cedexis-test.com http://*.wargaming.net https://*.doubleclick.net https://*.criteo.com https://*.fbcdn.net https://player.twitch.tv https://embedr.flickr.com https://*.facebook.com https://*.addthis.com https://dl.metabar.ru https://*.hypercomments.com https://*.fastlylb.net *.googletagmanager.com https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.google.com; report-uri https://cspreport.wargaming.net/cspreport; connect-src *.criteo.com *.google-analytics.com https://*.worldofwarships.ru https://*.worldofwarships.asia wss://*.hypercomments.com https://*.hypercomments.com https://*.worldofwarships.com https://*.worldofwarships.eu www.google-analytics.com https://*.cedexis.com https://*.cloudfront.net https://embedr.flickr.com https://*.facebook.com https://*.cedexis-radar.net https://*.addthis.com https://*.fastlylb.net https://*.wargaming.net http://*.wargaming.net https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.googleapis.com 'self'; media-src https://*.wgcdn.co https://*.gcdn.co https://*.adform.net https://worldofwarships.com; object-src https://*.worldofwarships.ru 4
report-uri https://danfoss-webex-csp-prodgreen.azurewebsites.net/api/ContentSecurityPolicy/;base-uri 'none';default-src 'none';font-src 'self' https://www.sfdcstatic.com https://sfdcstatic.com https://use.typekit.net https://fonts.gstatic.com https://login.alibaba-inc.com;frame-ancestors 'self';img-src 'self' https://p.typekit.net https://i.ytimg.com https://nova.collect.igodigital.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.danfoss.com https://maps.googleapis.com https://maps.gstatic.com data: blob: https://www.facebook.com/tr about https://www.gstatic.com https://eu2.sabacloud.com https://*.googleapis.com https://dk1.siteimprove.com/ https://api.map.baidu.com https://*.bdstatic.com http://files.danfoss.com https://translate.google.com/;manifest-src 'self';frame-src https://policy.app.cookieinformation.com https://www.youtube.com https://player.youku.com https://v.qq.com https://vars.hotjar.com https://www.youtube-nocookie.com/;connect-src 'self' https://maps.googleapis.com https://*.danfoss.com https://dc.services.visualstudio.com https://in.hotjar.com https://performance.typekit.net https://siteintercept.qualtrics.com https://consent.app.cookieinformation.com/api/consent https://*.bf.dynatrace.com https://danfosswebexprodgreenapicdn.azureedge.net https://danfoss-locationapi.azurewebsites.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://use.typekit.net https://*.cookieinformation.com https://www.googletagmanager.com https://7231896.collect.igodigital.com https://*.hotjar.com https://siteimproveanalytics.com https://az416426.vo.msecnd.net https://*.pardot.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.danfoss.com https://sjs.bizographics.com https://px.ads.linkedin.com https://zn0k7rnozrtvg1fnh-danfoss.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://maps.googleapis.com https://www.connect.facebook.com/ https://api.map.baidu.com;style-src 'self' 'unsafe-inline' 'report-sample' https://use.typekit.net https://fonts.googleapis.com https://translate.googleapis.com/translate_static/css/translateelement.css; 4
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/    ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 4
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 4
default-src https: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://platform.twitter.com https://plusone.google.com https://facebook.com https://platform.twitter.com https://apis.google.com https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://use.fontawesome.com https://stats.wp.com https://s0.wp.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://secure.gravatar.com; img-src 'unsafe-inline' 'self' https://pixel.wp.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com https://wordpress.com data:; frame-src 'self' https://www.google.com; 4
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 4
default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 3
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.ru strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.ru ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.yandex.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; child-src *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru mail.ru ok.ru vk.com; report-uri https://cspreport.mail.ru/splash; 3
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 3
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=wufoocms 3
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; report-uri /report-csp-violation 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri https://c79f95068084e6225a0fe93e875f682d.report-uri.com/r/t/csp/reportOnly 3
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 3
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 3
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://pro2-view.myportfolio.com/v1/errors/csp 3
default-src * 'unsafe-inline' 'unsafe-eval' https:;  img-src * 'self' https: data: blob:;  font-src * 'self' https: data:; media-src * 'self' https: data:; script-src * https: data: 'unsafe-inline' 'unsafe-eval'; child-src * https: blob: data:; report-uri /api/sitecore/CSP/SecurityReport; 3
connect-src api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cloudfront.net ct.pinterest.com d330aiyvva2oww.cloudfront.net dvqigh9b7wa32.cloudfront.net errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com sdk.iad-01.braze.com sentry.io stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com widget.us.criteo.com www.facebook.com www.youtube-nocookie.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src alb.reddit.com app.getsentry.com ct.pinterest.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net headspace.com i.liadm.com images.contentful.com images.ctfassets.net p.adsymptotic.com privacy-policy.truste.com production-snowplow.headspace.com px.ads.linkedin.com q.quora.com static.headspace.com stats.g.doubleclick.net t.co tags.bluekai.com track.hubspot.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.nz www.google.co.uk www.google.co.za www.google.com.au www.google.com.br www.google.com.hk www.google.com.mx www.google.com.ph www.google.com.pr www.google.com.qa www.google.com.sg www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.ie www.google.it www.google.je www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.googletagmanager.com www.linkedin.com 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com static.headspace.com 'self'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=development; script-src a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com cloudfront.net connect.facebook.net d1fc8wv8zag5ca.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net d2hrivdxn8ekm8.cloudfront.net forms.hsforms.com googleads.g.doubleclick.net headspace.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src d1fc8wv8zag5ca.cloudfront.net headspace.com https://fonts.googleapis.com use.fontawesome.com 'self' 'unsafe-inline' 3
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 3
frame-ancestors 'none'; report-uri /csp_logger/; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: wss: blob: http://*.files.wordpress.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; report-uri /service/csp-report 3
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.intele.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.intele.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se data:;media-src https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.intele.com https://fonts.googleapis.com 3
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 3
default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 3
frame-ancestors 'self'; report-uri /stf/reportiframe 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.addthis.com https://*.addthisedge.com https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.hotjar.com https://*.salesforceliveagent.com https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://npmcdn.com/@turf/turf@4.6.1/turf.min.js https://rules.quantcount.com https://s.pinimg.com https://s.ytimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://service.force.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com/iframe_api https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://service.force.com https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.addthis.com https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://service.force.com https://static.criteo.net https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.addthis.com https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; connect-src 'self' https://*.addthis.com https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://in.hotjar.com https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://vc.hotjar.io https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
frame-ancestors 'self' https://www.chasepaymentechhostedpay.com;font-src 'self' https://fonts.gstatic.com  https://webfonts.zohostatic.com  https://static.ecorebates.com https://ajax.googleapis.com data:  ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com https://media.electroluxappliances.com; report-uri /CSP-report; 3
default-src 'self'; script-src 'self' 3
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 3
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://b27bc57f5ac35510ce587d23f4bd7d03.report-uri.com/r/d/csp/reportOnly 3
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 3
connect-src 'self' logx.optimizely.com *.optimizely.com *.maginfrastructure.com www.google-analytics.com capture.trackjs.com www.facebook.com stats.g.doubleclick.net *.holidayextras.co.uk serve.vdopia.com/adserver/html5/inwapads https://*.hotjar.com:* wss://*.hotjar.com https://*.hotjar.io performance.typekit.net https://ssp.lkqd.net/ad *.springserve.com vid.pubmatic.com adservice.google.com google.com/csi https://evtvpaid.bfmio.com reachms.bfmio.com/getmu ads.contextweb.com/TagPublish/getvideo.aspx s3-eu-west-1.amazonaws.com/live-climate magairportlimited.nanorep.co *.boldchat.com wss://websocket-eu.bold360.com;frame-src 'self' *.optimizely.com *.fls.doubleclick.net vars.hotjar.com www.googletagmanager.com www.facebook.com www.thetrainline.com www.google.com servedby.flashtalking.com airporttransfers.eastmidlandsairport.com ebooker.arrowprivatehire.co.uk www.rentalcars.com airporttransfers.manchesterairport.co.uk travelmoney.travelex.co.uk imasdk.googleapis.com/js/core/bridge3.274.0_en.html vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com *.maginfrastructure.com;img-src 'self' cdn.optimizely.com assets.live.web.maginfrastructure.com live-webadmin-media.s3.amazonaws.com live-mag-web-assets.s3.eu-west-1.amazonaws.com test-webadmin-media.s3.amazonaws.com s3-eu-west-1.amazonaws.com www.google-analytics.com nova.collect.igodigital.com www.facebook.com usage.trackjs.com p.typekit.net mag-retail-media-live.s3.amazonaws.com bat.bing.com pixel.quantserve.com *.g.doubleclick.net t.co www.google.com www.google.co.uk *.cpx.to *.adnxs.com *.avocet.io p.travelsmarter.net image2.pubmatic.com scontent.cdinstagram.com tag.yieldoptimizer.com idsync.rlcdc.com pixel.rubiconproject.com ad.yieldlab.net/m tag.adaraanalytics.com rtb.gumgum.com/usersync ik.imagekit.io i.ytimg.com www.google.ie www.googletagmanager.com about: data: vcc-eu2.8x8.com images-eu.boldchat.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.optimizely.com https://www.googletagmanager.com www.googletagservices.com www.google-analytics.com www.google.com cdn.trackjs.com static.hotjar.com script.hotjar.com 10959453.collect.igodigital.com/collect.js cdn3.optimizely.com connect.facebook.net tag.yieldoptimizer.com use.typekit.net inpref.s3.amazonaws.com securepubads.g.doubleclick.net platform.twitter.com *.cpx.to rules.quantcount.com static.ads-twitter.com analytics.twitter.com www.gstatic.com adservice.google.co.uk adservice.google.com secure.quantserve.com bat.bing.com *.doubleclick.net www.googleadservices.com vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com https://www.youtube.com https://s.ytimg.com *.maginfrastructure.com *.google.ie polyfill.io *.boldchat.com magairportlimited.nanorep.co;style-src 'self' 'unsafe-inline' static.tacdn.com www.surveygizmo.eu fonts.googleapis.com data:; report-uri https://webevo.report-uri.com/r/d/csp/reportOnly 3
default-src https: 'unsafe-inline' 'unsafe-eval' blob: data:; report-uri /csp-report; 3
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' https://charts3.equitystory.com https://socialcloud.bertelsmann.com https://www.youtube.com https://*.rtl.de; connect-src 'self' wss://*.bertelsmann.de https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net; report-uri https://deniol2415.nionex.net/report-uri.php 3
default-src *.cloud.mail.ru *.clob.mail.ru *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com  *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.yandex.ru *.odnoklassniki.ru odnoklassniki.ru *.ok.ru ok.ru *.scorecardresearch.com www.google-analytics.com www.googletagmanager.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com yastatic.net; img-src data: *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; font-src data: cloud.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; frame-src *.mail.ru *.datacloudmail.ru *.cldmail.ru docs.mail.ru *.officeapps.live.com *.mradx.net yastatic.net; object-src data: blob: https://*; report-uri https://cspreport.mail.ru/cloud/; worker-src blob: *.mail.ru; 3
default-src 'self'; img-src 'self' https://d300tb5wusuhi2.cloudfront.net http://abenity.s3.amazonaws.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://api.mapbox.com https://assets.abenity.com https://b.tiles.mapbox.com https://bam.nr-data.net https://chart.apis.google.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://i.ytimg.com https://img.youtube.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://syndication.twitter.com https://www.gstatic.com https://www.google-analytics.com data:; font-src 'self' https://cloud.typography.com https://fast.wistia.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; object-src 'self' https://embedwistia-a.akamaihd.net; connect-src 'self' 'unsafe-eval' https://d300tb5wusuhi2.cloudfront.net https://a.tiles.mapbox.com https://api.abenity.com https://bam.nr-data.net https://distillery.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://bam.nr-data.net https://cdn.walkme.com https://fast.wistia.com https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com blob: data:; style-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://d300tb5wusuhi2.cloudfront.net https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com; media-src 'self'  https://d300tb5wusuhi2.cloudfront.net https://embedwistia-a.akamaihd.net blob: data:;frame-src 'self'  https://abenityinc.freshdesk.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://www.google.com https://platform.twitter.com https://www.youtube.com; report-uri https://api.abenity.com/public/csp-logger.json 3
default-src 'none'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com; img-src data: blob: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; frame-ancestors 'self'; report-uri https://www.linkedin.com/lite/contentsecurity?f=ms 3
default-src 'self' 'unsafe-inline' dyrbj6mjld-flywheel.netdna-ssl.com fonts.googleapis.com googleapis.com *.doubleclick.net *.mktoresp.com hotjar.com *.googletagmanager.com *.linkedin.com *.facebook.com *.facebook.net twitter.com instagram.com *.youtube.com *.bizible.com snapapp.com vimeo.com lightwidget.com fonts.gstatic.com *.hotjar.com *.hotjar.io *.doubleclick.net *.adroll.com *.licdn.com *.airpr.com *.marketo.net *.google-analytics.com *.google.com *.casalemedia.com *.rubiconproject.com *.3lift.com *.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.advertising.com *.outbrain.com *.pubmatic.com *.taboola.com; 3
Content-Security-Policy-Report-Only: default-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ https://ajax.aspnetcdn.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://www.gstatic.com/ https://www.google-analytics.com/ https://api.flickr.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://connect.facebook.net/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://www.redditstatic.com/ https://ssl.google-analytics.com/ga.js https://ssl.google-analytics.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/; style-src 'self' data: 'unsafe-inline' https://services.postcodeanywhere.co.uk https://fonts.googleapis.com/; img-src * ; upgrade-insecure-requests; report-uri https://3chillies.report-uri.io/r/default/csp/reportonly; 3
default-src https: 'unsafe-inline' 3
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://studio.digital.vistaprint.com/csp/report/published 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 3
img-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /lytics/cspreport?api=1 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com;  3
default-src 'self'; connect-src 'self' blob: https://*.video-cdn.net; font-src 'self' https://*.video-cdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.video-cdn.net https://www.youtube.com; img-src 'self' data: https://viegade01.wt-eu02.net https://viega01.webtrekk.net https://*.video-cdn.net https://maps.gstatic.com https://*.googleapis.com; media-src 'self' https://videocdn-blob-1.akamaized.net https://videocdnvod1-vh.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.video-cdn.net https://www.youtube.com https://s.ytimg.com https://maps.googleapis.com https://e.issuu.com https://responder.wt-safetag.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net; plugin-types application/pdf 3
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' ;script-src 'self' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.google.ca *.google.com *.googleapis.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com rdc.m32.media ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com graph.facebook.com platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: ;frame-src 'self' *.firebaseapp.com/ imasdk.googleapis.com ;font-src 'self' ;connect-src 'self' *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.google-analytics.com *.google.ca *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com graph.facebook.com licensing.bitmovin.com platform-lookaside.fbsbx.com sentry.io us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca undefined ;worker-src 'self' blob: ;form-action 'self' ; 3
default-src 'self'; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 3
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws:; report-uri /csp-violation-report-endpoint/ 3
default-src 'unsafe-inline' 'unsafe-eval' 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; connect-src https: wss:; report-uri https://verivox.report-uri.com/r/d/csp/reportOnly; 3
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src blob: 'self'; script-src 'unsafe-eval' 'unsafe-inline' blob: https://*.50million.club https://*.adroll.com https://*.cloudfront.net https://*.google.com https://*.hotjar.com https://*.zoom.us https://*.zoomus.cn https://*.zopim.com https://ad.lkqd.net https://ajax.aspnetcdn.com https://apiurl.org https://appsforoffice.microsoft.com https://assets.zendesk.com https://bat.bing.com https://cdn.5bong.com https://cdn.jsdelivr.net https://cdncache-a.akamaihd.net https://code.jquery.com https://connect.facebook.net https://consent.trustarc.com https://extnetcool.com https://fp166.digitaloptout.com https://googleads.g.doubleclick.net https://intljs.rmtag.com https://pi.pardot.com https://px.ads.linkedin.com https://ruanshi2.8686c.com https://rum-static.pingdom.net https://s.dcbap.com https://s.yimg.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://secure.myshopcouponmac.com https://snap.licdn.com https://sp.analytics.yahoo.com https://srvvtrk.com https://static.zdassets.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://translate.googleapis.com https://trk.techtarget.com https://unpkg.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'self'; img-src https://* blob: data: 'self'; style-src https://* 'unsafe-inline' 'self'; font-src https://* data: 'self'; connect-src * data: 'self'; media-src * blob: 'self'; frame-src https://* ms-appx-web://* zoommtg://* zoomus://* 'self'; report-uri /csp/report 2
frame-src data: *.yandex.ru yastatic.net awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net api-maps.yandex.ru blob: mc.yandex.ru 'self' media.adrcdn.com *.kinopoisk.ru auth.kinopoisk.ru *.mds.yandex.net tickets.widget.kinopoisk.ru widget.tickets.yandex.ru  forms.yandex.ru; script-src 'unsafe-eval' ads.adfox.ru an.yandex.ru yastatic.net mc.yandex.ru 'unsafe-inline' api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz 'self' *.adfox.ru *.adfox.yandex.ru auth.kinopoisk.ru https://ott.kinopoisk.ru:3001 sso.kinopoisk.ru sso.passport.yandex.ru tickets.widget.kinopoisk.ru widget.tickets.yandex.ru  forms.yandex.ru yastat.net; style-src 'unsafe-inline' yastatic.net blob: 'self' auth.kinopoisk.ru yastat.net; img-src 'self' data: an.yandex.ru favicon.yandex.net avatars-fast.yandex.net 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru media.adrcdn.com *.adrcntr.com amc.yandex.ru avatars.mdst.yandex.net avatars.mds.yandex.net awaps.yandex.net awaps.yandex.ru rest-api.bannerstorage.yandex.net ext.captcha.yandex.net *.cdn.yandex.net mc.kinopoisk.ru st1.kp.yandex.net st2.kp.yandex.net st3.kp.yandex.net st4.kp.yandex.net st5.kp.yandex.net st6.kp.yandex.net st7.kp.yandex.net st8.kp.yandex.net st.kinopoisk.ru st.kp.yandex.net storage.mds.yandex.net ceditor.setka.io sso.kinopoisk.ru sso.passport.yandex.ru https://static-maps.yandex.ru www.tns-counter.ru ar.tns-counter.ru web-metrica.yandex.ru files.messenger.yandex.net; media-src *.yandex.net yastatic.net *.adfox.ru *.adfox.yandex.ru *.cdn.yandex.net; connect-src 'self' yastatic.net mc.yandex.ru an.yandex.ru strm.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru csp.yandex.net http-check-headers.yandex.ru jstracer.yandex.ru *.kinopoisk.ru ott-widget.yandex.ru api.passport.yandex.ru sentry.iddqd.yandex.net static-mon.yandex.net yandex.ru forms.yandex.ru files.messenger.yandex.net harley-quinn.dev-stage.ru; child-src api-maps.yandex.ru blob: mc.yandex.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; default-src 'none'; font-src 'self' *.adfox.ru *.adfox.yandex.ru yastatic.net; form-action 'self' forms.yandex.ru; object-src 'self' *.adfox.ru *.adfox.yandex.ru rest-api.bannerstorage.yandex.net betastatic.yandex.net storage.mds.yandex.net; report-uri https://csp.yandex.net/csp?from=kinopoisk; 2
object-src *.leboncoin.fr; frame-ancestors *.leboncoin.fr; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 2
block-all-mixed-content ; report-uri /csp-report 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 2
report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://reveal.clearbit.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://api.amplitude.com https://widget.intercom.io https://js.intercomcdn.com https://logs-01.loggly.com https://cdn.segment.com https://checkout.stripe.com https://embed.typeform.com https://platform.twitter.com https://cdn.syndication.twimg.com; connect-src 'self' https://msgstore.www.notion.so wss://msgstore.www.notion.so https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots.s3.us-west-2.amazonaws.com https://api.amplitude.com https://api.embed.ly https://js.intercomcdn.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://logs-01.loggly.com https://api.segment.io https://checkout.stripe.com https://api.unsplash.com; font-src 'self' data: https://cdnjs.cloudflare.com https://js.intercomcdn.com; img-src 'self' data: blob: https: http: https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://platform.twitter.com https://ton.twimg.com; frame-src https: http:; media-src https: http: 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors https://*.rte.ie https://*.rtegroup.ie; report-uri https://rtedotie.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://*.idc.com https://*.insideidc.com; script-src about: 'unsafe-inline' 'unsafe-eval' 'self' https://*.idc.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.gstatic.cn https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.youtube.com https://*.ytimg.com https://*.insideidc.com https://d1f8f9xcsvx3ha.cloudfront.net https://platform.twitter.com https://cdn.syndication.twimg.com https://*.hotjar.com https://*.addevent.com https://addthisevent.com https://*.wootric.com https://munchkin.marketo.net https://*.recaptcha.net https://consent.trustarc.com https://consent.truste.com; img-src data: blob: https: https://*.google-analytics.com https://stats.g.doubleclick.net; style-src 'unsafe-inline' 'self' https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net https://platform.twitter.com; frame-src https: 'self' https://*.idc.com https://*.insideidc.com https://*.youtube.com https://*.idc-cema.com https://*.googleapis.com https://*.gstatic.com https://*.brainshark.com https://*.vimeo.com https://*.qq.com https://*.knowledgevision.com; font-src https: 'self' data: https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net; connect-src 'self' https://*.idc.com https://*.insideidc.com https://*.onfastspring.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.wootric.com https://wootric-eligibility.herokuapp.com https://081-atc-910.mktoresp.com; report-uri https://idcqa.report-uri.com/r/default/csp/reportOnly; 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; report-uri https://www.argos.co.uk/logging-api/2/security 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=cmscache 2
connect-src 'self' *.ee.co.uk ee.co.uk *.kaspersky-labs.com ee-outage.s3.amazonaws.com everythingeverywhere.tt.omtrdc.net *.google-analytics.com *.doubleclick.net *.google.com *.online-metrix.net https://*.lpsnmedia.net *.demdex.net *.criteo.net *.criteo.com ee-tagging.s3.amazonaws.com *.liveperson.net *.tt.omtrdc.net *.tags.tiqcdn.com t.co https://*.facebook.com https://*.facebook.net http://bat.bing.com https://ee-dtp-static.s3.amazonaws.com *.twitter.com *.reevoo.com *.ads-twitter.com http://static.queue-it.net https://*.gstatic.com http://*.googleadservices.com https://api.opmnstr.com https://a.optmnstr.com https://track.uniqodo.com;default-src 'self' ee.co.uk *.ee.co.uk https://*.gstatic.com https://*.lpsnmedia.net;frame-src 'self' *.ee.co.uk ee.co.uk http://dis.eu.criteo.com *.doubleclick.net https://*.lpsnmedia.net *.demdex.net *.criteo.net *.criteo.com *.google.com *.similartech.com https://s3.amazonaws.com https://*.facebook.com https://*.facebook.net;img-src 'self' *.ee.co.uk ee.co.uk *.google.com http://bat.bing.com t.co https://ee-tagging.s3.amazonaws.com http://pixel.quantserve.com *.google-analytics.com *.doubleclick.net https://*.facebook.com https://beacon.krxd.net *.kaspersky-labs.com *.online-metrix.net *.reevoo.com *.criteo.net *.criteo.com *.demdex.net https://ee-dtp-static.s3.amazonaws.com http://ee-tagging.s3.amazonaws.com https://www.googletagmanager.com *.google.com https://*.gstatic.com https://*.online-metrix.net http://ee-redspot-devices-prod.s3-website-eu-west-1.amazonaws.com https://*.lpsnmedia.net https://*.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ee.co.uk ee.co.uk *.doubleclick.net http://track.uniqodo.com *.criteo.net *.criteo.com *.tt.omtrdc.net https://*.facebook.net *.liveperson.net *.tags.tiqcdn.com ee-tagging.s3.amazonaws.com https://ee-dtp-static.s3.amazonaws.com *.twitter.com http://bat.bing.com *.demdex.net https://*.cloudfront.net http://www.googleadservices.com *.quantserve.com *.google-analytics.com *.reevoo.com *.liveperson.net *.lpsnmedia.net static.ads-twitter.com static.queue-it.net eeuk.queueit.net *.google.com https://*.gstatic.com *.ads-twitter.com https://*.googleapis.com https://s3.amazonaws.com https://www.googletagmanager.com *.similartech.com http://bat.bing.com https://api.opmnstr.com https://a.optmnstr.com https://track.uniqodo.com;style-src 'self' 'unsafe-inline' *.ee.co.uk ee.co.uk *.reevoo.com ee-tagging.s3.amazonaws.com *.kaspersky-labs.com https://*.googleapis.com *.similartech.com;  report-uri https://1720a10za5.execute-api.eu-west-1.amazonaws.com/csp 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' cdn.ravenjs.com connect.facebook.net www.googletagmanager.com www.google-analytics.com js.driftt.com js.hs-scripts.com js.hs-analytics.net forms.hsforms.com js.hsforms.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; connect-src 'self' sentry.io reload.getsentry.net api.amplitude.com https://*.optimizely.com; img-src 'self' data: sentry-brand.storage.googleapis.com sentry-blog.storage.googleapis.com sentryio-assets.storage.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com track.hubspot.com forms.hsforms.com forms.hubspot.com https://app.optimizely.com https://cdn.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src 'self' js.driftt.com player.vimeo.com https://a14597610036.cdn.optimizely.com forms.hsforms.com www.youtube-nocookie.com; media-src sentryio-assets.storage.googleapis.com; report-uri https://sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2
default-src 'self' *.kinstacdn.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.typekit.net; script-src 'self' 'unsafe-inline' *; form-action 'self' *.kinstacdn.com; frame-ancestors 'self' *.kinstacdn.com; style-src 'self' *.kinstacdn.com; img-src 'self' *.kinstacdn.com *; connect-src 'self' *; font-src 'self' use.typekit.net; frame-src 'self' *.youtube.com; report-uri https://drift.report-uri.com/r/d/csp/reportOnly 2
default-src 'none' ; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com https://*.247-inc.net https://*.adobedtm.com https://*.sc.omtrdc.net https://www.google-analytics.com https://ajax.googleapis.com https://searspartsdirect.btttag.com https://tags.tiqcdn.com https://static.criteo.net https://px.owneriq.net https://*.go-mpulse.net https://resources.xg4ken.com https://bat.bing.com https://*.criteo.com https://connect.facebook.net https://secure.quantserve.com https://www.googleadservices.com https://st1.dialogtech.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.bounceexchange.com https://apps.bazaarvoice.com; style-src https: 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com; font-src 'self' data: https://fonts.gstatic.com; connect-src https: 'self' https://*.ch3.s.com https://*.searspartsdirect.io https://searspartsdirectapis.com https://*.247-inc.net; child-src https: 'self' https://armadillo.xyz https://www.searshomeservices.com https://*.247-inc.net https://youtube.com https://assets.bounceexchange.com https://px.owneriq.net https://d.btttag.com; object-src 'self'; worker-src 'self' blob:; manifest-src 'self'; img-src https: data:; frame-ancestors 'self'; report-uri https://31a2c7fb54d38ca48f49546888bdc42f.report-uri.com/r/d/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 2
default-src * data: blob: https: 'unsafe-inline' 'self'; script-src 'self' data: blob: *.preply.com https://preply.com https://preply.refersion.com https://www.googleadservices.com https://app.link https://*.sumome.com https://*.inspectlet.com https://*.visualwebsiteoptimizer.com https://www.gstatic.com https://unpkg.com https://*.doubleclick.net https://*.braintreegateway.com https://*.braintree-api.com https://*.sumo.com https://*.branch.io https://*.google.com https://*.pushwoosh.com https://*.nr-data.net https://*.bing.com https://*.opentok.com https://*.hotjar.com https://*.newrelic.com https://*.facebook.net https://www.googletagmanager.com https://*.google-analytics.com https://*.elev.io https://*.intercomcdn.com https://*.intercom.io https://*.taboola.com https://*.stripe.com https://*.googleapis.com https://*.ampproject.org https://*.googlesyndication.com https://*.agora.io https://*.jsdelivr.net https://*.appcast.io 'unsafe-eval' 'unsafe-inline'; report-uri https://sentry.preply.org/api/48/security/?sentry_key=f9d940af8b044614932c632dd13ccad6&sentry_environment=production&sentry_release=apollo-2019-12-06-16-00 2
default-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com; script-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com 'unsafe-inline' 'unsafe-eval' data: http://www.googleadservices.com https://static.ads-twitter.com http://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.linkedin.com https://analytics.twitter.com https://px.ads.linkedin.com https://maps.googleapis.com https://platform.twitter.com https://cdn.checkout.com https://static-resource.com https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.checkout.com; font-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com 'unsafe-inline' chrome-extension self data: http://fonts.gstatic.com https://fonts.gstatic.com https://js.intercomcdn.com https://github.com/google/fonts; style-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com; img-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com 'unsafe-inline' self data: android-webview-video-poster https://www.google.ch https://www.google.com https://www.google.fr https://www.google.it https://www.google.be https://www.google.nl https://www.google.ca https://www.google.gr https://www.google.de https://www.google.com.co https://www.google.co.in https://www.google.co.il https://www.google.co.uk https://www.google.tn https://www.google.am https://www.google.dz https://www.google.pt https://www.google.cg https://www.google.lu https://www.google.ie https://www.google.es https://www.google.pt https://www.google.cm https://www.google.jo https://www.google.ae https://www.google.sn https://www.google.cl https://www.google.dk https://www.google.mu https://www.google.ru https://www.google.pl https://www.google.ro https://www.google.co.id https://www.google.com.br https://www.google.com.gt https://www.google.com.ec https://www.google.com.eg https://www.google.com.pe https://www.google.com.cu https://www.google.com.do https://www.google.com.ar https://www.google.com.hk https://www.google.com.lb https://www.google.com.au https://www.google.com.kh https://www.google.com.ph https://www.google.com.mm https://www.google.com.mx https://www.google.com.sg https://www.google.com.ua https://www.google.com.tr https://www.google.co.za https://www.google.co.kr https://www.google.co.th https://www.google.com.vn https://www.google-analytics.com http://www.google-analytics.com https://www.google.co.ma https://www.gstatic.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.ads.linkedin.com https://res.cloudinary.com https://maps.googleapis.com https://t.co https://maps.gstatic.com https://www.facebook.com https://www.googletagmanager.com https://api.checkout.com https://i.ytimg.com; object-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com https://vjs.zencdn.net; connect-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com https://sessions.bugsnag.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://px.ads.linkedin.com https://www.linkedin.com https://api2.checkout.com https://sandbox.checkout.com; child-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com https://www.google.com https://www.facebook.com https://www.youtube.com https://api2.checkout.com https://sandbox.checkout.com https://acs.swisscard.ch https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com https://natixispaymentsolutions.wlp-acs.com https://3dsec.postfinance.ch https://acs2-3dsecure.creditmutuel.fr https://belgium-uvp-3dsecure.wlp-acs.com https://bnpp-3ds.wlp-acs.com https://3dsec.cardcenter.ch; frame-src https://*.infomaniak.com http://*.infomaniak.ch:* ws://*.infomaniak.ch:* ws://*.infomaniak.com:* https://*.infomaniak.ch http://*.infomaniak.com https://*.infomaniak.com https://www.google.com https://www.facebook.com https://www.youtube.com https://api2.checkout.com https://sandbox.checkout.com https://acs.swisscard.ch https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com https://natixispaymentsolutions.wlp-acs.com https://3dsec.postfinance.ch https://acs2-3dsecure.creditmutuel.fr https://belgium-uvp-3dsecure.wlp-acs.com https://bnpp-3ds.wlp-acs.com https://3dsec.cardcenter.ch; report-uri /api/csp-report; 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com fonts.gstatic.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;frame-ancestors 'none';report-uri /csp/report 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::PROD_FLOATING_v2 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
script-src  'self' 'unsafe-inline' 'unsafe-eval' *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:*; frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com; base-uri https:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;object-src 'self';font-src 'self' data: *.wellsfargo.com *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com:*;report-uri /reporting/csp.htm;frame-ancestors 'self' *.wellsfargoadvisors.com *.wfafinet.com *.wellsfargoclearingservicesllc.com *.wellsfargo.com *.fccaccessonline.com *.wellsfargomedia.com *.wellsfargo:* *.mworld.com *.wellsfargo.net *.markitondemand.com *.wellsfargo.wallst.com *.go.onestop.wf.com 2
default-src 'unsafe-inline' * 'unsafe-eval' data: https:; img-src 'unsafe-inline' data: mediastream: blob: * android-webview-video-poster:; font-src 'unsafe-inline' * 'unsafe-eval' data:; form-action https:; report-uri https://sagvhts6ostb5kz5guxaxuzi.httpschecker.net/report 2
default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com checkout.stripe.com cdn.plaid.com maps.googleapis.com cdn.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-zHMpQJiR6TH7azasrorKkYptGQpPYMAnG6JSoBRbZtw=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc='; style-src track.easypost.com 'unsafe-inline' assets.easypost.com www.gstatic.com; img-src track.easypost.com assets.easypost.com assets.track.easypost.com ec.walkme.com cdn.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net www.google-analytics.com www.gstatic.com q.stripe.com brand.easypostpartnercontent.com www.googletagmanager.com ssl.google-analytics.com data: easypost.zendesk.com; font-src assets.easypost.com track.easypost.com fonts.gstatic.com data:; connect-src https://www.google.com track.easypost.com www.easypost.com www-canary.easypost.com usps.easypost.com usps.easypost.com checkout.stripe.com www.google-analytics.com boards-api.greenhouse.io; worker-src assets.easypost.com blob: www.gstatic.com www.google.com; frame-src assets.track.easypost hire.withgoogle.com cdn.plaid.com cdn.walkme.com checkout.stripe.com track.easypost.com www.googletagmanager.com www.google.com www.youtube.com; report-uri https://sentry.io/api/1431584/security/?sentry_key=c94f0945b0d34659b3df102773f484d9 2
default-src  https://*.kucoin.com  https://*.kcs.top  https://*.kumex.com  https://*.kumex.top  https://*.pool-x.io  https://*.googleapis.com  https://*.kcsfile.com  https://*.recaptcha.net  https://*.alicdn.com  https://*.google-analytics.com  https://*.gstatic.cn  https://*.gstatic.com  https://*.doubleclick.net  https://*.kcs.top:4443  https://*.growingio.com  https://*.giocdn.com  data:  ws:  wss:  eval:  inline:  'unsafe-eval'  'unsafe-inline'  https://hm.baidu.com  https://*.leancloud.cn  https://*.lncld.net  https://*.geetest.com  https://*.youtube.com  https://*.tradingview.com;  font-src  http:  https:  data:;  img-src  http:  https:  data:  blob:;  frame-ancestors  'self'  https://www.growingio.com;  report-uri  https://sentry.kucoin.com/api/4/security/?sentry_key=24025117382843a3adbbd8a8cb5dc2fc 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2
default-src 'self' https:; font-src 'self' https: data:; frame-ancestors 'none'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /loadnocache/csp-report 2
default-src 'self'; img-src blob: data: 'self' apintego.com app.nav.com dxkdvuv3hanyu.cloudfront.net firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com *.clover.com images.contentful.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.co.uk www.google.co.in www.google.co.id www.google.ie www.googletagmanager.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.online-metrix.net *.perka.com t.powerreviews.com *.rfihub.com *.t.eloqua.com track.hubspot.com api.swiftype.com pixel.quantserve.com play.vidyard.com cdn.vidyard.com; style-src 'self' 'unsafe-inline' devportal.uksouth.cloudapp.azure.com devjb.uksouth.cloudapp.azure.com sitjustbe.uksouth.cloudapp.azure.com preprodjustbe.uksouth.cloudapp.azure.com jbmpsandbox.azurewebsites.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com just.be sandbox.just.be *.natwest-tyl.com *.usetyl.com ui.powerreviews.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com use.fontawesome.com js.intercomcdn.com; media-src videos.ctfassets.net js.intercomcdn.com gateway.zscloud.net cdn.vidyard.com; object-src h.online-metrix.net vd.vidoplay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com apps.mypurecloud.com googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.youtube.com *.ytimg.com www.googleadservices.com www.google-analytics.com maps.googleapis.com tagmanager.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com secure.adnxs.com *.greenhouse.io www.gstatic.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com ui.powerreviews.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com secure.quantserve.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com play.vidyard.com apps.mypurecloud.com img.en25.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com apps.mypurecloud.com googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.youtube.com *.ytimg.com www.googleadservices.com www.google-analytics.com maps.googleapis.com tagmanager.google.com www.google.com www.googletagmanager.com tracker.gaconnector.com secure.adnxs.com *.greenhouse.io www.gstatic.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com ui.powerreviews.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com secure.quantserve.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com play.vidyard.com apps.mypurecloud.com img.en25.com; connect-src 'self' *.clover.com wss://*.clover.com *.contentful.com *.tt.omtrdc.net oamportal.fdvs.com h.online-metrix.net www.google-analytics.com *.donorschoose.org storage.googleapis.com *.greenhouse.io heapanalytics.com in.hotjar.com vc.hotjar.io *.intercom.io wss://*.intercom.io *.optimizely.com *.perka.com *.powerreviews.com sentry.io api.swiftype.com collection.sperse.io www.facebook.com stats.g.doubleclick.net; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com *.lendingfront.com bid.g.doubleclick.net *.fls.doubleclick.net docs.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com *.ytimg.com www.youtube.com www.facebook.com play.vidyard.com; frame-ancestors devportal.uksouth.cloudapp.azure.com devjb.uksouth.cloudapp.azure.com sitjustbe.uksouth.cloudapp.azure.com preprodjustbe.uksouth.cloudapp.azure.com jbmpsandbox.azurewebsites.net *.clover.com just.be sandbox.just.be *.natwest-tyl.com *.usetyl.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 2
report-uri https://virtualglobetrotting.com/report/ESGA4-ZKPPH-CRQZS-M8LQ7-ZVYEQ; report-to default; default-src 'self' *.vgtstatic.com; frame-src 'self' *.doubleclick.net *.google.com; script-src 'unsafe-inline' 'self' *.vgtstatic.com *.go-mpulse.net *.google-analytics.com *.googlesyndication.com *.google.com *.google.co.uk *.googletagservices.com *.cloudflare.com; style-src 'unsafe-inline' 'self' *.vgtstatic.com; font-src 'self' *.vgtstatic.com data: *.gstatic.com; img-src 'self' *.vgtstatic.com *.google-analytics.com data: *.doubleclick.net *.googlesyndication.com *.googleapis.com *.moatads.com; connect-src 'self' *.vgtstatic.com *.go-mpulse.net *.akstat.io fast-stats.io *.akamaihd.net *.google-analytics.com *.doubleclick.net *.gstatic.com 2
default-src 'none'; base-uri 'self'; connect-src 'self' ; font-src 'self'; form-action 'self' ; frame-ancestors 'self'; frame-src 'self' ; img-src 'self' analytics.openpetition.de data: ; script-src 'self' 'unsafe-inline' analytics.openpetition.de ; style-src 'self' 'unsafe-inline' ; upgrade-insecure-requests; report-uri /report 2
frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.przegladsportowy.pl::PsInfo_1_11_0_FLOATING 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.db.no/csp 2
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com *.nr-data.net wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com sentry.io app.getsentry.com api.unsplash.com risk.clearbit.com; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com; manifest-src assets.sutori.com; report-uri https://sutori.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.krxd.net/ https://*.doubleclick.net/ https://www.redditstatic.com/ https://alb.reddit.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://vc.hotjar.io/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com https://jslog.krxd.net/ https://beacon.krxd.net https://www.redditstatic.com/ https://alb.reddit.com/ ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://*.doubleclick.net/ https://*.krxd.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod 2
default-src 'self' 'unsafe-inline' *.mmadrid.net *.evonik.com *.analytics.edgekey.net *.twimg.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com www.youtube-nocookie.com www.gstatic.com www.google.com videocdnvod1-vh.akamaihd.net *.video-cdn.net licensing.bitmovin.com *.equitystory.com *.oracleinfinity.io www.youtube.com *.video-cdn.net data: blob: ;frame-src 'self' 'unsafe-inline' blob: *.equitystory.com service.sepuran.com *.facebook.com *.facebook.net *.mmadrid.net threatpulse.net; style-src-attr 'self' 'unsafe-inline' ;style-src 'self'; report-uri https://csp.intranet.evonik.com/csp-report.php 2
default-src 'self' data: https: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' data: https: blob:; img-src 'self' data: https:; font-src 'self' data: https:; worker-src * blob:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; report-uri https://huffintl.report-uri.com/r/d/csp/reportOnly 2
report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset: 2
default-src https: 'unsafe-inline'; img-src https: 'self' data:; report-uri https://keepcalms.report-uri.com/r/d/csp/wizard 2
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' *.favorengineering.com *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' cdn.siftscience.com js.stripe.com maps.googleapis.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard 2
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/reportOnly 2
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 2
default-src 'self'; child-src https://www.youtube-nocookie.com https://*.twitter.com; connect-src 'self' https://*.qmee.com https://*.qmree.com wss://*.qmee.com wss://*.qmree.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://d1s51etp8bktk6.cloudfront.net; frame-ancestors https://*.qmee.com; frame-src https://www.youtube-nocookie.com https://*.twitter.com https://*.facebook.com https://tpc.googlesyndication.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.gstatic.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com https://www.google.co.uk https://translate.googleapis.com https://translate.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ajax.googleapis.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://bam.nr-data.net https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://tpc.googlesyndication.com https://d3t2iypqerjd0u.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.twitter.com https://www.gstatic.com https://translate.googleapis.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; report-uri https://csp-report.qmee.com/csp_report_violations 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline' *.gstatic.com static.cloud.coveo.com fonts.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com stats.g.doubleclick.net siteimproveanalytics.com *.siteimproveanalytics.io static.hubbardone.com ajax.googleapis.com *.siteimprove.com 2
default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; report-uri https://sentry.alboweb.nl/api/90/csp-report/?sentry_key=50677694228d4eb4befdcf33b750247d; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 2
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8001 http://localhost:8001 https://*.youtube.com https://cdn.jsdelivr.net https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://*.newrelic.com http://*.sumome.com/ sumo.b-cdn.net https://secure-ds.serving-sys.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' sumo.b-cdn.net https://cdn.jsdelivr.net https://use.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com; img-src * data:; report-uri https://cd36466f21f5db895967ac9cb87c0cb5.report-uri.com/r/d/csp/reportOnly 2
default-src 'none';  img-src 'self' data: blob: googleads.g.doubleclick.net  www.google.com  www.google-analytics.com  www.googletagmanager.com stats.g.doubleclick.net bat.bing.com www.google.nl www.facebook.com *.fih.io ; script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net www.googleadservices.com ssl.google-analytics.com www.google-analytics.com www.google.com www.google.nl www.gstatic.com fullstory.com cdn.ravenjs.com www.googletagmanager.com cdn.polyfill.io js.sentry-cdn.com browser.sentry-cdn.com bat.bing.com connect.facebook.net js-agent.newrelic.com bam.nr-data.net *.mapbox.com  *.fih.io ; style-src 'self' 'unsafe-inline' *.mapbox.com; object-src 'none'; worker-src blob:; font-src 'self' static.prd.eu.daedalus.fih.io static.tst.eu.daedalus.fih.io data:; connect-src 'self' stats.g.doubleclick.net  www.google-analytics.com  rs.fullstory.com  *.algolia.net  *.algolianet.com  *.algolia.io  sentry.io  wss://*.fih.io *.mapbox.com *.fih.io ; manifest-src 'self'; frame-src 'self' bid.g.doubleclick.net  www.google.com  *.doubleclick.net ; frame-ancestors 'none'; report-uri https://findhotel.report-uri.com/r/d/csp/wizard; 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.homepointfinanical.com https://cdnjs.cloudflare.com https://*.mortgageloan.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://stats.g.doubleclick.net https://www.gravatar.com https://*.umbraco.org https://pixel-a.basis.net https://pixel.sitescout.com https://snazzymaps.com https://*.podium.com; report-uri https://hpfc.report-uri.com/r/d/csp/reportOnly 2
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 2
default-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-inline' data: https: wss:;font-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com akamai.com cloudinary.com res.cloudinary.com data: https:;img-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com akamai.com cloudinary.com res.cloudinary.com data: https:;media-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com vimeo.com data: https:;script-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https:;style-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-inline' https:; report-uri /csp-violations; 2
default-src 'self' https:; child-src 'self' https: https://cdn.ampproject.org; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://www.googletagservices.com https://cdn.doubleverify.com; style-src 'self' https: 'unsafe-inline'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=76103b58&report_only=true&env=production 2
default-src 'self'; style-src 'self' 'unsafe-inline' ws1.postescanada-canadapost.ca tpc.googlesyndication.com creator.zmags.com fonts.googleapis.com cdn1.lavieenrose.com cdn1.bikinivillage.com snapwidget.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.zopim.com static.hotjar.com script.hotjar.com *.rfihub.net *.rfihub.com cdn.districtm.ca secure.adnxs.com libs.na.bambora.com *.postescanada-canadapost.ca amik.postaffiliatepro.com snapwidget.com cdn1.lavieenrose.com cdn1.bikinivillage.com s7.addthis.com m.addthisedge.com m.addthis.com maps.googleapis.com creator.zmags.com c.zmags.com www.google-analytics.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com d.impactradius-event.com www.googletagmanager.com pixel.adacado.com js-agent.newrelic.com bam.nr-data.net secure.quantserve.com rules.quantcount.com; font-src data: 'self' *.zopim.com fonts.gstatic.com cdn1.lavieenrose.com cdn1.bikinivillage.com; img-src data: 'self' www.google.nl www.google.fr www.google.com www.google.ca www.google-analytics.com www.gstatic.com gstatic.com maps.gstatic.com www.googltagmanager.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net dmx.districtm.ca secure.adnxs.com cdn.na.bambora.com www.addthis.com m.addthis.com *.zopim.com *.zopim.io creator.zmags.com c.zmags.com ws1.postescanada-canadapost.ca *.bikinivillage.com *.lavieenrose.com connect.facebook.net www.facebook.com static.hotjar.com script.hotjar.com vars.hotjar.com insights.hotjar.com pixel.quantserve.com; frame-src 'self' 'unsafe-eval' *.rfihub.com vars.hotjar.com libs.na.bambora.com *.lavieenrose.com gsa://onpageload *.doubleclick.net player.vimeo.com connect.facebook.net snapwidget.com www.facebook.com s7.addthis.com bid.g.doubleclick.net; connect-src 'self' wss://*.zopim.com insights.hotjar.com wss://*.hotjar.com www.google.com www.google.ca *.zopim.com ws1.postescanada-canadapost.ca *.zmags.com stats.g.doubleclick.net s7.addthis.com m.addthis.com www.google-analytics.com; media-src 'self' *.zopim.com; report-uri /csp-report; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp.archant.co.uk/report 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com; img-src 'self' https: ; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com; media-src 'self'; object-src 'self'; frame-src 'self' https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://help.cybonline.co.uk https://www.youtube.com https://widgets.businessloans.cbonline.co.uk https://bid.g.doubleclick.net https://www.google.com; frame-ancestors 'self' https://secure.cbonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2
default-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri https://ramsalt.report-uri.io/r/default/csp/reportOnly 2
script-src *.paychex.com:* *.paychexinc.com:* cdnjs.cloudflare.com unpkg.com:* kendo.cdn.telerik.com https://www.google-analytics.com https://www.googletagmanager.com *.pendo.io:* https://*.storage.googleapis.com ajax.googleapis.com fast.wistia.com https://fast.wistia.net *.uservoice.com:* 'unsafe-inline' 'unsafe-eval' data:; connect-src *.paychex.com:* *.paychexinc.com:* https://www.google-analytics.com *.pendo.io:* https://www.betachex.com wss://directline.botframework.com https://directline.botframework.com https://cdnjs.cloudflare.com https://api.ipify.org https://whois.arin.net https://www.cloudflarestatus.com *.search.windows.net https://*.wistia.com; frame-src *.paychex.com:* https://fast.wistia.net https://fast.wistia.com; font-src *.paychex.com:* *.paychexinc.com:* data:; worker-src *.paychex.com:* *.paychexinc.com:* data: blob:; img-src *.paychex.com:* *.paychexinc.com:* https://www.google-analytics.com *.pendo.io https://fast.wistia.net https://*.storage.googleapis.com https://storage.googleapis.com http://www.googletagmanager.com https://www.betachex.com data: blob:; style-src *.paychex.com:* *.paychexinc.com:* data: 'unsafe-inline' https://*.storage.googleapis.com *.pendo.io:* *.uservoice.com:*; report-uri https://myapps.paychex.com/telemetry-rem/csp 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com code.jquery.com ajax.googleapis.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com storage.googleapis.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com maps.googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net snap.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com translate.googleapis.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; font-src 'self' data: use.typekit.net *.typekit.net fonts.gstatic.com fonts.googleapis.com storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io www.google-analytics.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.google.fi www.google.dk maps.googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com translate.google.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com tagmanager.google.com ssl.gstatic.com translate.googleapis.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com commondatastorage.googleapis.com i.ytimg.com dl.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com performance.typekit.net api.siteattention.com www.google-analytics.com stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com tagmanager.google.com restdev.siteattention.com *.mktoresp.com events.mapbox.com wss://www.upm.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com dl.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com player.youku.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tagmanager.google.com tools.eurolandir.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; report-uri https://upmdcrep.report-uri.com/r/d/csp/reportOnly 2
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; font-src https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com; report-uri https://jenoptik.report-uri.io/r/default/csp/reportOnly 2
report-uri https://www.netigate.net/wp-json/reporting-api/v1/reporting; report-to default 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src 'self' https://*.googlesyndication.com https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.es https://cdn.ampproject.org http://platform.twitter.com https://*.googlesyndication.com https://cdn.curator.io https://www.googleadservices.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://lib.selfcampaign.com https://securepubads.g.doubleclick.net https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://cdnjs.cloudflare.com https://api.mapbox.com; img-src 'self' https://www.commercialmotor.com https://www.google.com https://www.google.co.uk https://www.google.es https://*.googlesyndication.com data: https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://lib.selfcampaign.com https://c1.adform.net https://match.adsrvr.org https://track2.selfcampaign.com https://track.selfcampaign.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.googlesyndication.com/ https://delivery.selfcampaign.com https://platform.twitter.com; connect-src 'self' https://*.g.doubleclick.net https://*.gstatic.com https://*.curator.io https://api.mapbox.com; report-uri https://rtmcommercialmotors.report-uri.com/a/d/g; upgrade-insecure-requests 2
child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com 2
default-src https:; img-src 'self'; require-sri-for script style 2
default-src https: data: webviewprogressproxy: gsa: 'unsafe-inline'; report-uri https://6lt9e3u0nd.execute-api.ap-northeast-1.amazonaws.com/prod/cspToSlack 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 2
default-src 'self' https://www.google-analytics.com; child-src 'self';  object-src 'self' blob; style-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src 'self' 'blob' 'unsafe-eval' 'unsafe-inline' *; manifest-src 'self'; form-action 'self'; block-all-mixed-content; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://connect.facebook.net https://api.instagram.com https://maps.googleapis.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://scontent.cdninstagram.com https://maps.gstatic.com https://csi.gstatic.com  https://maps.googleapis.com https://bat.bing.com data:; object-src https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net; frame-src https://www.google.com https://www.facebook.com https://disqus.com https://www.youtube.com  https://www.youtube-nocookie.com https://moneybird.clickwebinar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 2
default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://*.ytimg.com *.db-app.de https://www.google.com *.googleapis.com *.google.com integration.hotelmap.com googleads.g.doubleclick.net https://www.hotelmap.com https://hotelmap.com https://www.googleadservices.com *.facebook.net https://walls.io https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com; style-src 'self' data: 'unsafe-inline' fast.fonts.net hotelmap.com https://translate.googleapis.com; img-src 'self' data: reedexpo-service.com *.db-app.de *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com https://*.ytimg.com https://www.google.de https://www.google.com https://www.google.at stats.g.doubleclick.net *.cloudfront.net integration.hotelmap.com hotelmap.com i.travelapi.com https://www.hotelmap.com foto.hrsstatic.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com stats.g.doubleclick.net *.googleapis.com connect.facebook.net https://www.facebook.com; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com https://www.google.com reedexpo-service.com *.google.com https://www.hotelmap.com https://www.googletagmanager.com https://walls.io https://www.facebook.com https://rxosc.messe.at; frame-ancestors 'self' data:; report-uri https://www.fibo.com/?ajax=csp:log 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' https://*; style-src 'self' 'unsafe-inline' https://*; img-src * 'self' https://*; font-src * 'self' https://*; connect-src https://*; frame-src https://* 2
default-src https:; script-src 'unsafe-inline'; style-src 'unsafe-inline';  2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.hyperborea.org/collect-report.php 2
report-uri /api/reportCspViolation; font-src https: data:;default-src https: 'unsafe-inline' 'unsafe-eval'; media-src * blob: ; worker-src * blob: ; img-src https://* data: http://blog.invisionapp.com; frame-src https://* about: javascript: 2
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 2
default-src 'self' 'unsafe-inline'; report-uri /report-uri; script-src https://js.usemessages.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.11.0/highlight.min.js https://api.usemessages.com https://js.hsleadflows.net https://js.hs-scripts.com https://www.gstatic.com https://www.google.com http://www.googletagmanager.com http://www.google-analytics.com/analytics.js http://js.hs-analytics.net 'unsafe-inline' 'self'; font-src https://www.google-analytics.com/ data: 'unsafe-inline' 'self'; style-src https://cloud.typography.com/6200656/6066812/css/fonts.css http://hello.myfonts.net https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/dracula.min.css 'unsafe-inline' 'self'; img-src https://i.giphy.com/ https://www.google-analytics.com/ https://onenorth.blob.core.windows.net https://onenorthpr.blob.core.windows.net https://tempmigration.blob.core.windows.net https://onenorthtest.blob.core.windows.net 'self' http://track.hubspot.com; media-src http://track.hubspot.com data:; frame-src https://www.google.com https://www.youtube.com/; connect-src https://api.hubspot.com https://forms.hubspot.com 'self' 2
default-src 'none'; connect-src https:; font-src https: data:; frame-src https://diswlogin.siemens.com https://*.sw.siemens.com https://www.youtube.com https://*.google.com https://www.youtube.com https://video.mentor.com https://*.mentor.com https://*.ias.plm.automation.siemens.com https://www.pads.com https://*.auth0.com https://*.addthis.com https://www.linkedin.com https://*.g.doubleclick.net; img-src https: data:; media-src https://videos.mentor-cdn.com; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; manifest-src 'self'; report-uri https://csp.mentor-apis.com/Prod/report 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://d2c6576l3ahahs.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://d2c6576l3ahahs.cloudfront.net https://*.googleapis.com; img-src 'self' https://d2c6576l3ahahs.cloudfront.net https://s3-eu-west-1.amazonaws.com/thehutgroup-uploads-test/ https://*.doubleclick.net https://www.facebook.com https://*.google-analytics.com; connect-src 'self' https://*.doubleclick.net https://www.facebook.com; font-src https://d2c6576l3ahahs.cloudfront.net https://fonts.gstatic.com; media-src https://fpdl.vimeocdn.com https://player.vimeo.com; report-uri https://csp.thehut.net/thg; form-action 'self' https://www.facebook.com; frame-src https://www.facebook.com https://www.google.com 2
default-src 'self';style-src 'unsafe-inline' *;frame-src 'self' c https://s.newsportalssl1.top https://tzbox2.xyz https://*.tzbox2.xyz https://c.datpix.net https://huffson.com https://huffson-delivery.com https://cdn.huffson-delivery.com https://hgbn.network https://cdn7.network https://fast-hunter.com *.addthis.com https://*.promokrot.com https://promokrot.com https://www.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.yadro.ru https://yadro.ru https://yandex.ru https://*.yandex.ru http://xxx-hunt-m.com https://xxx-hunt-m.com https://banalyze.net http://bodyclick.net https://bodyclick.net https://clcktms.ru http://xxx-hunt-m.com https://xxx-hunt-m.com http://ejywtxa2agahkqt.ru https://ejywtxa2agahkqt.ru https://efbvrlg6dnjyllx.ru http://fbbamvq2fdinvtx.ru https://fbbamvq2fdinvtx.ru https://hmqzhs0csdealn.ru https://ekkhgwp5atpuxdq.ru https://adultadv.ru/ http://pftfk.com https://pftfk.com https://xxx-hunt-er.xyz https://tools.bongacams.com http://tools.bongacams.com http://bongacams.com http://xxx-hunt-er.xyz http://twoadv.ru https://twoadv.ru  https://bongacams.com https://*.bongacams.com http://*.twitter.com http://twitter.com https://*.twitter.com https://twitter.com  https://*.facebook.net http://*.facebook.net https://*.facebook.com http://*.facebook.com http://*.googleapis.com https://*.googleapis.com https://google.com http://google.com https://*.google.com http://*.google.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.gstatic.com https://*.gstatic.com http://*.google-analytics.com https://*.google-analytics.com http://vk.com https://vk.com https://*.vk.com http://*.vk.com https://*.ok.ru http://*.ok.ru http://*.mail.ru https://*.mail.ru http://www.odnoklassniki.ru https://www.odnoklassniki.ru;img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:;media-src *;font-src * data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.moatads.com *.moatads.com https://*.ok.ru http://*.ok.ru http://*.mail.ru https://*.mail.ru http://www.odnoklassniki.ru https://www.odnoklassniki.ru http://vk.com https://vk.com https://*.vk.com http://*.vk.com http://*.googleapis.com https://*.googleapis.com https://google.com http://google.com https://*.google.com http://*.google.com http://*.googlesyndication.com https://*.googlesyndication.com http://*.doubleclick.net https://*.doubleclick.net http://*.gstatic.com https://*.gstatic.com http://*.google-analytics.com https://*.google-analytics.com https://*.facebook.net http://*.facebook.net https://*.facebook.com http://*.facebook.com http://*.twitter.com http://twitter.com https://*.twitter.com https://twitter.com https://mp-https.info http://MPAY69.COM http://mpay69.biz https://xxx-hunt-m.com http://xxx-hunt-m.com http://plusadv.ru https://clcktms.ru https://adultadv.ru/ http://pftfk.com https://pftfk.com https://bongacams.com https://*.bongacams.com https://efbvrlg6dnjyllx.ru http://ejywtxa2agahkqt.ru https://ejywtxa2agahkqt.ru https://plusadv.ru https://hmqzhs0csdealn.ru https://ekkhgwp5atpuxdq.ru http://goldadv2.ru https://goldadv2.ru http://bongacams.com https://tools.bongacams.com http://tools.bongacams.com https://xxx-hunt-er.xyz http://xxx-hunt-er.xyz http://twoadv.ru https://twoadv.ru https://fbbamvq2fdinvtx.ru http://fbbamvq2fdinvtx.ru https://golayazv.com http://*.golayazv.com https://bodyclick.net http://bodyclick.net http://banalyze.net  https://banalyze.net  https://xxx-hunt-m.com  http://xxx-hunt-m.com https://yandex.ru https://*.yandex.ru https://*.yadro.ru https://yadro.ru https://*.googletagmanager.com https://googletagmanager.com https://www.google-analytics.com https://*.promokrot.com https://promokrot.com https://fast-hunter.com https://hgbn.network https://cdn7.network *.likebtn.com *.addthisedge.com *.addthis.com https://c.datpix.net https://huffson.com https://huffson-delivery.com https://cdn.huffson-delivery.com https://s.newsportalssl1.top https://tzbox2.xyz https://*.tzbox2.xyz; connect-src *; object-src *;report-uri /csp.php 2
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://forlagshuset.report-uri.com/r/t/csp/reportOnly 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp_report.php 2
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 2
default-src 'self' index: *.bancfirst.bank www.bancfirst.bank *.addthis.com blob:; script-src 'self' 'unsafe-eval' gtm.js s7.addthis.com m.addthisedge.com m.addthis.com 'sha256-xzWGxXprZyoRvV4J/O/RJGKUnj4dzfid91EAwaUeViU=' 'sha256-vXA5dAxiQJUjPjD5NgfB5zoiivtP1fy1IwLxtUGrqjk=' 'sha256-wyHV7T8nGuK3Ci2pUSX+l0VTXDIR8IAcjL9yCFIHeTU=' 'sha256-O6sKpvsX0rR3b8SsSZ5TfdOkjNC22kdZtEY3u2WyNDk=' 'sha256-Jq3+gPdPeQIxdu3ilVhyIX6skaTabrptARB4KNEHNNg=' 'sha256-toyiXvSVBvPJGgbz9OAJE8iblreiH07zpeU/F1Aau9o=' 'sha256-pr/LvXM9lGJILoqTPh0VQ0m/PsK+S/lIkjSkJ1teWGQ=' 'sha256-Qz6007DwLrVPOxTZRyFt6GCHVRsMeuDuJ3ARBiraebY=' 'sha256-pmUYZbslGhY4X8b68HzVmkQkBsbrr9i81gaggDQTrzM=' 'sha256-No9UxQq2c8JmNx14MLgvUE2w+FTM0Ddx62HEDi6B/Nk=' 'sha256-SkGxi9Eg0zgjRQQkw0BFfCyL9LPvACyrr6mTtVz7Fx0=' 'sha256-5kMb497w7ItxXRHeDONhgk1HOjOqzAVeP4/0KPiMW0Y=' 'sha256-6jqDdahYChzKXFbvfVhSrXgbMij237P1Ot/9WX6hAU0=' 'sha256-6X0va8YfHcaqDXGlKqFOEkFY+xSjvvHwT4oKixqib7k=' 'sha256-6X0va8YfHcaqDXGlKqFOEkFY+xSjvvHwT4oKixqib7k=' 'sha256-6X0va8YfHcaqDXGlKqFOEkFY+xSjvvHwT4oKixqib7k=' 'sha256-6X0va8YfHcaqDXGlKqFOEkFY+xSjvvHwT4oKixqib7k=' 'sha256-6X0va8YfHcaqDXGlKqFOEkFY+xSjvvHwT4oKixqib7k=' 'sha256-8mGsJoqdrhLVzJ9/tzhdc+GcpQ7myqwssqH1AEZ8OXg=' 'sha256-sPkzoXHA8dGojOJ3CZ8okdpaHH9iqTwX1oG10xTP2Xs=' 'sha256-Lim5m44QM0v7dTv/kbHWbFzWrzXUgFyhZydWizik714=' 'sha256-XWyHE66DRDihuF/VK+mbFWDg5iFl7FqizmeD2YK/jQk=' 'sha256-sPkzoXHA8dGojOJ3CZ8okdpaHH9iqTwX1oG10xTP2Xs=' 'sha256-F4LwGhRcG6090hrbQktDGIzrIQVSU0bcJsgqZcBgBk0=' 'sha256-F4LwGhRcG6090hrbQktDGIzrIQVSU0bcJsgqZcBgBk0='  'sha256-sPkzoXHA8dGojOJ3CZ8okdpaHH9iqTwX1oG10xTP2Xs='  maps.googleapis.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com use.typekit.net; connect-src 'self' *.bancfirsttv.com; img-src 'self' data:  p.typekit.net maps.googleapis.com www.google-analytics.com maps.gstatic.com *.bancfirsttv.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: use.typekit.net fonts.gstatic.com ajax.googleapis.com;  2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data 2
default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; report-uri //report-csp-violation 2
default-src https:; connect-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp-violation-reporting/ 2
block-all-mixed-content; report-uri https://us4.nimblecommerce.com/csp-violation.action 2
frame-ancestors 'self'; report-uri https://report.csp.api.brightspace.com/report; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri / 2
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_f553611f7146ae0c151aca0bed65c758 2
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; connect-src 'self'; 2
base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; script-src 'nonce-3369fd0b7d74c24ac65ded4b894608b9' 'strict-dynamic' 'unsafe-inline' https:; report-uri /api/concierge/csp-report; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'nonce-efe6e868-6295-4470-bf3f-722b391a023b' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'none'; base-uri https: data:; object-src; font-src https: data:; script-src 'nonce-5352b710-8454-4239-99c8-0d82c204d51b' https: 'unsafe-inline' 'nonce-kFIhs06tj1RNiDS7SCfFe2KR' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 1
script-src 'nonce-Kur7h15hONOKcge40aR2dg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=93b17013c588afe11820452e9a988b06 1
script-src 'nonce-SK4PRhBsBpa5O-hW46fi0g' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
script-src 'nonce-AxYcVG7rFyzO2ejMJtN7rQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-hAtptoMbaAeCjcuix+MdjA=='; style-src 'self' http: https: 'unsafe-inline'; connect-src 'self' http: https: data:; media-src 'self' http: https: blob: data:; frame-ancestors app.optimizely.com; frame-src 8294363.fls.doubleclick.net 9355701.fls.doubleclick.net/ a5935064.cdn.optimizely.com app.optimizely.com b.company-target.com bid.g.doubleclick.net c1.adform.net www.facebook.com fast.wistia.com fast.wistia.net js.driftt.com platform.twitter.com rollouts-markitecture.herokuapp.com subscriptions.smartrecruiters.com; font-src 'self' data: https: *.amazonaws.com/optimizely-marketing-site-assets-prod du7782fucwe1l.cloudfront.net fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; plugin-types application/pdf; object-src 'none'; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 1
script-src 'self' 'unsafe-inline' 'nonce-n8KTXrtQe1NuhNleuH4ixOQT7SmWNf9J' http://search.usa.gov http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://search.usa.gov https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com nonce-n8KTXrtQe1NuhNleuH4ixOQT7SmWNf9J; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://d15vqlr7iz6e8x.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://*.vets.gov https://*.va.gov https://search.usa.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' http://search.usa.gov https://fonts.googleapis.com https://search.usa.gov https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.vets.gov https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://analytics.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://search.vets.gov https://vicbdc.vba.va.gov https://search.usa.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vets.gov http://*.vetsgov-internal https://optimize.google.com ;  report-uri /csp-report 1
default-src 'none'; connect-src google-analytics.com medlineplus.awsint.nlm.nih.gov stats.g.doubleclick.net; frame-src platform.twitter.com; img-src 'self' www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.nlm.nih.gov ajax.googleapis.com cdn.syndication.twimg.com platform.twitter.com; style-src 'self' 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
default-src data: https: 'unsafe-inline' 'unsafe-eval';report-uri https://asia-northeast1-kakaku-csp-report.cloudfunctions.net/CSPReportFunc; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=144-9907602-0984664:rid=NNCM0HBT7N80HBPS1HRC:sn=www.audible.com 1
script-src 'nonce-ql23QXFFpXXmGNuleM1bJg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://irishtimes.report-uri.io/r/default/csp/reportOnly 1
img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-EMUGLKnbX8k+jpEGCY1cui1yIIl6av62' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-EMUGLKnbX8k+jpEGCY1cui1yIIl6av62' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/wi/prod 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=ad6r1qteur9rm&partner=; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /esaondemand/csp2.php 1
script-src 'nonce-E9cKnLST4vKlQNOm-YnoGg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/about_google; base-uri 'none' 1
report-uri https://wombat.smartsheet.com/www; default-src 'self'; frame-ancestors 'self' *.smartsheet.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com/recaptcha https://cdn.optimizely.com/js https://munchkin.marketo.net/munchkin.js https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; 1
script-src 'unsafe-eval' 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com; report-uri https://logger.sina.cn/report; 1
script-src 'nonce-JVkN7nxP8ndPjEMTzlqRWw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=sph&d=2019-12-09 1
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; report-uri https://csp.skype.com 1
default-src https: data: ; script-src https: data: 'unsafe-inline' 'unsafe-eval' ; style-src https: data: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; plugin-types 'none' ; report-uri /csp-report/http-v1/bd62e7a6c51350162a6dc7c851c4a1bc 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.typekit.net www.google-analytics.com www.googletagmanager.com az416426.vo.msecnd.net ajax.googleapis.com *.hotjar.com *.hotjar.io cdn-javascript.net ssl.google-analytics.com ajax.aspnetcdn.com getsatisfaction.com loader.engage.gsfn.us *.cloudfront.net cdnjs.cloudflare.com;object-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;style-src 'self' 'unsafe-inline' *.cloudfront.net *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.fontawesome.com cdnjs.cloudflare.com;img-src * data: blob:;media-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net widget.getsatisfaction.com vars.hotjar.com www.googletagmanager.com data:;font-src 'self' data: *.typekit.net fonts.gstatic.com themes.googleusercontent.com *.googleapis.com optimize.google.com cdnjs.cloudflare.com;connect-src 'self' *.screencast.com dc.services.visualstudio.com feedback.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com performance.typekit.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.redis.net stats.g.doubleclick.net;frame-ancestors 'self' * *.screencast.com;report-uri https://techsmithscreencast.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com;  report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1
report-uri https://csp.tsrs.cloud/r/39866a83e3133e2aeb90a00898c195bdb9eee30b; style-src 'unsafe-inline' https://assets-cdn.s-xoom.com/ https://ctfassets.net/ https://google.com/; object-src https://h.online-metrix.net/; base-uri  'none'; img-src https://googleusercontent.com/ https://assets-cdn.s-xoom.com/ 'self' https://stats.g.doubleclick.net/ https://nexus.ensighten.com/ https://bat.bing.com/ https://images.ctfassets.net/ https://bbb.org/ https://www.google-analytics.com/ https://www.facebook.com/ https://googleapis.com/ https://s3.amazonaws.com/ https://*.paypal.com/ https://img.mediaplex.com/ https://www.googletagmanager.com/ https://googleadservices.com/ https://www.google.com/ https://*.online-metrix.net/ https://dotomi.com/; frame-src https://c.paypal.com/ https://connect.facebook.net/ https://bid.g.doubleclick.net/ https://h.online-metrix.net/ https://*.google.com/ https://cardinalcommerce.com/ https://braintreegateway.com/ https://*.facebook.com/ https://jobvite.com/ https://youtube.com/ https://paypalobjects.com/; worker-src  'self'; script-src https://www.paypalobjects.com/ https://connect.facebook.net/ https://altfarm.mediaplex.com/ https://mxpnl.com/ 'unsafe-inline' https://assets-cdn.s-xoom.com/ https://nexus.ensighten.com/ https://*.google.com/ https://bat.bing.com/ https://iesnare.com/ https://braintreegateway.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://googleapis.com/ https://optimizely.com/ https://www.googleadservices.com/ https://h.online-metrix.net/ https://cdn.segment.com/ https://www.googletagmanager.com/ https://refer.xoom.com/ https://gstatic.com/ https://google.com/ https://ctfassets.net/ 'unsafe-eval'; media-src  'none'; font-src https://assets-cdn.s-xoom.com/; connect-src https://connect.facebook.net/ https://assets-cdn.s-xoom.com/ 'self' https://stats.g.doubleclick.net/ https://s3-us-west-2.amazonaws.com/ https://braintreegateway.com/ https://braintree-api.com/ https://api.segment.io/ https://www.paypal.com/ https://h.online-metrix.net/ https://mixpanel.com/ https://refer.xoom.com/ https://paypalobjects.com/; frame-ancestors  'self'; form-action https://connect.facebook.net/ https://doubleclick.net/ https://www.paypal.com/ 'self'; plugin-types  application/x-shockwave-flash; 1
font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tagesspiegel.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
object-src 'none'; script-src 'nonce-Wh0tGleME71nuIEa3Jsx' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://sentry.io/api/1833953/security/?sentry_key=760cfc2ebe6c4907beef03ce792ac5bb 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https: easy-js:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:;report-uri https://collector.schibsted.io/api/v1/csp/aftonbladet/publishing/pro 1
default-src 'self' https://secure.trust-provider.com https://secure.sectigo.com https://vars.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css?family=Roboto  ; font-src 'self' https://fonts.gstatic.com ; img-src 'self' https://www.google.com https://www.google.co.uk https://www.google.hr https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com ; object-src 'self'; connect-src 'self'; report-uri https://cspreports.sectigo.com 1
block-all-mixed-content; report-uri /PreserveCspReport/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
object-src 'none'; script-src https://apis.google.com/js/api.js 'nonce-5cUND4XWeRehvyQpfw2pAA==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://js.stripe.com https://www.google.com/recaptcha/ https://form.jotform.com https://submit.jotform.us https://www.docdroid.com https://kkb-production.jupyter-proxy.kaggle.net; base-uri 'none'; report-uri /csp/report 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp-endpoint/index 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-G7msqzv/Oa/tSQ==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
media-src https://www.stitchfix.com; img-src 'self' data: https://t.getletterpress.com https://alb.reddit.com https://gcm.optimove.events https://e.dlx.addthis.com https://id.rlcdn.com https://stitchfixtracksdk.optimove.net https://pixel.advertising.com https://www.facebook.com https://pippio.com https://sync-tm.everesttech.net https://ib.adnxs.com https://gpush.cogocast.net https://sync.outbrain.com https://www.google-analytics.com https://d3ss0gp3e5d7m3.cloudfront.net https://pinterest.adsymptotic.com https://fcmatch.google.com https://cs.lkqd.net https://x.bidswitch.net https://www.ojrq.net https://i.liadm.com https://prg.kargo.com https://aa.agkn.com https://p.alocdn.com https://c.liadm.com https://us-east-sync.bidswitch.net https://secure.adnxs.com https://cx.atdmt.com https://cm.g.doubleclick.net https://fcmatch.youtube.com https://srv.stackadapt.com https://dmx.districtm.io https://ct.pinterest.com https://data.adxcel-ec2.com https://crb.kargo.com https://dpx.airpr.com https://hexagon-analytics.com https://dpm.demdex.net https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://stats.g.doubleclick.net https://tapestry.tapad.com https://d.turn.com https://pixel.tapad.com https://www.google.com https://bat.bing.com https://p.tvpixel.com https://www.google.co.uk https://idsync.rlcdn.com https://pixel.quantserve.com https://io.narrative.io https://tag.cogocast.net https://bsw.digitru.st https://tag.apxlv.com https://lrcm.optimove.events https://ups.analytics.yahoo.com https://t.co; object-src https://www.stitchfix.com; worker-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.dynamicyield.com jsagent.tcell.io https://d3ss0gp3e5d7m3.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://s.pinimg.com https://www.redditstatic.com https://ext.chtbl.com https://sp.analytics.yahoo.com https://px.airpr.com https://s.yimg.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://bat.bing.com https://cdn.singular.net https://b-code.liadm.com https://www.stitchfix.com https://rules.quantcount.com https://script.crazyegg.com https://www.googleadservices.com https://secure.quantserve.com https://sdk-cdn.optimove.net https://analytics.twitter.com https://www.google-analytics.com https://d18p8z0ptb8qab.cloudfront.net https://connect.facebook.net https://d.impactradius-event.com https://assets.pixlee.com https://stitchfixtracksdk.optimove.net https://c.tvpixel.com; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://d3ss0gp3e5d7m3.cloudfront.net; font-src 'self' https://d3ss0gp3e5d7m3.cloudfront.net; child-src https://bid.g.doubleclick.net https://us.browser.tcell.insight.rapid7.com/ https://photos.pixlee.com https://staticxx.facebook.com https://www.facebook.com https://input.tcell.io/ https://www.stitchfix.com https://connect.facebook.net https://i.liadm.com https://8611748.fls.doubleclick.net; frame-src https://bid.g.doubleclick.net https://us.browser.tcell.insight.rapid7.com/ https://photos.pixlee.com https://staticxx.facebook.com https://www.facebook.com https://input.tcell.io/ https://www.stitchfix.com https://connect.facebook.net https://i.liadm.com https://8611748.fls.doubleclick.net; connect-src 'self' https://*.dynamicyield.com https://ampcid.google.com https://api.tcell.io/ https://ampcid.google.com.pr https://assets.pixlee.com https://p.tvpixel.com https://s.yimg.com https://ampcid.google.lu https://graph.facebook.com https://us.agent.tcell.insight.rapid7.com https://notify.bugsnag.com https://www.google-analytics.com https://t.getletterpress.com https://stitchfixtracksdk.optimove.net https://sessions.bugsnag.com https://www.facebook.com https://ups.analytics.yahoo.com https://cm.g.doubleclick.net https://location-service.stitchfix.com https://client-analytics-service.production.stitchfix.com https://tags.srv.stackadapt.com http://www.stitchfix.com https://lcidc.liadm.com https://d3ss0gp3e5d7m3.cloudfront.net http://sessions.bugsnag.com https://input.tcell.io/ https://ct.pinterest.com https://ampcid.google.ca https://ampcid.google.com.mx https://us.browser.tcell.insight.rapid7.com/ https://stitch-fix.sjv.io https://ampcid.google.ae https://web.chtbl.com https://adservice.google.com wss://www.stitchfix.com https://stats.g.doubleclick.net; report-uri https://us.browser.tcell.insight.rapid7.com/csp/cf7de367fe2d5d84bd7c8ddf20ed950ad0a499381058785a6a80633743084911?rid=98246921 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
script-src 'nonce-q4gWX8Pup1w2bxe-nKpBJQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'none'; base-uri https: data:; object-src; font-src https: data:; script-src 'nonce-0795dab0-ec5c-402f-a702-4a8f8020f8c8' https: 'unsafe-inline' 'nonce-K4Fy4wh+VwHEwRKYwymYPKHo' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://static.ads-twitter.com https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp.wrike.com/csp-report?website 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://gfmcharity.wpengine.com https://*.gofundme.com https://*.crowdrise.com https://*.hs-growth-metrics.com https://*.usemessages.com https://*.hsadspixel.net https://*.hubapi.com https://seal.verisign.com/ https://cdn.datatables.net https://js.hscta.net https://forms.hsforms.com https://code.jquery.com https://*.greenhouse.io https://*.fontawesome.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.swiftype.com https://*.outbrain.com https://*.digicert.com https://*.polyfill.io https://*.swiftypecdn.com https://*.typekit.net  https://*.bootstrapcdn.com https://*.jsdelivr.net https://*.hsforms.net https://*.youtube-nocookie.com https://*.youtube.com  https://*.optimizely.com https://*.mxpnl.com https://*.cloudflare.com https://*.hsforms.net https://*.gstatic.com https://*.googleapis.com https://*.amazonaws.com https://*.mixpanel.com https://*.hs-scripts.com https://www.googleadservices.com https://*.rlcdn.com https://*.adroll.com https://*.openx.net https://*.adnxs.com https://*.bidswitch.net https://*.rubiconproject.com https://*.google.com https://*.gigya.com https://*.twitter.com https://*.ziggeo.com https://*.hubspot.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://static.ads-twitter.com https://bat.bing.com https://*.hsleadflows.net https://*.hs-analytics.net https://*.linkedin.com https://*.yahoo.com https://*.google-analytics.com https://*.alooma.com https://*.bizographics.com https://*.crowdrise.com https://*.licdn.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* data:; connect-src https://*.crowdrise.com 'self' https://*.mixpanel.com https://*.hubapi.com https://*.hubspot.com https://*.alooma.com https://*.nr-data.net https://*.ziggeo.com https://*.twitter.com  https://*.optimizely.com https://*.doubleclick.net https://*.google-analytics.com https://*.typekit.net; report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; manifest-src 'self' ; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; report-uri https://api.youcanbook.me/v1/csp/reports 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kmnb9njjp1xgm16brnc7t488.httpschecker.net/report; report-to https://kmnb9njjp1xgm16brnc7t488.httpschecker.net/report 1
default-src 'self' play.vidyard.com; font-src 'self' use.typekit.net cdnjs.cloudflare.com fonts.gstatic.com data:; style-src 'self' rtp-static.marketo.com cdn01.boxcdn.net app-abd.marketo.com www.visualize-roi.com cdnjs.cloudflare.com www.confirmit.com confirmit.com www10.confirmit.com translate.googleapis.com fonts.googleapis.com 'unsafe-inline'; connect-src 'self' performance.typekit.net sjrtp1.marketo.com rtp-static.marketo.com api.box.com dl.boxcloud.com 107-xel-280.mktoresp.com *.confirmit.com.au *.confirmit.com www.google-analytics.com s7.addthis.com in.hotjar.com vc.hotjar.io wss://*.hotjar.com m.addthis.com c.6sc.co stats.g.doubleclick.net translate.googleapis.com; img-src * blob: data:; script-src 'self' blob: use.typekit.net www.googletagmanager.com sjrtp-cdn.marketo.com sjrtp1.marketo.com cdn.bizible.com static.oktopost.com go.toutapp.com www.google-analytics.com rtp-static.marketo.com munchkin.marketo.net cdn01.boxcdn.net script.hotjar.com static.hotjar.com j.6sc.co okt.to t.sf14g.com formalyzer.com digitalfeedback.euro.confirmit.com digitalfeedback.us.confirmit.com digitalfeedback.confirmit.com.au www.visualize-roi.com code.highcharts.com s7.addthis.com m.addthis.com v1.addthis.com m.addthisedge.com v1.addthisedge.com graph.facebook.com www.linkedin.com api-public.addthis.com widget.aggregage.com play.vidyard.com cdn.rawgit.com translate.googleapis.com translate.google.com www.google.com www10.confirmit.com ssl.geoplugin.net www.gstatic.com app-abd.marketo.com cdn.b0e8.com confirmit.breezy.hr code.jquery.com marvel-b2-cdn.bc0a.com www.googleadservices.com trackalyzer.com googleads.g.doubleclick.net cdn.livechatinc.com secure.livechatinc.com www.confirmit.com confirmit.com 'unsafe-eval' 'unsafe-inline'; child-src *; frame-src *; object-src 'self'; worker-src blob:; media-src: marvel-b1-cdn.bc0a.com; frame-ancestors 'self'; report-uri https://confirmit.report-uri.com/r/t/csp/reportOnly 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.fbcdn.net data: blob: 'unsafe-inline' 'unsafe-eval' connect.facebook.net api.demandbase.com;style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com wss://*.workplace.com:* *.fbcdn.net blob: *.mktoresp.com *.workplace.tools;report-uri https://www.workplace.com/csp/reporting/ 1
default-src https: 'self' *.google.com; img-src https: data:; style-src 'self' *.googleapis.com *.google.com 'sha256-MammJ3J+TGIHdHxYsGLjD6DzRU0ZmxXKZ2DvTePAF0o=' 'sha256-6iA6WDOL1mgUULZ6GSs2OOfP4eMuu6iI5agxCjK2m2A=' 'sha256-+zzuded9+DHoztKyASJeCkVU0gxvYNWMUIQM7x//CB4=' 'sha256-ldCXMle1JJUAD9eAjLdSuPIgIBcTcBecWlaXs0A2y4M=' 'sha256-WCg1a4AhMGgFRCQG5w+hgG+Q2j8Ygrbd+2dgjByIOIU=' 'sha256-Awu6hl63MCY3jiYHaDclrL7Lic9KcEalXm2o/i3e0v8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/4YlUlisxufO6wbKvYp4xV8Hkzxm85+1Tb31SjmAox0=' 'sha256-a2VR/Wq1VPr0+3GRY+lEmAQm7wjwwnDtPpcCPs2zTrw=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-5KvpSTE2xdGq8rDdvgAPP3mCfTXBc1ohjt2UiAQt9k4=' 'sha256-UvsJ5gtL0c/whxmyVt4YoNv7YnPUd0tANZOlq3NshXE=' 'sha256-z0kguVeUlbcxez4SqrO86oejphhqKDFfdCPv4yuhe70=';  script-src 'self' https: 'nonce-1900822576854099be37249195835514'; report-uri /csp-report 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
report-uri https://everlane.report-uri.com/r/d/csp/reportOnly; default-src blob: data: https: 'self' wss:; script-src blob: data: https: 'self' wss: 'unsafe-eval' 'unsafe-inline'; style-src blob: data: https: 'self' wss: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src https: data:; font-src https: data:; report-uri https://ee.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' *.tapd.cn; connect-src http: https: ws: wss:;script-src 'self' 'nonce-fe174f6319332b48502b2c556008' 'unsafe-inline' 'unsafe-eval' *.tapd.cn bqq.gtimg.com t.gdt.qq.com admin.qidian.qq.com; style-src 'self' 'unsafe-inline' *.tapd.cn; img-src 'self' *.tapd.cn pingtcss.qq.com report.huatuo.qq.com badjs2.qq.com da.qidian.qq.com pingtas.qq.com data:; font-src 'self' *.tapd.cn data:; worker-src 'self' *.tapd.cn blob:; frame-src 'self' *.tapd.cn admin.qidian.qq.com webpage.qidian.qq.com; report-uri https://aq.qq.com/cn2/manage/mbtoken/hijack_csp_report 1
script-src 'nonce-2J0RfR21Eccc-6LFtHv-uQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://a.tiles.mapbox.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
default-src 'self'; connect-src 'self' https://*.paytm.com https://*.paytmmall.com https://paytm.com https://paytmmall.com https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://*.paytm.com https://media.flixcar.com https://media.flixfacts.com; form-action https://securegw.paytm.in https://www.facebook.com; frame-src 'self' https://*.paytm.com https://bid.g.doubleclick.net https://dis.as.criteo.com https://gum.criteo.com https://media.flixcar.com https://www.facebook.com; img-src 'self' data: https://*.paytm.com https://*.paytm.in https://googleads.g.doubleclick.net https://*.mapmyindia.com https://media.flixcar.com https://media.flixfacts.com https://paytmofferlive.wpengine.com https://rt.flix360.com https://s3-ap-southeast-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.google.com.sg; script-src 'unsafe-eval' 'unsafe-inline' https://*.mapmyindia.com https://*.paytm.com https://storage.googleapis.com https://connect.facebook.net https://d25w45cltkdr4r.cloudfront.net https://googleads.g.doubleclick.net https://media.flixcar.com https://media.flixfacts.com https://sslwidget.criteo.com https://static.criteo.net https://t.flix360.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'unsafe-inline' https://*.paytm.com https://*.mapmyindia.com https://media.flixcar.com https://media.flixfacts.com; worker-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php; 1
base-uri 'none'; connect-src https: wss:; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; script-src 'nonce-1a9cde2ae169410cdee552c2be307da5' 'strict-dynamic' 'unsafe-inline' https:; report-uri /api/concierge/csp-report; report-to csp-endpoint 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=40kel8teus5ij&partner=; 1
default-src 'self'; img-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' *.doubleclick.net *.opentext.com data: *.everesttech.net *.llnwd.net *.xfinity.com *.plaxo.com *.licdn.com *.twitter.com *.facebook.com *.licdn.com *.brightcove.com *.superlawyers.com *.google-analytics.com *.cmptch.com *.demdex.net *.twitter.com *.akamaihd.net *.youtube.com *.betrad.com cdn.datatables.net *.eloqua.com *.google.com *.googletagmanager.com *.linkedin.com *.googlesyndication.com *.scorecardresearch.com *.googleapis.com *.gstatic.com *.doubleclick.com; font-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' data: cdn.tinymce.com fonts.gstatic.com; style-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' 'unsafe-inline' cdn.tinymce.com *.googleapis.com cdn.datatables.net *.gstatic.com; script-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' 'unsafe-inline' 'unsafe-eval' *.departapp.com *.thomsonreuters.com *.linkedin.com *.google-analytics.com *.rubiconproject.com *.bizographics.com *.perfdrive.com code.jquery.com https://ajax.cloudflare.com *.akamaihd.net *.omtrdc.net *.appdynamics.com *.opentext.com ajax.aspnetcdn.com *.facebook.net *.googletagmanager.com *.google.co.uk *.google.co.in *.google.co.in *.google-analytics.com *.scorecardresearch.com *.googletagservices.com img03.en25.com *.licdn.com *.lpsnmedia.net *.liveperson.net cdn.datatables.net *.doubleclick.net *.googleadservices.com *.brightcove.net *.googlesyndication.com *.gstatic.com *.betrad.com *.googleapis.com *.google.com cdn.jsdelivr.net assets.adobedtm.com assets.adobedtm.com *.findlaw.com *.issuu.com cdn.ampproject.org cdn.mouseflow.com cdnjs.cloudflare.com js.maxmind.com cdn.tinymce.com; connect-src 'self' *.akamaihd.net *.eum-appdynamics.com *.perfdrive.com *.superlawyers.com *.facebook.com *.google-analytics.com *.brightcove.com *.stickyadstv.com *.gstatic.net *.gstatic.com *.mouseflow.com *.springserve.com *.findlaw.com *.springserve.com *.advertising.com *.demdex.net *.googlesyndication.com *.vertamedia.com *.doubleclick.net *.googlesyndication.com *.google.com; frame-ancestors 'self'; frame-src *.issuu.com *.google.com *.googletagservices.com *.liveperson.net *.akamaihd.net *.youtube.com *.demdex.net *.lpsnmedia.net *.googlesyndication.com *.facebook.net *.facebook.com *.doubleclick.net; media-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' *.media.brightcove.com; object-src 'none'; manifest-src *.superlawyers.com; report-uri https://superlawyers.report-uri.com/r/t/csp/reportOnly; 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com https: mailto: tel: 'self'; img-src * data: blob: 'self'; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net https: data: blob: 'self';report-uri /csp/submit 1
default-src https: wss://*.tawk.to; img-src * data:; connect-src wss: https:;script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://8adb22543fffe02a5cf0a6025ed657c3.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io wss: wss://*.pusher.com; font-src 'self' data: fonts.gstatic.com; form-action 'self'; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com tst.kaptcha.com www.youtube.com moz-extension://* chrome-extension://*; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://*; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net; upgrade-insecure-requests; report-uri https://www.rescuetime.com/csp-report 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://www.googletagmanager.com https://www.youtube.com https://bam.nr-data.net https://cdn.mxpnl.com https://ajax.cloudflare.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://s.ytimg.com https://connect.facebook.net https://analytics.twitter.com https://googleads.g.doubleclick.net https://*.addthis.com https://m.addthisedge.com https://betterment-prod-cdn.s3.amazonaws.com https://static.ads-twitter.com https://www.googleadservices.com https://static.zdassets.com https://assets.zendesk.com https://cdnjs.cloudflare.com https://cdn.mathjax.org https://collector-2087.tvsquared.com; object-src 'self'; block-all-mixed-content; report-uri https://sentry.io/api/1290889/security/?sentry_key=8d9a3ccbfa7843c09f44b9a209bd9c8e&sentry_environment=csp-production; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://timetrade.report-uri.com/r/d/csp/wizard 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=141-6971515-7497215:rid=207RAE0A4B2NR5RWFR11:sn=www.audible.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
img-src 'self' *.cloudflare.com *.conductrics.com *.contentsquare.net *.doubleclick.net *.doubleclick.net *.eurostar.com *.facebook.com *.facebook.net *.force.com *.ggpht.com *.google.be *.google.ch *.google.com *.google.co.uk *.google.fr *.google.lu *.google.nl *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.krxd.net *.optimizely.com polyfill.io *.quantserve.com *.quantcount.com *.salesforceliveagent.com *.tealiumiq.com *.tiqcdn.com *.usabilla.com *.yieldoptimizer.com *.youtube.com *.ytimg.com data:; script-src 'self' *.cloudflare.com *.conductrics.com *.contentsquare.net *.doubleclick.net *.doubleclick.net *.eurostar.com *.facebook.com *.facebook.net *.force.com *.ggpht.com *.google.be *.google.ch *.google.com *.google.co.uk *.google.fr *.google.lu *.google.nl *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.krxd.net *.optimizely.com polyfill.io *.quantserve.com *.quantcount.com *.salesforceliveagent.com *.tealiumiq.com *.tiqcdn.com *.usabilla.com *.yieldoptimizer.com *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' *.cloudflare.com *.conductrics.com *.contentsquare.net *.doubleclick.net *.doubleclick.net *.eurostar.com *.facebook.com *.facebook.net *.force.com *.ggpht.com *.google.be *.google.ch *.google.com *.google.co.uk *.google.fr *.google.lu *.google.nl *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.krxd.net *.optimizely.com polyfill.io *.quantserve.com *.quantcount.com *.salesforceliveagent.com *.tealiumiq.com *.tiqcdn.com *.usabilla.com *.yieldoptimizer.com *.youtube.com *.ytimg.com 'unsafe-inline'; connect-src 'self' *.cloudflare.com *.conductrics.com *.contentsquare.net *.doubleclick.net *.doubleclick.net *.eurostar.com *.facebook.com *.facebook.net *.force.com *.ggpht.com *.google.be *.google.ch *.google.com *.google.co.uk *.google.fr *.google.lu *.google.nl *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.krxd.net *.optimizely.com polyfill.io *.quantserve.com *.quantcount.com *.salesforceliveagent.com *.tealiumiq.com *.tiqcdn.com *.usabilla.com *.yieldoptimizer.com *.youtube.com *.ytimg.com; object-src 'self' *.cloudflare.com *.conductrics.com *.contentsquare.net *.doubleclick.net *.doubleclick.net *.eurostar.com *.facebook.com *.facebook.net *.force.com *.ggpht.com *.google.be *.google.ch *.google.com *.google.co.uk *.google.fr *.google.lu *.google.nl *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.krxd.net *.optimizely.com polyfill.io *.quantserve.com *.quantcount.com *.salesforceliveagent.com *.tealiumiq.com *.tiqcdn.com *.usabilla.com *.yieldoptimizer.com *.youtube.com *.ytimg.com; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV2FbC9Ij83SGE3iTXUOUwHd6irC7dEd3crCFxWV0sz34YKvdRhl7b2Pwk5pss2m6jkp8P_KsP_DDMThVLr-k4csrE-WmpY1fji3919gGLcEhQ== 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://rameez.report-uri.io/r/default/csp/reportOnly 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl https://public.tableau.com https://popcard.unibuddy.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://try.abtasty.com https://dcinfos.abtasty.com f1-eu.readspeaker.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://f1-eu.readspeaker.com https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; report-uri https://www.eur.nl/report-uri/reportOnly 1
script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.marketo.net *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/gl/prod 1
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp/ 1
default-src https: data: blob: about: 'unsafe-inline' 'unsafe-eval'; report-uri https://8f97ca7fe77acd3ff57dd08291fc4c61.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src *; img-src * data:; style-src 'self' fonts.googleapis.com 'unsafe-inline'; script-src 'self' google-analytics.com googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' *.alarm.com; frame-src 'self' *.alarm.com youtube.com academy-alarm.com; report-uri https://alarm.com/api/csp/report; report-to https://alarm.com/api/csp/report; 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
object-src 'none';base-uri 'self';script-src 'nonce-QNM3hscrQQQV028kujqB' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world ; script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-BLsoZxRty0CQ75GEyuaarw==' 'sha256-xgnS1tdb1vxgt7rMnzGPHbBumjA2nwOo2zr5JWyn62A=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-N9ztf1wx+YHmIwKzGt/sA+NS8eQxN8/5QtVkkYWuyNM=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-uaOgH6Wg5HZzOcOMUDlpqDrYOeBghbzAxWmuIk5CesQ=' 'sha256-GPI0R4fm3M6YSDB94y2jFr+xcNdnExajsx/UZMjjnR0=' 'sha256-D6+7ENb+ZYlAuV1iLugq0MJ0hebjxqJZWPslWLKT0ds=' ; style-src 'self' 'unsafe-inline' https: ; report-uri https://unidays.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.adelphi.edu/_logger/csp.php?host=www.adelphi.edu 1
default-src https: wss:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; report-uri https://stagesuunto.report-uri.com/r/d/csp/reportOnly 1
default-src 'none';img-src 'self' data: an.yandex.ru yastatic.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv  mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com  mc.webvisor.org;font-src 'self';child-src mc.yandex.ru;connect-src 'self' *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org;frame-src 'self' mc.yandex.ru;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' yastatic.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org 'unsafe-inline';report-uri https://csp.yandex.net/csp?from=adfox; 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
base-uri 'none'; default-src 'self' 'unsafe-inline' blob: data:; child-src 'self' https://www.youtube.com https://*.coolblue.nl; connect-src 'self' https://*.doubleclick.net; font-src 'self' https://assets.coolblue.nl assets.coolblue.nl https://assets.coolblue.be assets.coolblue.be; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://image.coolblue.nl https://image.coolblue.be https://image.coolblue.io https://assets.coolblue.nl https://assets.coolblue.be https://www.google-analytics.com https://*.google.be https://*.google.com https://*.google.nl https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.adyen.com https://*.doubleclick.net https://user-event-tracker.crazyegg.com https://www.facebook.com blob: data:; script-src 'self' https://assets.coolblue.nl https://www.google-analytics.com https://cdn.ampproject.org https://connect.facebook.net https://*.google.be https://*.google.com https://*.google.nl https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.usabilla.com https://*.crazyegg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://assets.coolblue.nl https://assets.coolblue.be 'unsafe-inline' blob: data:; report-uri https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/reportOnly; report-to https://3533eaa516fe10a59521ffab0a98b9a4.report-uri.com/r/t/csp/reportOnly; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' https:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src 'none'; report-uri https://www.youtubekids.com/csp_204?t=strict-csp; script-src 'strict-dynamic' 'unsafe-inline' https: 'report-sample' 'nonce-4tV0bRc019DwclFOjGlVQA=='; style-src https: 'unsafe-inline' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
block-all-mixed-content; report-uri https://csp-reports.pravmir.ru/https-mixed-content-logger/csp_report_log.php; 1
script-src 'nonce-MsCv5IJvfOeDtjEqCRtwbw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io https://api.amplitude.com/ ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' static.chartbeat.com https: ; img-src 'self' http: https: data: ; font-src 'self' https: data: ; frame-src https: ; connect-src 'self' https: ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=141-3666533-6316853:rid=AAMDPM7GC0EYHPDPVB0C:sn=www.audible.com 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; frame-src 'self' *.twitter.com; report-uri /site/servlet/csp-report; 1
frame-ancestors 'self' www.chasepaymentechhostedpay.com ;font-src 'self' https://fonts.gstatic.com https://webfonts.zohostatic.com https://d3rr3d0n31t48m.cloudfront.net  https://static.ecorebates.com https://ajax.googleapis.com  data: ;base-uri 'self' ; object-src 'self' https://www.chasepaymentechhostedpay.com https://na.electroluxmedia.com https://media.frigidaire.com; report-uri /CSP-report; 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/tr/prod 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' data: *; script-src 'self' 'unsafe-inline' *.driveback.ru cdn.blueconic.net kspbnk.blueconic.net www.google-analytics.net www.google-analytics.com *.creativecdn.com connect.facebook.net vk.com mc.yandex.ru script.hotjar.com static.criteo.net sslwidget.criteo.com www.googleadservices.com top-fwz1.mail.ru creativecdn.com googleadseclick.net googleads.g.doubleclick.net; style-src 'self' cdn.driveback.ru 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; report-uri https://kaspi.kz/csp-report 1
default-src 'none';connect-src mc.yandex.ru mc.admetrica.ru yandex.ru yastatic.net an.yandex.ru;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1575860479.38965.153900.292027&h=sas1-3304-b16-sas-portal-any-s-015-27240&csp=new&date=20191209&yandexuid=1559644991575860479;child-src mc.yandex.ru yastatic.net;style-src yastatic.net 'unsafe-inline';script-src 'unsafe-eval' awaps.yandex.ru an.yandex.ru yandex.ru yastatic.net 'nonce-1OElkhnq+ZA42xmnb40laQ==' mc.yandex.ru;img-src an.yandex.ru yastatic.net avatars.mds.yandex.net favicon.yandex.net yandex.ru awaps.yandex.net data: mc.yandex.ru 'self' mc.admetrica.ru 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=50afc2d28698c8ceff0e98e99c2606ae 1
frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; form-action https:; report-uri https://arlingtonva.report-uri.io/r/default/csp/reportOnly; 1
default-src 'none';base-uri 'self';script-src 'self' cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js;style-src 'self' 'unsafe-inline' fonts.googleapis.com/ weblibrary.cdn.getgo.com/togo/6.3.4/ cdnjs.cloudflare.com/ajax/libs/font-awesome/ maxcdn.bootstrapcdn.com/font-awesome/4.5.0/;font-src 'self' fonts.googleapis.com/ weblibrary.cdn.getgo.com/togo/6.3.4/ cdnjs.cloudflare.com/ajax/libs/font-awesome/ maxcdn.bootstrapcdn.com/font-awesome/4.5.0/;img-src 'self' cdn.gotomeet.at/images/ www.filepicker.io/api/file/ https://avatars.servers.getgo.com/ d1ho4l1jd34cw6.cloudfront.net/api/file/;connect-src api.mixpanel.com/decide/ api.mixpanel.com/track/;report-uri /_internal/csp_report 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com 'nonce-MzY2ODg0NDc2NCw3NDc2NDg4OTc='; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //analytics.tool.lu/csp 1
policy 1
img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com; report-uri https://www.sidefx.com/csp_reports/; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; default-src 'self'; script-src 'self' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-yTQopfAHxvctxCp2'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com; style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com www.google.com *.vimeocdn.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://api.transparentcdn.com/v1/csp/report/83/ 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6d4a6nheurcql&partner=; 1
default-src 'self' https://themes.googleusercontent.com/ https://www.rovid.nl/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl/ https://cdn.datatables.net/; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://www.rovid.nl/ data:; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
script-src 'nonce-5vnFTN6IxZ-nPb8DQkLb3A' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/*; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; disown-opener; reflected-xss block; base-uri *.roche.com *.roche.net *.gene.com; plugin-types application/pdf; referrer origin-when-cross-origin; report-uri https://roche.report-uri.com/r/t/csp/reportonly 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1
base-uri 'none'; object-src 'none'; script-src 'report-sample' https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'unsafe-eval' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' blob:; report-uri https://blenderartists.org/csp_reports 1
child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://*.aol.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://*.aol.com https://www.aol.co.uk https://www.aol.de;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com;media-src https://*.ah.yahoo.com;report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://pr.comet.yahoo.com 'nonce-L2tW/5qOSr3DSdwI2NmjxyTizfF+XSjYBy0RwcZBv2kj607L' ;style-src * 'unsafe-inline' 1
report-to webscaleCspEndpoint; report-uri https://www.alexandani.com/reportingWebscaleCspEndpoint; script-src 'unsafe-eval' 'unsafe-inline' Data: 'self' *.hotjar.com cdn.curalate.com webmessenger.alexandani.com ec2-3-220-196-204.compute-1.amazonaws.com *.cloudmaestro.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.nr-data.net ajax.aspnetcdn.com ak.sail-horizon.com bat.bing.com client.perimeterx.net fast.wistia.com js-agent.newrelic.com s.pinimg.com s.yimg.com script.crazyegg.com secure.quantserve.com *.criteo.net www-webscale.alexandani.com rules.quantcount.com sp.analytics.yahoo.com googleads.g.doubleclick.net *.criteo.com api.pinterest.com *.alexandani.com js.klevu.com 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: api.swiftype.com www.googleadservices.com s.dca0.com api.braintreegateway.com www.paypalobjects.com s.pinimg.com static.hotjar.com script.hotjar.com js-agent.newrelic.com *.webscalenetworks.net cdn.attn.tv sn.dca0.com bam.nr-data.net cdn4.forter.com d.adroll.com script.crazyegg.com cdn.listrakbi.com s1.listrakbi.com rum-static.pingdom.net s.swiftypecdn.com amiclubwear.com *.amiclubwear.com use.fontawesome.com apis.google.com *.cloudmaestro.com *.lagrangesystems.net d.adroll.mgr.consensu.org s.adroll.com *.facebook.net *.facebook.com *.cloudfront.net www.googletagmanager.com www.google-analytics.com bat.bing.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
script-src 'nonce-VhA6YZou2HbxVtiHIdoDbg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/safety_google; base-uri 'none' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net 'unsafe-inline' 'self'; default-src 'none'; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'unsafe-inline' https://use.typekit.net; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://use.typekit.net https://themes.googleusercontent.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fast.wistia.com fast.wistia.net *.wistia.com *.wistia.com form.jotform.com cdn.jotfor.ms secure.jotformpro.com submit.jotformpro.com;style-src 'self' 'unsafe-inline' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;child-src 'self' https://voicethread.com fast.wistia.com fast.wistia.net *.wistia.com player.vimeo.com;connect-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com wss://prod-mq.voicethread.com sentry.io *.akamaihd.net *.litix.io *.wistia.com *.litix.io;font-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;form-action 'self'  https://voicethread.com;frame-ancestors none ;img-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net events.jotform.com cdn.jotfor.ms;media-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com embed.wistia.com embedwistia-a.akamaihd.net;object-src 'self' https://prod-cdn.voicethread.com;report-uri /csp_report/; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss:; font-src https:; media-src 'self' https://media-eu2.digital.nuance.com; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 1
script-src 'nonce-x_PcsVkFr-CXlPdenN2A1A' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
frame-ancestors 'self'; report-uri https://sentry.wongnai.com/api/2/csp-report/?sentry_key=1eb41851e6a44bd39f12e47f6de24633 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ytimg.com www.youtube.com www.google.com www.google.no assets.adobedtm.com sparebank1.d3.sc.omtrdc.net cdn.tt.omtrdc.net *.cicero.no *.sparebank1.no www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.sparebank1.no www.youtube.com services.cicero.no translate.googleapis.com; img-src 'self' secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net cm.everesttech.net www.facebook.com *.sparebank1.no *.boost.ai www.google.no www.google.com dpm.demdex.net resources.mynewsdesk.com www.googletagmanager.com www.gstatic.com data:; connect-src 'self' dpm.demdex.net *.cicero.no *.omtrdc.net data.brreg.no *.sparebank1.no www.mynewsdesk.com publish.ne.cision.com; font-src 'self' *.sparebank1.no resources.mynewsdesk.com services.cicero.no data:; media-src 'none'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com player.vimeo.com assets.adobedtm.com dpm.demdex.net sparebank1.demdex.net www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no dbsnn.no www.googletagmanager.com *.doubleclick.net www.ident.nets.eu www.sb1fo.no www.webcruiter.no; report-uri /bin/logservlet 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_1_9_2 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.twitter.com *.typekit.net *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' addevent.com *.addthis.com *.addthisedge.com *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js *.googletagmanager.com *.hotjar.com *.instagram.com *.pinterest.com *.royalalberthall.com tfl.gov.uk *.twimg.com *.twitter.com *.typekit.net *.ytimg.com www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' addevent.com *.addthis.com *.addthisedge.com *.bugherd.com cdn.syndication.twimg.com *.doubleclick.net *.facebook.com *.facebook.net *.gstatic.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js *.googletagmanager.com *.hotjar.com *.mathtag.com *.pinterest.com *.serving-sys.com *.typekit.net *.youtube.com *.ytimg.com *.instagram.com *.royalalberthall.com *.twimg.com *.twitter.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.doubleclick.net *.facebook.com *.google-analytics.com *.hotjar.io *.serving-sys.com *.typekit.net *.royalalberthall.com *.hotjar.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.addevent.com cdnjs.cloudflare.com fonts.googleapis.com *.mathtag.com maxcdn.bootstrapcdn.com *.royalalberthall.com *.twitter.com; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com fonts.googleapis.com tickets.royalalberthall.com *.twitter.com; img-src 'self' data: *.addevent.com *.adnxs.com *.audience2media.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google.com *.google.co.uk *.googletagmanager.com *.google-analytics.com img.youtube.com pbs.twimg.com *.royalalberthall.com *.s3.amazonaws.com s3-eu-west-1.amazonaws.com *.twitter.com *.typekit.net tfl.gov.uk *.gravatar.com *.youtube.com yt3.ggpht.com *.ytimg.com http://uploads.royalalberthall.com.s3-eu-west-1.amazonaws.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net; font-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.gstatic.com *.typekit.net *.royalalberthall.com; frame-src 'self' *.facebook.com *.royalalberthall.com *.addthis.com *.doubleclick.net *.google.com *.googletagmanager.com open.spotify.com *.twitter.com *.youtube.com *.vimeo.com iris.time-lapse-systems.co.uk syndication.twitter.com *.instagram.com s3.eu-west-1.amazonaws.com/assets.royalalberthall.com/ widgets.scribblemaps.com *.hotjar.com; object-src 'self'; reflected-xss block; report-uri https://8b2914542e1511c44f4e835f9c638376.report-uri.com/r/d/csp/enforce; 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 1
frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
block-all-mixed-content; report-uri https://davincistudio.report-uri.com/r/d/csp/reportOnly; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.facebook.com adservice.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com bat.bing.com js.adsrvr.org apac-oceania.netmng.com servedby.flashtalking.com amplifypixel.outbrain.com www.google.ca www.youtube.com oceaniacruise.d2.sc.omtrdc.net s.ytimg.com amplify.outbrain.com resources.xg4ken.com 5488942.fls.doubleclick.net tr.outbrain.com pubads.g.doubleclick.net 4395476.fls.doubleclick.net 6123315.fls.doubleclick.net insight.adsrvr.org 6034582.fls.doubleclick.net secure.adnxs.com www.google.co.uk dpm.demdex.net tags.bluekai.com cm.g.doubleclick.net dsum-sec.casalemedia.com p.adsymptotic.com idsync.rlcdn.com pixel.rubiconproject.com image2.pubmatic.com us-u.openx.net ce.lijit.com universal.iperceptions.com beacon.krxd.net loadm.exelator.com x.bidswitch.net pixel.advertising.com aa.agkn.com st2.dialogtech.com d31y97ze264gaa.cloudfront.net players.brightcove.net manifest.prod.boltdns.net sp.analytics.yahoo.com ads.yahoo.com di.rlcdn.com ib.adnxs.com api.iperceptions.com ds-aksb-a.akamaihd.net js-agent.newrelic.com house-fastly-signed-us-east-1-prod.brightcovecdn.com www.google.co.nz www.google.com.br bam.nr-data.net www.google.com.au st1.dialogtech.com edge.api.brightcove.com vjs.zencdn.net pixel.tapad.com su.addthis.com 6713102.fls.doubleclick.net s.amazon-adsystem.com f1.media.brightcove.com cf-images.us-east-1.prod.boltdns.net secure.brightcove.com www.google.co.in bid.g.doubleclick.net www.google.ru www.google.nl ekr.zdassets.com static.zdassets.com mpp.vindicosuite.com d.agkn.com tag.yieldoptimizer.com www.google.com.ar www.google.com.my assets.zendesk.com www.google.co.jp ad.360yield.com www.google.pl www.google.ie www.google.fr match.sharethrough.com www.google.se az452423.vo.msecnd.net ads.scorecardresearch.com i.liadm.com uipglob.semasio.net s.thebrighttag.com tags.rd.linksynergy.com e.nexac.com simage2.pubmatic.com adadvisor.net cw.addthis.com www.google.com.mx www.google.de ad.yieldlab.net www.google.com.sg www.google.com.hk www.google.com.eg secure.insightexpressai.com oceaniacruises.zendesk.com ips-invite.iperceptions.com v2.zopim.com www.google.es www.google.co.th jp-u.openx.net cs.gssprt.jp stats.g.doubleclick.net ips-img.iperceptions.com sec.yimg.com adservice.google.ca 36fb78d7.akstat.io c.go-mpulse.net s.go-mpulse.net; report-uri /csp-report-only 1
default-src   http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com;  style-src 'self' https://checkout.stripe.com 'unsafe-inline' ;  img-src * https://* http://*;  font-src 'self';  script-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://js.stripe.com https://checkout.stripe.com https://platform.twitter.com/ https://twitter.com/ 'unsafe-eval' 'unsafe-inline' ;  frame-src 'self'  https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.soundcloud.com/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ https://platform.twitter.com/ https://twitter.com/;  media-src http://*.somafm.com https://*.somafm.com https://w.soundcloud.com https://api.soundcloud.com ;  object-src 'self' http://*.somafm.com https://*.somafm.com;  connect-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com https://api.stripe.com ;  report-uri https://c70042f2c71bb9b31e563921ca1357ff.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.typekit.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com  https://aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' https://use.typekit.net data: ; 1
default-src 'self' blob:; script-src https://web.tamtam.chat https://www.googletagmanager.com/ https://www.google-analytics.com/ https://mc.yandex.ru/ blob: 'self' 'unsafe-inline'; style-src https://web.tamtam.chat 'unsafe-inline'; img-src https://*.mycdn.me https://*.ok.ru https://web.tamtam.chat https://www.google-analytics.com/ https://mc.yandex.ru/ https://stats.g.doubleclick.net/ https://*.tenor.com/ blob: data: 'self'; connect-src wss://*.tamtam.chat/websocket https://*.mycdn.me/ https://ok.ru/web-api/tamtam https://mc.yandex.ru/ https://*.mapbox.com/ https://*.tenor.com/ https://ipapi.co/ 'self' blob:; media-src https://web.tamtam.chat https://*.mycdn.me https://*.ok.ru https://*.tenor.com blob:; report-uri /csp/report 1
script-src 'nonce-PAXnpU8vZxJPgVTO9Cb99g' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' s.go-mpulse.net tags.tiqcdn.com googleads.g.doubleclick.net www.google.com connect.facebook.net adservice.google.com www.google-analytics.com www.facebook.com bat.bing.com sp.analytics.yahoo.com servedby.flashtalking.com www.google.com.au www.googleadservices.com js.adsrvr.org www.googletagmanager.com insight.adsrvr.org universal.iperceptions.com 8211048.fls.doubleclick.net 6034582.fls.doubleclick.net cloud.typography.com s.yimg.com amplify.outbrain.com 5489943.fls.doubleclick.net resources.xg4ken.com tr.outbrain.com login.dotomi.com amplifypixel.outbrain.com www.google.fr pubads.g.doubleclick.net 9055492.fls.doubleclick.net d31y97ze264gaa.cloudfront.net st2.dialogtech.com api.datasteam.io cdn.datasteam.io a5414371492.cdn.optimizely.com pixel.mathtag.com cm.g.doubleclick.net s.amazon-adsystem.com secure.dtmpub.com dsum-sec.casalemedia.com www.google.co.in dpm.demdex.net www.google.nl ads.yahoo.com tags.bluekai.com pixel.rubiconproject.com www.google.co.uk st1.dialogtech.com ib.adnxs.com adadvisor.net cdn.optimizely.com us-u.openx.net ajax.googleapis.com 5424510.fls.doubleclick.net p.adsymptotic.com www.google.dk da7xgjtj801h2.cloudfront.net su.addthis.com simage2.pubmatic.com odr.mookie1.com free.timeanddate.com bh.contextweb.com www.google.de pixel.tapad.com login-ds.dotomi.com adfarm.mediaplex.com idsync.rlcdn.com partners.tremorhub.com pixel.advertising.com s2s.addkt.com js-agent.newrelic.com www.google.com.br contextual.media.net x.bidswitch.net bam.nr-data.net s.thebrighttag.com i.liadm.com ads.scorecardresearch.com tags.rd.linksynergy.com match.sharethrough.com www.google.ru www.google.ca www.google.com.mx secure.insightexpressai.com www.google.com.ar uipglob.semasio.net e.nexac.com www.youtube.com cw.addthis.com www.google.com.hk io.narrative.io www.google.se www.google.pl www.google.ie www.google.com.sg www.google.com.my stags.bluekai.com cs.gssprt.jp www.google.co.jp www.google.com.eg mediamath.digitru.st www.google.co.th jp-u.openx.net cs.adingo.jp sec.yimg.com sync.crwdcntrl.net www.google.com.gh sync.navdmp.com ad.360yield.com api.iperceptions.com loadm.exelator.com rum.optimizely.com adservice.google.com.au www.google.es stats.g.doubleclick.net idsync.reson8.com px.powerlinks.com global.ib-ibi.com sd.iperceptions.com uipus.semasio.net; report-uri /csp-report-only 1
default-src https: android-webview: 'unsafe-inline' 'unsafe-eval'; media-src data: https: 'unsafe-inline' 'unsafe-eval'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; font-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://netologygroup.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com 'nonce-MTU5ODI2MTY2Miw5Nzg2MDgxOTA='; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
frame-ancestors 'none';      base-uri 'self';      default-src 'self' https://static.wolt.com/;      connect-src 'self' https://sentry.io *.intercom.io wss://nexus-websocket-a.intercom.io https://restaurant-api.wolt.com sessions.bugsnag.com notify.bugsnag.com https://authentication.wolt.com prod-videos.wolt.com https://courier-api.wolt.com wa.appsflyer.com wa.onelink.me https://static.wolt.com/ *.google-analytics.com uploads.intercomcdn.com js.intercomcdn.com      stats.g.doubleclick.net www.facebook.com web.facebook.com graph.facebook.com      z-p3-graph.facebook.com api2.branch.io api.lever.co https://auth.wolt.com;      font-src 'self' data: js.intercomcdn.com fonts.gstatic.com uploads-ssl.webflow.com https://static.wolt.com/;      style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com tagmanager.google.com      uploads-ssl.webflow.com https://static.wolt.com/;      img-src data: https:;      script-src 'self' 'nonce-YYmzTw40dKwgWMKmLhlS69YVvce3lkF5E8RJPSL61L8=' js.intercomcdn.com cdn.branch.io connect.facebook.net https://static.wolt.com/ *.google-analytics.com tagmanager.google.com www.googletagmanager.com uploads-ssl.webflow.com      widget.intercom.io cdn.appsflyer.com *.googleapis.com bam.nr-data.net js-agent.newrelic.com      d1tdp7z6w94jbb.cloudfront.net cdn.wolt.com d3e54v103j8qbb.cloudfront.net      core.spreedly.com;      object-src 'none';      media-src blob: cdn.wolt.com js.intercomcdn.com prod-videos.wolt.com;      worker-src blob:;      frame-src https:;      child-src https:;      report-uri https://sentry.io/api/1433537/security/?sentry_key=6e2826809a1a476ab2c9aa8f03059910&sentry_environment=production 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vwtjtrxk3sfdp0kvpob5s8gb.httpschecker.net/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=3221a45c670d595ba8869fdeec0238e4 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://ssl.google-analytics.com https://www.google-analytics.com https://google-analytics.com www.google.com www.gstatic.com cdn.paddle.com checkout.paddle.com https://*.zopim.com *.zdassets.com; frame-src www.google.com checkout.paddle.com buy.paddle.com create-checkout.paddle.com; connect-src 'self' d31j93rd8oukbv.cloudfront.net ssl.google-analytics.com analytics.paddle.com browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
default-src photomath.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' tcms.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' cms.photomath.net tcms.photomath.net; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com about: data:; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com; object-src 'self'; report-uri https://563mjpey.uriports.com/reports/report; report-to default 1
script-src 'nonce-3Ggr6HCS_phP_62uBhxYIg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
report-uri https://csp.edipresse.pl/report/wizaz; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.inspectlet.com *.freshchat.com d2tic578h94r8u.cloudfront.net 'nonce-fU6/ZKPtYwv8UdhTXRGhcg=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.typekit.net *.freshchat.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com s7.addthis.com assets.pinterest.com www.youtube.com *.freshchat.com player.vimeo.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com checkout.paypal.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com *.honeybadger.io www.facebook.com *.inspectlet.com s.yimg.com http://localhost:3035 ws://localhost:3035 wss://ws.inspectlet.com/ d2tic578h94r8u.cloudfront.net strict-dynamic; report-uri /csp_reports 1
default-src 'none'; connect-src 'self' data: https://titanic.honeybadger.io https://*.convertikit.com https://dmm.rightmessage.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https://honeybadger-static.s3.amazonaws.com https://docs-honeybadger.s3.amazonaws.com/ https://www.googletagmanager.com/ https://*.wistia.com/ https://www.gstatic.com https://stats.g.doubleclick.net https://ton.twimg.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://d3aei7d2k8qp8j.cloudfront.net https://embedwistia-a.akamaihd.net https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://app.rightmessage.com/adminvisitor https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://loginchecker.rightmessage.com https://tag.rightmessage.com/1661691228.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google-analytics.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com; img-src 'self' 'unsafe-inline' *.google-analytics.com https://syndication.twitter.com https://*.sharethis.com; frame-src 'self' 'unsafe-inline' *.youtube.com https://platform.twitter.com https://player.vimeo.com https://www.facebook.com https://*.sharethis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; report-uri /report-csp-violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: blob:; report-uri /csp-report 1
default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com ton.twimg.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/; report-uri /api/report-csp1/ 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
default-src 'self' appointments-production-f.squarecdn.com square.site squareup.com; connect-src 'self' appointments-production-f.squarecdn.com square.site squareup.com data-platform-staging.squarecloudservices.com data-platform.squarecloudservices.com api2.branch.io; img-src 'self' data: api.mapbox.com *.tiles.mapbox.com square-go-production.s3.amazonaws.com/ s3.amazonaws.com/square-dashboard-production/ www.google-analytics.com api.squareup.com appointments-production.s3.amazonaws.com/ square-web-production-f.squarecdn.com appointments-production-f.squarecdn.com d1g145x70srn7h.cloudfront.net; script-src 'self' 'unsafe-inline' appointments-production-f.squarecdn.com js-agent.newrelic.com/ bam.nr-data.net/ cdn.branch.io/ api2.branch.io/ app.link/; style-src 'self' 'unsafe-inline' appointments-production-f.squarecdn.com; report-uri https://squareup.com/1.0/as-reporter/csp/E-g-3sEcG3-1DHsDEIhKGqOrreQ_KmM23fhp_JMWVt34xrVL 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: s.ytimg.com siteimproveanalytics.com us4.siteimprove.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://trlhvadgdetff1t0lc6gw4oo.httpschecker.net/report 1
default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1
default-src 'self' https: wss: data: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/ta/prod 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self'; script-src 'nonce-9ROSavdrO4k8HeGcBaafVPyOc7driEjb0xmcdhNcf4w=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
default-src 'self' * 127.0.0.1; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; frame-src 'self' https: http: data:; child-src 'self' https: http: data:; 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.wikia.com/csp-logger/csp/app 1
frame-src https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com/; block-all-mixed-content;script-src https://connect.facebook.net/ 'self' https://*.google-analytics.com/ https://app.marketplan.io/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google.com/ 'unsafe-eval' https://www.timevaluecalculators.com/ 'unsafe-inline'; font-src https://use.typekit.net/ data:; form-action https://gesa.locatorsearch.com/ 'self'; worker-src  'none'; report-uri https://csp.tsrs.cloud/r/1a0c3c00375f3f9f0ea9398b829a0bd5ce3c3960; frame-ancestors https://www.inspiruscu.org/ 'self'; style-src 'unsafe-inline' 'self' https://*.typekit.net/ https://www.timevaluecalculators.com/; base-uri  'self'; img-src https://contentadmin.gesa.com/ https://www.facebook.com/ https://google-analytics.bi.owox.com/ 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ data: https://www.timevaluecalculators.com/; media-src  'none'; object-src  'none'; connect-src https://app.marketplan.io/ https://www.facebook.com/ https://gesa.locatorsearch.com/ 'self' https://stats.g.doubleclick.net/; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'none'; base-uri https: data:; object-src; font-src https: data:; script-src 'nonce-4db386c0-d6dc-4e81-92fa-376fea01483c' https: 'unsafe-inline' 'nonce-RjMKcqb1VdsqvnrthEMgGJWq' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn https://*.google.com *.addthis.com *.youtube.com;              style-src 'unsafe-inline' *;              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn www.googletagmanager.com www.youtube.com fast.fonts.net                         www.google-analytics.com *.crazyegg.com www.googleadservices.com cdn.bizible.com                         cdn-akamai.mookie1.com s.ytimg.com *.pingdom.net *.doubleclick.net munchkin.marketo.net        cdn.polyfill.io tags.tiqcdn.com tags.tiqcdn.cn                         *.usabilla.com www.gstatic.com *.google.com  *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com *.baidu.com;              connect-src 'self' *.mktoresp.com *.pingdom.net *.moxa.com *.moxa.com.cn *.facebook.com *.addthis.com *.google-analytics.com *.doubleclick.net;     frame-src 'self' *.doubleclick.net *.addthis.com *.google.com *.mookie1.com *.youtube.com;              img-src 'self' data: *;              font-src 'self' data: *;      report-uri https://moxacsp.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.everplans.com js-agent.newrelic.com bam.nr-data.net pi.pardot.com a248.e.akamai.net downloads.mailchimp.com mc.us7.list-manage.com *.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.googleadservices.com *.g.doubleclick.net use.typekit.net *.livechatinc.com *.addthis.com v1.addthisedge.com *.twitter.com connect.facebook.net cdn.embedly.com px.ads.linkedin.com fast.wistia.com onlinedialogue.s3.amazonaws.com snap.licdn.com try.abtasty.com; object-src 'self'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com fonts.googleapis.com netdna.bootstrapcdn.com; img-src 'self' data: *.everplans.com p.typekit.net ping.chartbeat.net secure.livechatinc.com www.google.com www.googletagmanager.com stats.g.doubleclick.net i.imgur.com v1.addthis.com t.co www.facebook.com storage.pardot.com fast.wistia.com embedwistia-a.akamaihd.net; media-src 'self' blob: data: cdn.livechatinc.com embedwistia-a.akamaihd.net; frame-src 'self' *.everplans.com secure.livechatinc.com go.pardot.com *.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; frame-ancestors 'self'; child-src 'self' *.everplans.com s7.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; font-src 'self' data: fonts.gstatic.com use.typekit.net netdna.bootstrapcdn.com; connect-src 'self' data: *.everplans.com stats.g.doubleclick.net v1.addthis.com *.wistia.com embedwistia-a.akamaihd.net *.abtasty.com; report-uri https://everplans.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data: blob:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/hg/prod 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://caf5f8ef339e1ac1cb2b2e0186f0883b.report-uri.com/r/d/csp/wizard 1
default-src 'self'; report-uri //root 1
report-uri /csp-logger; default-src 'self' https://vanguardassets.bmstatic.com/assets/; connect-src 'self' https://vanguardassets.bmstatic.com/assets/ https://api2.branch.io https://mc.yandex.fr https://mc.yandex.ru https://cognito-identity.us-east-1.amazonaws.com https://mobileanalytics.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://api.rollbar.com; style-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/; script-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/ https://app.link https://cdn.branch.io https://cdn.polyfill.io https://connect.facebook.net https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://js.stripe.com https://mc.yandex.ru; img-src * 'self' data:; frame-src 'self' https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://simplecast.com https://mc.yandex.ru; object-src 'none' 1
default-src data: 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; media-src blob: https:; img-src https: data:; font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; report-uri /corp_includes/report_only.php 1
frame-ancestors topface.com *.topface.com vk.com *.vk.com http://mail.ru http://*.mail.ru https://mail.ru https://*.mail.ru ok.ru *.ok.ru renren.com *.renren.com apps.facebook.com; report-uri /csp-report/; 1
default-src 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.google.com apis.google.com maps.googleapis.com www.gstatic.com www.googletagmanager.com www.google-analytics.com platform.twitter.com cdn.syndication.twimg.com platform.linkedin.com connect.facebook.net s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com c.disquscdn.com ccrjustice.disqus.com www.wufoo.com secure.wufoo.com; style-src 'self' data: 'unsafe-inline' platform.twitter.com; img-src 'self' data: ccrjustice.org www.google-analytics.com www.googletagmanager.com maps.googleapis.com syndication.twitter.com platform.twitter.com twimg.com pbs.twimg.com abs.twimg.com ton.twimg.com www.facebook.com www.paypalobjects.com www.paypal.com referrer.disqus.com; font-src 'self' data:; worker-src 'self' platform.twitter.com; frame-src 'self' www.google.com accounts.google.com apis.google.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com syndication.twitter.com platform.twitter.com s7.addthis.com disqus.com ccrjustice.wufoo.com w.soundcloud.com; child-src 'self' data:; connect-src 'self' data: www.google-analytics.com m.addthis.com links.services.disqus.com; report-uri https://josephlacey.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; connect-src 'self' dc.services.visualstudio.com www.facebook.com wss://widget-mediator.zopim.com googleads4.g.doubleclick.net api.mapbox.com www.google.com wss://sg14.zopim.com wss://sg08.zopim.com ekr.zdassets.com wss://sg06.zopim.com wss://sg20.zopim.com sg06.zopim.com events.mapbox.com eurotunnel.zendesk.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net; font-src data: fonts.gstatic.com v2.zopim.com 'self'; manifest-src 'self'; object-src 'self'; frame-src 'self' player.vimeo.com widget.trustpilot.com travelmoney.travelex.co.uk platform.twitter.com 856279.fls.doubleclick.net syndication.twitter.com tpc.googlesyndication.com analytics-google.net www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src blob: q-xx.bstatic.com syndication.twitter.com sakenticoprod.blob.core.windows.net v2.zopim.com v2assets.zopim.io googleads4.g.doubleclick.net consent.trustarc.com via.placeholder.com sakenticodev.blob.core.windows.net lowffdompro.com ton.twimg.com login.microsoftonline.com pbs.twimg.com googleads.g.doubleclick.net www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' static.zdassets.com data:; script-src 'self'  blob: data az416426.vo.msecnd.net platform.twitter.com widget.trustpilot.com ad.doubleclick.net consent.truste.com consent.trustarc.com assets.zendesk.com v2.zopim.com static.zdassets.com cdn.syndication.twimg.com www.gstatic.com www.google.com tpc.googlesyndication.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src platform.twitter.com ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline'; report-uri https://eurotunnel.report-uri.com/r/d/csp/wizard 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=denniexpres&d=2019-12-09 1
default-src 'self' 'unsafe-inline' *.voxcinemas.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleapis.com *.facebook.net *.facebook.com fburl.com *.crazyegg.com *.ads-twitter.com *.twitter.com t.co *.doubleclick.net *.criteo.net *.criteo.com *.sc-static.net *.snapchat.com *.youtube.com *.ytimg.com *.instagram.com *.cdninstagram.com *.gstatic.com *.placeholder.com xid.alzahia.ae xid.carrefournow.com xid.carrefouruae.com xid.citycentredeira.com xid.citycentremirdif.com xid.maffinance.com xid.majidalfuttaim.com xid.malloftheemirates.com xid.tilalalghaf.com xid.najm.ae xid.waterfrontcity.com *.voxcinemas.com; report-uri /security/csp 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1
report-uri /api/csp-report/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'none';      base-uri 'self';      default-src 'self' https://static.wolt.com/;      connect-src 'self' https://sentry.io *.intercom.io wss://nexus-websocket-a.intercom.io https://restaurant-api.wolt.com sessions.bugsnag.com notify.bugsnag.com https://authentication.wolt.com prod-videos.wolt.com https://courier-api.wolt.com wa.appsflyer.com wa.onelink.me https://static.wolt.com/ *.google-analytics.com uploads.intercomcdn.com js.intercomcdn.com      stats.g.doubleclick.net www.facebook.com web.facebook.com graph.facebook.com      z-p3-graph.facebook.com api2.branch.io api.lever.co https://auth.wolt.com;      font-src 'self' data: js.intercomcdn.com fonts.gstatic.com uploads-ssl.webflow.com https://static.wolt.com/;      style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com tagmanager.google.com      uploads-ssl.webflow.com https://static.wolt.com/;      img-src data: https:;      script-src 'self' 'nonce-AdVOnDFl4SjZSuy1loWyL1M2Fq1yorNn+3NuR3NcqhY=' js.intercomcdn.com cdn.branch.io connect.facebook.net https://static.wolt.com/ *.google-analytics.com tagmanager.google.com www.googletagmanager.com uploads-ssl.webflow.com      widget.intercom.io cdn.appsflyer.com *.googleapis.com bam.nr-data.net js-agent.newrelic.com      d1tdp7z6w94jbb.cloudfront.net cdn.wolt.com d3e54v103j8qbb.cloudfront.net      core.spreedly.com;      object-src 'none';      media-src blob: cdn.wolt.com js.intercomcdn.com prod-videos.wolt.com;      worker-src blob:;      frame-src https:;      child-src https:;      report-uri https://sentry.io/api/1433537/security/?sentry_key=6e2826809a1a476ab2c9aa8f03059910&sentry_environment=production 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://vk.com https://*.vk.com https://cdn.api.twitter.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://facebook.com https://*.facebook.com https://connect.facebook.net https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://*.criteo.net https://*.criteo.com https://video.bosch-pt-video.com https://uc.xddi.ru https://techport-st.cdn.ngenix.net https://demoup.com https://*.demoup.com https://pickpoint.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://api.flocktory.com https://techport.api.sociaplus.com; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=138-3118714-2963461:rid=5N942V6Q52KHCY29T1GD:sn=www.audible.com 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=3fa596b3123e561521e7bb3a01485339 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net; img-src * 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/logging/log_csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net fonts.googleapis.com en-us.eaglemoss.com fonts.gstatic.com www.googletagmanager.com eagle11134.pcapredict.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net services.postcodeanywhere.co.uk staticxx.facebook.com reporting.eaglemoss.com img.youtube.com www.facebook.com dis.eu.criteo.com static.criteo.net stats.g.doubleclick.net www.google-analytics.com goverseer.wishpond.com jambo.wishpond.com cdn.wishpond.net www.wishpond.com vars.hotjar.com api.optmnstr.com ct.pinterest.com www.google.com snapsmedia.io in.hotjar.com embedded.wishpondpages.com www.youtube.com platform.twitter.com syndication.twitter.com pbs.twimg.com ton.twimg.com www.w3.org abs.twimg.com a.optmnstr.com bid.g.doubleclick.net gum.criteo.com z.optmnstr.com cdn.lightwidget.com 8793740.fls.doubleclick.net webfonts.zohostatic.com ws1.hotjar.com api.optmstr.com a.mstrlytcs.com web.facebook.com psr.fuel451.com ws5.hotjar.com lightwidget.com www.lightwidget.com server.adform.net payment.pay3.secured-by-ingenico.com ws3.hotjar.com; img-src *; object-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net fonts.googleapis.com en-us.eaglemoss.com fonts.gstatic.com www.googletagmanager.com eagle11134.pcapredict.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net services.postcodeanywhere.co.uk staticxx.facebook.com widget.eu.criteo.com sslwidget.criteo.com static.criteo.net www.google-analytics.com a.optmnstr.com s.pinimg.com script.hotjar.com googleads.g.doubleclick.net cdn.wishpond.net www.googleadservices.com a.optmstr.com pixel.snapsmedia.io static.hotjar.com cdn.syndication.twimg.co cdn.syndication.twimg.com platform.twitter.com ajax.googleapis.com cdn.fuelx.com www.lightwidget.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://dev.visualwebsiteoptimizer.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.youtube.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net services.postcodeanywhere.co.uk platform.twitter.com ton.twimg.com ajax.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-elem cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://dev.visualwebsiteoptimizer.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.youtube.com unpkg.com; style-src-elem cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com 1
script-src 'nonce-qAYPpiLrRw1X28RbyTFRdA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com; report-uri /csp-reports 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dwolla.com dtlilztwypawv.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleads.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.adroll.com *.adnxs.com *.googleadservices.com *.yahoo.com *.bidswitch.net *.twitter.com *.rlcdn.com *.connexity.net static.chartbeat.com *.akamai.net *.optimizely.com *.cdngc.net *.iovation.com pi.pardot.com px.ads.linkedin.com snap.licdn.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com js-agent.newrelic.com bam.nr-data.net s0.wp.com s1.wp.com stats.wp.com widget.intercom.io a.quora.com cdnjs.cloudflare.com js.intercomcdn.com siftscience.com www.linkedin.com data:; style-src 'self' 'unsafe-inline' cdn.dwolla.com fonts.googleapis.com safari-extension://* chrome-extension://*; img-src * data:; font-src * data:; frame-src 'self' *.dwolla.com *.facebook.com *.googletagmanager.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com *.chartbeat.com platform.twitter.com; connect-src 'self' *.optimizely.com *.intercom.io status.g.doubleclick.net api.ipify.org; object-src 'self' *.cdngc.net *.iovation.com cdn.dwolla.com 1
default-src 'unsafe-inline' 'unsafe-eval' https: http: blob: filesystem: data: 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=144-8114600-4006243:rid=F2640TJ7RG5CQ327ZNA7:sn=www.audible.com 1
script-src 'strict-dynamic' 'unsafe-eval' 'nonce-d37d9fa6-4c52-45a0-987d-5b470595b35b' ; report-uri http://www.oncor.com/_layouts/15/CSPReporting.aspx 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1
script-src 'self' 'unsafe-inline' 'nonce-emXQrMGZdO6vy0UYU8oaviNzu86WKfiV' http://search.usa.gov http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://search.usa.gov https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com nonce-emXQrMGZdO6vy0UYU8oaviNzu86WKfiV; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://d15vqlr7iz6e8x.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://*.vets.gov https://*.va.gov https://search.usa.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' http://search.usa.gov https://fonts.googleapis.com https://search.usa.gov https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.vets.gov https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://analytics.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://search.vets.gov https://vicbdc.vba.va.gov https://search.usa.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vets.gov http://*.vetsgov-internal https://optimize.google.com ;  report-uri /csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://* data:;                                                report-uri https://homestay.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.firebaseio.com ajax.googleapis.com *.thevillages.com www.googletagmanager.com api.usersnap.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' *.thevillages.com; media-src 'self'; frame-src 'self' *.firebaseio.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.firebaseio.com *.thevillages.com; 1
img-src 'self' https://media.forbiddenplanet.com https: data: www.gravatar.com tripadvisor.com unpkg.com openstreetmap.com *.tile.openstreetmap.com dyn0.media.forbiddenplanet.com dyn.media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net; frame-ancestors 'self'; script-src 'self' https://media.forbiddenplanet.com 'unsafe-inline' 'unsafe-eval' data: www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net; font-src 'self' https://media.forbiddenplanet.com data: fonts.googleapis.com storage.googleapis.com fonts.gstatic.com themes.googleusercontent.com; connect-src *.googleapis.com fonts.googleapis.com *.youtube.com https: *.sagepay.com www.google-analytics.com *.facebook.com *.twitter.com *.akamaihd.net *.google.com *.facebook.net https://media.forbiddenplanet.com fonts.gstatic.com 'self' *.pinterest.com *.instagram.com *.surveymonkey.com storage.googleapis.com dyn0.media.forbiddenplanet.com www.gravatar.com *.tile.openstreetmap.com unpkg.com openstreetmap.com data: *.youtu.be wss://forbiddenplanet.com *.gstatic.com *.cloudfront.net themes.googleusercontent.com *.bootstrapcdn.com tripadvisor.com *.twimg.com www.googletagmanager.com dyn.media.forbiddenplanet.com www.googlecommerce.com; worker-src 'self' https://media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net data:; frame-src 'self' https://media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net data:; default-src 'self' https://media.forbiddenplanet.com 'unsafe-inline' 'unsafe-eval' data:; style-src *.googleapis.com fonts.googleapis.com *.youtube.com *.sagepay.com www.google-analytics.com *.facebook.com *.twitter.com *.akamaihd.net *.google.com *.facebook.net https://media.forbiddenplanet.com fonts.gstatic.com 'self' *.pinterest.com *.instagram.com *.surveymonkey.com storage.googleapis.com 'unsafe-eval' unpkg.com data: *.youtu.be *.gstatic.com *.cloudfront.net 'unsafe-inline' themes.googleusercontent.com *.bootstrapcdn.com *.twimg.com www.googletagmanager.com www.googlecommerce.com; report-uri /@csp-report 1
default-src https: data: blob: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval' http://*.cdn.ne.jp https://*.cdn.ne.jp; report-uri /analyze/cspreport.php 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' exeter.edu *.cincopa.com  www.google-analytics.com cdn.ckeditor.com www.google.com cse.google.com www.googleapis.com www.googletagmanager.com support.ebscohost.com ajax.googleapis.com maxcdn.bootstrapcdn.com bam.nr-data.net js-agent.newrelic.com code.jquery.com www.youtube.com s.ytimg.com platform.instagram.com static.tagboard.com platform.twitter.com cdn.syndication.twimg.com calendar.exeter.edu connect.facebook.net  siteimproveanalytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' exeter.edu *.cincopa.com cdn.ckeditor.com www.google.com platform.twitter.com; img-src 'self' data: *.cincopa.com cdn.ckeditor.com www.google.com cse.google.com www.google-analytics.com www.googleapis.com clients1.google.com syndication.twitter.com pbs.twimg.com www.facebook.com stats.g.doubleclick.net *.siteimprove.com; media-src 'self' ; frame-src www.google.com www.youtube.com player.vimeo.com *.exeter.edu cse.google.com www.googletagmanager.com www.instagram.com embeds.tagboard.com platform.twitter.com syndication.twitter.com youtube.com; font-src 'self' data: cincopa.com; connect-src 'self' *.cincopa.com www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' www.google-analytics.com verify.authorize.net www.googletagmanager.com js.hs-scripts.com www.googleadservices.com static.hotjar.com snap.licdn.com js.hs-analytics.net bat.bing.com connect.facebook.net static.ads-twitter.com www.googlecommerce.com px.ads.linkedin.com analytics.twitter.com www.google.com apis.google.com script.hotjar.com googleads.g.doubleclick.net jstest.authorize.net js.authorize.net www.linkedin.com js.hscta.net cta-service-cms2.hubspot.com www.youtube.com s.ytimg.com www.gstatic.com maps.googleapis.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ms-appx-web: static.hotjar.com; img-src 'self' data: blob: verify.authorize.net www.google-analytics.com track.hubspot.com t.co bat.bing.com www.facebook.com www.googletagmanager.com www.google.com stats.g.doubleclick.net www.statefoodsafety.com no-cache.hubspot.com www.googleadservices.com googleads.g.doubleclick.net *.statefoodsafety.com maps.gstatic.com; frame-src 'self' vars.hotjar.com www.google.com www.facebook.com www.youtube.com bid.g.doubleclick.net flex.atdmt.com ms-appx-web:; connect-src 'self' *.statefoodsafety.com jstest.authorize.net js.authorize.net apitest.authorize.net api.authorize.net in.hotjar.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self'; media-src 'self' *.statefoodsafety.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; report-uri /JsonLog/contentSecurityPolicyViolation; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation/ 1
default-src *.pharm24.gr data:; frame-src *.googletagmanager.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' *.pharm24.gr *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.pharm24.gr *.bootstrapcdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com; font-src 'self' *.stats.pharm24.gr *.pharm24.gr *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com data:; connect-src *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com  *.amazonaws.com *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com; report-uri https://g0rhndej.uriports.com/reports/report 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' kameleoon.com kameleoon.eu https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' kameleoon.com kameleoon.eu; img-src data: https:; report-uri https://lidlcsp.report-uri.io/r/default/csp/reportOnly; 1
default-src 'none'; form-action 'none'; img-src 'self' data:; script-src 'self' https://cdn.segment.com https://sdks.shopifycdn.com https://cdn.optimizely.com https://cdn.ravenjs.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://automaticapp.myshopify.com https://*.optimizely.com https://api.segment.io https://sentry.io https://google-analytics.com; font-src 'self'; media-src 'self'; report-uri https://automaticlabs.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.ssl-images-amazon.com https://*.doubleverify.com https://*.amazon-adsystem.com https://www.googleapis.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://rules.quantcount.com https://secure.quantserve.com https://ssl.google-analytics.com https://wms.assoc-amazon.com https://stats.g.doubleclick.net https://seal.geotrust.com https://www.google-analytics.com https://edge.quantserve.com https://ajax.googleapis.com; connect-src 'self' https://m.addthis.com; img-src 'self' https://resources.tidal.com https://dt.adsafeprotected.com https://*.moatads.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://i.ytimg.com https://s1.ticketm.net https://seal.geotrust.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com http://img.besteveralbums.com http://albumart.besteveralbums.com https://pixel.quantserve.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.facebook.com https://widgets.itunes.apple.com https://s7.addthis.com https://*.doubleverify.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net https://player.polyv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.google-analytics.com www.gstatic.com ajax.googleapis.com www.google.com widget.intercom.io www.googleadservices.com googleads.g.doubleclick.net https://js.intercomcdn.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com; font-src 'self' fonts.gstatic.com js.intercomcdn.com; img-src 'self' data: https://ssl.google-analytics.com https://ajax.googleapis.com https://*.intercomcdn.com https://static.intercomassets.com/; frame-src www.youtube.com www.google.com; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercom.io https://uploads.intercomcdn.com/; media-src 'self' https://js.intercomcdn.com/; report-uri /callback/csp-report.php; 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=ES&lang=es-ES&device=desktop&yrid=1jqad4heurapt&partner=; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' v1.addthisedge.com www.googletagmanager.com z.moatads.com v2.zopim.com m.addthis.com assets.mantisadnetwork.com maps.googleapis.com code.jquery.com ssl.google-analytics.com s7.addthis.com www.wappalyzer.com www.google-analytics.com graph.facebook.com widgets.pinterest.com cdnjs.cloudflare.com widget-mediator.zopim.com ecs.mantisadnetwork.com staticw2.yotpo.com mnde.miss.imgeng.in static.zdassets.com use.typekit.net api-public.addthis.com connect.facebook.net platform.twitter.com www.googletagmanager.com kandypens.com.imgeng.in api.autopilothq.com v2.zopim.com briskeagle.io secure.saintcorporation.com js-agent.newrelic.com bam.nr-data.net *.cloudmaestro.com www.google.com ; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src 'self' *.parkmobile.us 1
script-src 'nonce-_IjB_vwMb_mzrc_SypailA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
frame-ancestors https://*.prace.cz https://my.teamio.com https://*.facebook.com https://*.jobs.cz https://*.topjobs.sk; report-uri /csp-reports/ 1
script-src 'nonce-LfPW7-pKqloZBG5uI5YlBA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-inline' https://api.timekit.io https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.facebook.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.twitter.com https://*.adform.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src * data:; frame-src 'self' https:; font-src 'self' data: https://*.livechatinc.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://code.jquery.com https://www.youtube.com http://us1.siteimprove.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com http://us1.siteimprove.com/ https://s.ytimg.com https://cdn.yoshki.com; object-src 'self'; img-src 'self' *.usercentrics.eu *.siteimproveanalytics.io http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com http://us1.siteimprove.com/ https://cdn.yoshki.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.usercentrics.eu;frame-ancestors 'self' *.usercentrics.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://d347b8264a61d229bec175972d08ae24.report-uri.io/r/default/csp/enforce 1
object-src 'none'; script-src 'nonce-nqJB8WGUgLyzhivsR7e4' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://sentry.io/api/1833953/security/?sentry_key=760cfc2ebe6c4907beef03ce792ac5bb 1
default-src https: blob: android-webview-video-poster: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://6lubylb0fb.execute-api.eu-west-1.amazonaws.com/prod/report 1
child-src 'self'; connect-src 'self' sentry.io bam.nr-data.net stats.g.doubleclick.net *.facebook.com pixel.spotify.com *.optimizely.com s.yimg.com *.pusher.com *.corybooker.com wss:; default-src 'self' data:; font-src 'self' fonts.gstatic.com *.wp.com wordpress.com data:; frame-src 'self' *.optimizely.com *.wp.com www.facebook.com; img-src 'self' www.facebook.com *.optimizely.com secure.gravatar.com *.wp.com www.google.com www.google-analytics.com t.co stats.g.doubleclick.net www.googletagmanager.com data:; manifest-src 'self'; media-src 'self'; object-src 'self' data:; script-src 'self' 'unsafe-inline' bam.nr-data.net *.wp.com *.pusher.com js-agent.newrelic.com analytics.twitter.com pixel-static.spotify.com sp.analytics.yahoo.com *.fontawesome.com www.google-analytics.com *.ads-twitter.com s.yimg.com pixel-static.spotify.com polyfill.io *.optimizely.com *.facebook.com *.facebook.net code.jquery.com fonts.googleapis.com *.cloudflare.com sp.analytics.yahoo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com *.wp.com data:; worker-src 'self'; base-uri ; report-uri https://sentry.io/api/1757786/security/?sentry_key=6ddcde56c89c4ec1a54735fd426f8008 1
default-src *.bootstrapcdn.com *.cloudflare.com *.doubleclick.net *.facebook.com *.facebook.net *.getmyoffers.ca *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.ca *.googletagmanager.com *.mbww.com *.netdna-ssl.com *.newrelic.com *.nr-data.net *.sobeys.com *.twitter.com data: self 'unsafe-inline'; connect-src *.azurewebsites.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.netdna-ssl.com *.nr-data.net *.sobeys.com *.wpengine.com *.yoast.com yoast.com; font-src *.bootstrapcdn.com *.formstack.com *.getmyoffers.ca *.gstatic.com *.netdna-ssl.com *.sobeys.com data: https://getmyoffers.ca; frame-src *.doubleclick.net *.facebook.com *.flippenterprise.net *.google.com *.googletagmanager.com *.mbww.com *.sobeys.com *.youtube.com; img-src *.akamaihd.net *.amazonaws.com *.blinkjork.com *.doubleclick.net *.facebook.com *.flippenterprise.net *.gravatar.com *.google.ca *.google.co.in *.google.co.uk *.google.com *.google.com.ua *.google.com.br *.google.es *.google.fr *.google.it *.google.tt *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.indeed.com *.netdna-ssl.com *.nr-data.net *.rasenalong.com *.sobeys.com *.t.co *.teads.tv *.wishabi.com *.wpengine.com *.ytimg.com *.zscalerthree.net *.zscloud.net data: http://2rt9loawzcmbvlze40mhj9n0-wpengine.netdna-ssl.com https://getmyoffers.ca https://t.co https://blinkjork.com; media-src *.gstatic.com; script-src *.ads-twitter.com *.cloudflare.com *.doubleclick.com *.doubleclick.net *.getmyoffers.ca *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.facebook.net *.formstack.com *.mbww.com *.netdna-ssl.com *.newrelic.com *.nr-data.net *.sobeys.com *.teads.tv *.twitter.com self https://getmyoffers.ca https://google-analytics.com 'unsafe-eval' 'unsafe-inline'; script-src-elem *.ads-twitter.com *.cloudflare.com *.doubleclick.net *.facebook.com *.facebook.net *.getmyoffers.ca *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.mbww.com *.netdna-ssl.com *.newrelic.com *.nr-data.net *.sobeys.com *.teads.tv *.twitter.com data: https://getmyoffers.ca https://google-analytics.com 'unsafe-inline'; style-src *.bootstrapcdn.com *.formstack.com *.getmyoffers.ca *.googleapis.com *.netdna-ssl.com *.sobeys.com https://getmyoffers.ca 'unsafe-inline'; style-src-elem *.bootstrapcdn.com *.cloudflare.com *.flippenterprise.net *.getmyoffers.ca *.google-analytics.com *.googleapis.com *.googletagmanager.com *.netdna-ssl.com *.sobeys.com https://getmyoffers.ca 'unsafe-inline'; report-uri https://truinc.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';                  frame-src 'self' lpcdn.lpsnmedia.net;                  frame-ancestors 'self';                  connect-src 'self' *.australiansuper.com;                  font-src 'self' 'unsafe-inline' data: *.azurewebsites.net *.australiansuper.com fonts.googleapis.com fonts.gstatic.com cloud.typography.com;                  img-src 'self' *.azurewebsites.net *.australiansuper.com www.google-analytics.com *.doubleclick.net www.google.com www.google.com.au;                  media-src 'self' data:;                  object-src 'none';                  script-src 'self' 'unsafe-inline' *.azurewebsites.net *.australiansuper.com www.googletagmanager.com www.google-analytics.com *.liveperson.net *.liveperson.com *.youtube.com s.ytimg.com accdn.lpsnmedia.net;                  style-src 'self' 'unsafe-inline' *.azurewebsites.net *.australiansuper.com fonts.googleapis.com cloud.typography.com; 1
child-src 'self'; connect-src https://*.google-analytics.com https://slaask.com http://*.google.com https://*.eyeka.com https://*.pusher.com https://*.cedexis.com data: https://*.g.doubleclick.net https://*.adnxs.com https://*.facebook.com http://*.eyeka.com https://*.kameleoon.com http://*.google-analytics.com 'self' https://*.googleapis.com https://*.google.com; default-src 'self' data:; font-src https://*.gstatic.com https://*.eyeka.com data: https://*.slaask.com http://*.eyeka.com 'self' https://*.embedly.com; frame-src http://*.youtube.com http://*.google.com data: https://*.uservoice.com https://*.kameleoon.eu https://*.g.doubleclick.net https://*.kameleoon.com https://*.facebook.com https://*.youtube.com 'self' https://*.embedly.com https://*.google.com; img-src https://*.cdnetworks.net https://*.gravatar.com https://*.uservoice.com https://*.slaask.com https://*.kameleoon.com https://*.google.ru https://*.google.co.id https://*.youtube.com https://*.google.com https://t.co http://*.google.com https://*.google.pt https://*.ads.linkedin.com https://*.google.com.br https://*.licdn.com https://*.google.com.ua https://*.google.co.uk https://*.adnxs.com http://*.eyeka.com http://*.google-analytics.com https://*.google.com.ng 'self' https://*.googleapis.com https://*.google-analytics.com https://*.eyeka.com https://*.google.com.ph https://*.google.co.in https://*.facebook.com https://*.google.fr https://*.google.com.pk https://*.gstatic.com http://*.youtube.com https://*.google.es data: https://*.g.doubleclick.net https://*.google.com.ar; manifest-src 'self'; media-src https://*.gstatic.com http://*.google.com https://*.eyeka.com https://*.slaask.com http://*.eyeka.com 'self' https://*.google.com; object-src http://*.eyeka.com data: 'self' https://*.eyeka.com; script-src https://*.ads-twitter.com https://*.uservoice.com https://*.linkedin.com https://*.slaask.com https://*.kameleoon.com https://*.googleadservices.com https://*.google.co.id https://*.google.ru https://*.pusher.com https://*.google.com https://*.newrelic.com http://*.google.com https://*.ads.linkedin.com https://*.licdn.com https://*.mouseflow.com 'unsafe-inline' https://*.adnxs.com https://*.mxpnl.com http://*.eyeka.com http://*.google-analytics.com 'self' https://*.googleapis.com https://*.embedly.com https://*.google-analytics.com 'unsafe-eval' https://*.eyeka.com https://*.nr-data.net https://*.google.fr https://*.gstatic.com https://*.facebook.net https://*.cedexis.com data: https://*.g.doubleclick.net https://*.twitter.com; style-src https://*.eyeka.com data: 'unsafe-inline' https://*.slaask.com http://*.eyeka.com 'self' https://*.googleapis.com https://*.embedly.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1
default-src * data: blob: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.googleadservices.com *.cloudflare.com *.googleapis.com *.google.com services.postcodeanywhere.co.uk pcspe11111.pcapredict.com *.checkout.com *.purechatcdn.com app.purechat.com *.bing.com *.trustpilot.com *.facebook.com *.facebook.net *.google-analytics.com; object-src 'none'; style-src data: blob: 'unsafe-inline' *; report-uri csp.php 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com assets.ubembed.com *.js.ubembed.com connect.facebook.net cdn.polyfill.io code.jquery.com s7.addthis.com m.addthisedge.com m.addthis.com use.typekit.net www.google-analytics.com ssl.google-analytics.com cable.disqus.com script.crazyegg.com platform.twitter.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com pcuktelecom.tdsapi.com pci.tdscd.com pcf.tdscd.com beacon-v2.helpscout.net unpkg.com localhost:3000; connect-src 'self' *.events.ubembed.com performance.typekit.net pcuktelecom.tdsapi.com pcf.tdscd.com m.addthis.com cable.us4.list-manage.com admin.cable.co.uk localhost:3000; img-src 'self' data: *.cable.co.uk p.typekit.net www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com syndication.twitter.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com platform.twitter.com pbs.twimg.com m.addthis.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com; style-src 'self' 'unsafe-inline' platform.twitter.com code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk localhost:3000; font-src 'self' fonts.typekit.net use.typekit.net maxcdn.bootstrapcdn.com pcf.tdscd.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' *.pages.ubembed.com platform.twitter.com syndication.twitter.com s7.addthis.com widget.trustpilot.com googleads.g.doubleclick.net data:; child-src 'self' blob:; report-uri https://bilgo.report-uri.io/r/default/csp/reportOnly 1
default-src https:; font-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=133-8771762-1746663:rid=ZTW5A7F2S0PGJCWNWF94:sn=www.audible.com 1
object-src 'none'; block-all-mixed-content; default-src 'self'; img-src 'self' data: https://biblionix.com/ https://demonstration.biblionix.com https://secure.gravatar.com/; style-src 'self' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://cdn.walkme.com/; font-src 'self' https://fonts.gstatic.com/ data:; report-uri https://www.biblionix.com/report/?block=0 1
default-src 'self' cas.avalon.perfdrive.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; frame-src 'self' blob: www.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.empruntis.com player.vimeo.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; img-src data: blob: www.google.com www.googletagmanager.com www.google.fr www.google-analytics.com stats.g.doubleclick.net www.facebook.com gl.hostcg.com api.mapbox.com static.intercomassets.com maps.googleapis.com maps.gstatic.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; child-src blob:; media-src *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; script-src 'unsafe-inline' 'unsafe-eval' polyfill.io www.google-analytics.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com connect.facebook.net *.realytics.io cdn-eu.realytics.net gl.hostcg.com actorssl-5637.kxcdn.com js-agent.newrelic.com bam.nr-data.net *.perfdrive.com *.algolia.net *.algolianet.com widget.intercom.io js.intercomcdn.com d3js.org code.highcharts.com/highcharts.js *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; connect-src 'self' api.realytics.io m.realytics.io sentry.io *.mapbox.com tile.meilleursagents.com stats.g.doubleclick.net www.google-analytics.com bam.nr-data.net *.perfdrive.com statcache-5637.kxcdn.com www.facebook.com *.algolia.net *.algolianet.com api-iam.intercom.io *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; font-src 'self' fonts.gstatic.com js.intercomcdn.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; worker-src blob:; report-uri /csp-report 1
report-uri https://api.shopkeepapp.com/content-security-policy-reporting; connect-src https://*.shopkeepapp.com https://bam.nr-data.net https://static.zuora.com https://c.la4-c2cs-chi.salesforceliveagent.com https://logx.optimizely.com https://errors.client.optimizely.com https://www.facebook.com https://connect.facebook.net wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://127.0.0.1:* https://localhost:* https://rum.optimizely.com https://merchant-record-service.api.shopkeepapp.com https://*.shopkeepdev.com https://s.yimg.com https://*.pendo.io https://*.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src https://www.google.com https://*.shopkeepapp.com https://*.cloudfront.net https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com https://connect.facebook.net https://cdn.optimizely.com https://*.salesforceliveagent.com https://sp.analytics.yahoo.com https://commondatastorage.googleapis.com https://analytics.twitter.com https://static.ads-twitter.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.zuora.com 'unsafe-inline' https://*.intercom.io https://*.intercomcdn.com https://www.snapengage.com 'unsafe-eval' https://www.googletagmanager.com https://servedbyadbutler.com https://eligibility.wootric.com https://*.shopkeepdev.com https://*.pendo.io https://*.storage.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://fullstory.com https://s3.amazonaws.com 1
script-src 'report-sample' 'nonce-HzKQ9ggKoN9aE8DU4bVBTw' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/skyjam 1
default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1
default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://signrequest.com https://cdn.signrequest.com https://*.webflow.com https://webflow.com https://assets.website-files.com https://d3e54v103j8qbb.cloudfront.net https://www.google-analytics.com https://ssl.google-analytics.com https://ajax.googleapis.com https://apis.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.stripe.com https://*.zapier.com https://zapier.com https://www.dropbox.com https://*.cookiebot.com https://ct.capterra.com https://connect.facebook.net https://static.zdassets.com https://62vqqh6qv58h.statuspage.io ; style-src 'self' 'unsafe-inline' https://assets.website-files.com https://tagmanager.google.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://assets.website-files.com https://fonts.gstatic.com; report-uri https://sentry.io/api/52052/security/?sentry_key=ec65f667deec4ed98fafeea9169140e5 1
default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7knne45eurkpi&partner=; 1
default-src 'self' *.vk.com https://*.vk.com *.userapi.com https://*.userapi.com https://*.google.com https://*.google.ru *.googlesyndication.com https://*.googlesyndication.com https://*.doubleclick.net *.yandex.ru https://*.yandex.ru https://*.yandex.net yastatic.net https://yastatic.net *.yandexadexchange.net https://*.yandexadexchange.net *.yadro.ru https://*.yadro.ru data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com https://vk.com *.vk.com https://*.vk.com https://vidtok.ru https://*.gstatic.com https://*.google.com https://*.google.ru https://*.google.at https://*.google.by https://*.google.ca https://*.google.ch https://*.google.co.kr https://*.google.co.uk https://*.google.co.za https://*.google.co.uz https://*.google.co.il https://*.google.co.id https://*.google.co.in https://*.google.co.nz https://*.google.co.jp https://*.google.co.th https://*.google.co.ve https://*.google.co.ma https://*.google.com.cy https://*.google.com.sg https://*.google.com.tr https://*.google.com.ua https://*.google.com.lb https://*.google.com.ng https://*.google.com.pe https://*.google.com.hk https://*.google.com.tj https://*.google.com.my https://*.google.com.pk https://*.google.com.af https://*.google.com.eg https://*.google.com.au https://*.google.com.bo https://*.google.com.sa https://*.google.com.ph https://*.google.com.na https://*.google.com.mt https://*.google.com.br https://*.google.com.co https://*.google.com.ar https://*.google.com.vn https://*.google.com.om https://*.google.dk https://*.google.ee https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.ie https://*.google.iq https://*.google.it https://*.google.kz https://*.google.lv https://*.google.nl https://*.google.pl https://*.google.tm https://*.google.de https://*.google.az https://*.google.am https://*.google.se https://*.google.md https://*.google.cz https://*.google.kg https://*.google.ae https://*.google.bg https://*.google.dz https://*.google.lt https://*.google.no https://*.google.es https://*.google.hu https://*.google.sk https://*.google.be https://*.google.hr https://*.google.jo https://*.google.pt https://*.google.rs https://*.google.is https://*.google.lu https://*.google.ro https://*.google.tn https://*.google.si https://*.google.ci *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.googletagmanager.com https://*.googletagmanager.com *.google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://cdn.ampproject.org *.yandex.ru https://*.yandex.ru https://*.yandex.by https://*.yandex.ua https://*.yandex.kz https://*.yandex.fr https://*.yandex.com.tr yastatic.net https://yastatic.net https://web.tolstoycomments.com https://cdn.jsdelivr.net/npm/sweetalert2@9 https://cdn.jsdelivr.net/npm/promise-polyfill data: ; style-src 'self' 'unsafe-inline'; img-src 'self' https://220youtube.com vk.com https://vk.com *.vk.com https://*.vk.com *.userapi.com https://*.userapi.com https://*.google.ru *.googlesyndication.com https://*.googlesyndication.com https://*.doubleclick.net *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googlezip.net https://*.googlezip.net https://yandex.ru *.yandex.ru https://*.yandex.ru *.yandex.net https://*.yandex.net https://yandex.st https://*.yandex.ua https://*.yandexadexchange.net https://*.tns-counter.ru https://wcm.solution.weborama.fr *.yadro.ru https://*.yadro.ru data: ; frame-src 'self' https://220vk.com vk.com https://vk.com https://login.vk.com https://vidtok.ru gsa://onpageload *.googlesyndication.com https://*.googlesyndication.com https://*.doubleclick.net https://vk-220.firebaseapp.com https://web.tolstoycomments.com https://*.yandex.ru yastatic.net https://yastatic.net *.yandexadexchange.net https://*.yandexadexchange.net; connect-src 'self' ws://220vk.com wss://220vk.com *.vk.com https://*.vk.com https://*.gstatic.com https://*.googleapis.com https://yandex.ru *.yandex.ru https://*.yandex.ru https://*.yandex.by https://*.yandex.ua yastatic.net https://yastatic.net https://awaps.yandex.net https://web.tolstoycomments.com *.bing.com https://*.bing.com; font-src 'self' data: https://*.gstatic.com; report-uri /files/collector.php 1
default-src 'self' *.plugin-alliance.com;    script-src 'self' analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com proxy-assets.churnbuster.io s.ytimg.com static.ads-twitter.com/uwt.js trackcmp.net www.google-analytics.com www.youtube.com 'unsafe-inline';    style-src 'self' cdnjs.cloudflare.com proxy-assets.churnbuster.io 'unsafe-inline';    img-src 'self' *.plugin-alliance.com analytics.twitter.com data: d26781mews02ac.cloudfront.net i.ytimg.com img.youtube.com stats.g.doubleclick.net t.co www.facebook.com www.google.de www.google-analytics.com yt3.ggpht.com;    font-src 'self' cdnjs.cloudflare.com;    connect-src 'self' stats.g.doubleclick.net www.google-analytics.com;    frame-src 'self' d271ulnm1ao6ig.cloudfront.net embed.pivotshare.com pages.churnbuster.io staticxx.facebook.com w.soundcloud.com www.facebook.com www.youtube.com;    form-action 'self' plugin-alliance.us3.list-manage.com www.facebook.com/tr/;    block-all-mixed-content;    report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' blob:; script-src 'self' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn secure.insightexpressai.com browser-update.org js-agent.newrelic.com https://bam.nr-data.net bam.nr-data.net api.swiftype.com platform.twitter.com www.dsply.com gateway.answerscloud.com s.cr-nielsen.com dpm.demdex.net qualcomm.sc.omtrdc.net cdn.tagmanager.cn stats.ipinyou.com *.baidu.com players.brightcove.net *.akamaihd.net *.qualcomm.cn *.foresee.com gateway.answerscloud.com apikeys.civiccomputing.com ajax.googleapis.com blob:; object-src t.hypers.com.cn; style-src 'self' 'unsafe-inline' gateway.answerscloud.com; img-src 'self' data: aa.qualcomm.cn www.qualcomm.com https://www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com www.dsply.com *.baidu.com ds-aksb-a.akamaihd.net gateway.answerscloud.com apikeys.civiccomputing.com; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' www.youtube.com gateway.answerscloud.com t.hypers.com.cn s.cr-nielsen.com boscdn.bpc.baidu.com; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' *.nr-data.net https://edge.api.brightcove.com https://edge-elb.api.brightcove.com http://c.brightcove.com device.4seeresults.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=202e854c53bf6c63b6665fdf765ad59a 1
script-src 'unsafe-eval' yastatic.net awaps.yandex.ru an.yandex.ru mc.yandex.ru yandex.ru 'nonce-9f+SF9LnXxkhJPfxpaNQ6A==';style-src yastatic.net 'unsafe-inline';connect-src yastatic.net mc.yandex.ru an.yandex.ru mc.admetrica.ru yandex.ru;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1575858561.65138.146840.308725&h=sas1-3161-sas-portal-any-stable-27240&csp=new&date=20191209&yandexuid=2876431381575858562;default-src 'none';img-src awaps.yandex.net 'self' favicon.yandex.net an.yandex.ru mc.admetrica.ru yandex.ru yastatic.net mc.yandex.ru avatars.mds.yandex.net data:;child-src yastatic.net mc.yandex.ru 1
object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.simmsfishing.com js.zohostatic.com h.online-metrix.net v1.addthisedge.com z.moatads.com surveyjs.azureedge.net *.signifyd.com snapwidget.com creator.zmags.com bam.nr-data.net *.lytics.io *.turnto.com code.jquery.com js-agent.newrelic.com simms.locally.com simmsfishing.matomo.cloud *.criteo.net *.criteo.com www.google-analytics.com connect.facebook.net manage.hawksearch.com player.vimeo.com www.googletagmanager.com *.hotjar.com *.avmws.com *.trackedlink.net *.doubleclick.net bat.bing.com s.ytimg.com www.googleadservices.com www.gstatic.com static.trackedweb.net *.cloudfront.net email.simmsfishing.com graph.facebook.com *.addthis.com www.google.com www.youtube.com www.reddit.com widgets.pinterest.com apis.google.com s3.amazonaws.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src data: https://apps.akbars.ru https://www.akbars.ru https://fonts.gstatic.com https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://google-analytics.bi.owox.com https://dadata.ru https://suggestions.dadata.ru 'self'; script-src blob: data: https://apps.akbars.ru https://ajax.aspnetcdn.com https://sitesearch-suggest.yandex.ru https://yandex.ru https://site.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://apps.akbars.ru https://fonts.googleapis.com https://yastatic.net 'self' 'unsafe-inline'; img-src blob: data: https://apps.akbars.ru https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self'; frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self'; upgrade-insecure-requests; report-uri https://www.akbars.ru/csp_report/ 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fr ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.fr *.spreadshirt.fr ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.fr ; font-src 'self' https: data: *.spreadshirt.fr ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fr ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fr ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: http://www.google-analytics.com/* 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.com *.google.com *.googletagmanager.com *.siteimproveanalytics.com https://siteimproveanalytics.com *.twitter.com *.bootstrapcdn.com *.googleapis.com *.youtube.com *.vimeo.com *.google-analytics.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; report-uri https://csp.condenet.co.uk/r/cn/prod 1
default-src *; img-src *; frame-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; report-uri https://www.tyan.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sc020yt0rwhkktjwws4uujxl.httpschecker.net/report 1
img-src avatars.mds.yandex.net 'self' data: yastatic.net awaps.yandex.net mc.yandex.ru favicon.yandex.net an.yandex.ru yandex.ru mc.admetrica.ru;script-src yastatic.net 'unsafe-eval' mc.yandex.ru an.yandex.ru 'nonce-vFRaFnay714+/nNV8Mc3Gg==' awaps.yandex.ru yandex.ru;child-src yastatic.net mc.yandex.ru;style-src yastatic.net 'unsafe-inline';connect-src mc.yandex.ru an.yandex.ru yastatic.net yandex.ru mc.admetrica.ru;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1575872533.32238.158193.326965&h=vla2-5005-b2c-vla-portal-any-p-8af-16891&csp=new&date=20191209&yandexuid=777255591575872533;default-src 'none' 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/muralsyourway.com; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://utdrvvtzkqpmtlszwunimosi.httpschecker.net/report 1
default-src 'self';script-src 'nonce-40XzdFgFqMFOhzCVP8eACA==' https://www.bitrefill.com:*/static/amp/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/;connect-src *;img-src * data:;font-src blob: data: https://fonts.gstatic.com;worker-src blob:;object-src 'none';child-src blob: https://www.youtube.com;style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/;frame-ancestors 'none';block-all-mixed-content;report-uri https://sentry.io/api/196934/security/?sentry_key=31c16b97d6124b90b2a99d9ebcfdaad2 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=51a96a6924475028247644016fd412e4 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /errorendpoint.html 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=emimino 1
img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1
default-src 'self'; frame-src https://api-5487f10a.duosecurity.com/; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com/; report-uri /csp-reports.php 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.driftt.com www.google-analytics.com cdn.heapanalytics.com *.segment.com *.segment.io; img-src 'self'; connect-src 'self' *.driftqa.com *.drift.com *.segment.io; font-src 'self'; report-uri https://drift.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  data: *.tnb.com *.scene7.com abbcloud.blob.core.windows.net *.abb.com *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.macromedia.com *.partcommunity.com *.tnb.ca *.vanlien.com *.vanlien.be *.vanlien.nl *.youtube.com *.paypal.com tnblnx3.tnb.com code.jquery.com googleads.g.doubleclick.net *.googleadservices.com 4817075.fls.doubleclick.net *.google.com *.google.nl *.google.be *.google-analytics.com *.api4load.com *.facebook.net *.facebook.com *.fedex.com *.ups.com *.rlcarriers.com *.cl3ver.com 199.120.203.191; report-uri https://www-public.tnb.com/cspr/ 1
default-src 'self' *.vivocha.com *.useinsider.com *.ispeech.org *.aladhan.com *.snapchat.com *.google.com *.doubleclick.net *.amazonaws.com;style-src 'self' 'unsafe-inline' data:;script-src 'self' *.ispeech.org *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.useinsider.com *.vivocha.com *.gstatic.com  *.cloudfront.net *.sc-static.net sc-static.net 'unsafe-inline' 'unsafe-eval';img-src 'self' nbk.com *.nbk.com *.vivocha.com data:; 1
default-src https: 'unsafe-inline'; object-src 'self'; img-src https: data: 'unsafe-inline'; font-src https: data:; frame-ancestors 'self'; base-uri 'self'; script-src 'nonce-d1033f7c-4def-47de-9eb1-c62f480fb1c7' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp; report-to https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' https: data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.eerstekamer.nl https://translate.googleapis.com https://ssl.p.jwpcdn.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.eerstekamer.nl; report-uri /cgi-bin/asnh.cgi/0000000/c/cspreport 1
report-uri /csp-reports/; default-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; connect-src 'self' https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com https://jsd-widget.atlassian.com https://mgas.prod.public.atl-paas.net; font-src 'self' https://production-trackbill.netdna-ssl.com https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; object-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net https://www.googletagmanager.com https://js-agent.newrelic.com https://mgas.prod.public.atl-paas.net https://jsd-widget.atlassian.com; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
default-src https: wss: 'self'; script-src https: wss: 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src https: data: 'self'; font-src https: data: 'self'; report-uri /csp-report 1
frame-src 'self' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://adm.lcl https://u.ua https://u.lcl https://ukraine.lcl https://login.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://www.google.com https://www.google.com.ua https://www.google-analytics.com https://stats.g.doubleclick.net; connect-src https://adm.tools https://adm.lcl https://www.ukraine.com.ua https://ukraine.lcl https://cdn.ukraine.com.ua:3004 https://login.tools wss://cdn.ukraine.com.ua:3004 https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/13/security/?sentry_key=65de3269eb0548dd97bc2c45929349f4 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://fairchildlive.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/mannlakeltd.com; 1
report-to webscaleCspEndpoint;  report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn1-sandbox.affirm.com smartsupp-widget-161959.c.cdn77.org lightwidget.com verify.authorize.net:443 www.google.com *.cloudmaestro.com *.hotjar.com *.facebook.net *.facebook.com www.google-analytics.com rec.smartlook.com *.payments-amazon.com *.signifyd.com bat.bing.com www.googlecommerce.com www.gstatic.com apis.google.com *.smartsuppchat.com 1
default-src 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com https://*.lpsnmedia.net https://*.liveperson.net https://*.bazaarvoice.com https://*.amazonaws.com data:; connect-src 'self' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com data:; font-src 'self' data:; img-src * data:; object-src 'none' ; frame-ancestors 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; child-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; frame-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; report-uri https://snapav.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=46ab10e8d7c2f436e94419a062a3bfaf 1
block-all-mixed-content; report-uri https://1knzater8k.execute-api.us-west-2.amazonaws.com/prod/csp-report; 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-zRRKo2bi3Fr/s3wcZNlwfUGa14SZXnST' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-zRRKo2bi3Fr/s3wcZNlwfUGa14SZXnST' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1
connect-src 'self' https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.gastracker.io https://api.blockcypher.com https://api.etherscan.io https://sentry.io wss://widget-mediator.zopim.com; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://gatehub.net https://*.gatehub.net https://www.google.com; img-src 'self' https://gatehub.net https://*.gatehub.net https://*.amazonaws.com https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com blob: data:; media-src 'self' https://gatehub.net https://*.gatehub.net https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com; report-uri https://api.gatehub.net/csp; 1
default-src 'self' *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.cloudflare.com *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; img-src 'self' *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.addthis.com *.addthisedge.com; report-uri; 1
default-src https://www.guiabolso.com.br https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://webchat.helpshift.com 1
script-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.opmnstr.com *.googletagservices.com *.googlesyndication.com *.p-n.io api.annies-publishing.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://*; connect-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.opmnstr.com *.googletagservices.com *.googlesyndication.com *.p-n.io api.annies-publishing.com; report-uri /ajax/content_policy_violation.php 1
default-src 'self' https://* https://*.apiaryfund.com blob: data:; script-src 'self' 'unsafe-inline' https://use.typekit.net https://js.hs-analytics.net https://js.hs-scripts.com https://*.statuspage.io https://stats.g.doubleclick.net https://f1a9c731519348f1bd62d71aeefe28ac.js.ubembed.com https://wq377.infusionsoft.com https://cdn.onesignal.com https://platform.twitter.com https://*.wistia.com https://*.googleapis.com https://*.unbounce.com https://*.ubembed.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://seal.godaddy.com https://lightwidget.com https://*.lightwidget.com https://www.google-analytics.com https://*.fxstreet.com https://ssl.google-analytics.com https://onesignal.com https://momentjs.com/; connect-src 'self' https://*.wistia.com https://*.litix.io/ https://8l3gzpfmwny3.statuspage.io https://*.typekit.net https://www.google-analytics.com https://onesignal.com data:; img-src 'self' https://apiarycdn.s3.amazonaws.com https://*.akamaihd.net https://*.hubspot.com https://stats.g.doubleclick.net https://syndication.twitter.com https://d9hhrg4mnvzow.cloudfront.net https://*.wistia.com https://*.typekit.net https://*.ubembed.com https://*.google.com https://*.google.co.uk https://cdnjs.cloudflare.com https://*.google-analytics.com https://www.google.com.ph https://www.google.co.za https://*.fxstreet.com https://seal.godaddy.com https://wq377.infusionsoft.app https://www.google.ca https://*.unbounce.com data:; font-src 'self' https://fonts.gstatic.com https://*.typekit.net data:; child-src 'self' https://*.wistia.com https://www.youtube.com https://wq377.infusionsoft.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.unbounce.com https://*.fxstreet.com blob:; frame-src 'self' https://*.google.com https://*.youtube.com https://*.wistia.com https://*.facebook.com https://*.lightwidget.com https://lightwidget.com https://*.twitter.com https://*.apiaryfund.com https://*.vimeo.com https://wq377.infusionsoft.app https://wq377.infusionsoft.com https://onesignal.com; media-src 'self' https://s3.amazonaws.com https://apiarycdn.s3.amazonaws.com blob:; report-uri /scripts/csp-violation-report-endpoint/ 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; report-uri /reporting/csp-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://latkbu9mql.execute-api.us-east-1.amazonaws.com/default/checkCSP 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/; media-src 'self' https://projectlombok.org/; script-src 'self' 'sha256-H639OXZXKP0j2o4p/B40Znp/sDbQKrAYH8hMr+jDUEg=' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; report-uri https://projectlombok.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1
report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src 'self';  script-src www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.bfretail.pitneycloud.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src code.jquery.com wm-cloudfront.bfretail.pitneycloud.com 'unsafe-inline' 'self'; img-src * data:;  connect-src www.google-analytics.com 'self'; frame-src *.bfretail.pitneycloud.com 'self';frame-ancestors reporting.borderfree.com 'self' 1
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' about: blob: data: https://*.salesforceliveagent.com https://c.disquscdn.com https://connect.facebook.net https://disqus.com https://fast.wistia.com https://freelanceadvisor.disqus.com https://metrics.responsetap.com https://pi.pardot.com https://px.ads.linkedin.com https://script.hotjar.com https://static-ssl.responsetap.com https://static.hotjar.com https://www.crunch.uk https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com https://storage.googleapis.com https://hst.tradedoubler.com https://api.trustpilot.com https://widget.trustpilot.com https://s3-eu-west-1.amazonaws.com/crunch-cdn; style-src 'self' 'unsafe-inline' https://c.disquscdn.com; frame-ancestors 'self' https://*.crunch.co.uk; default-src 'self' https://disqus.com https://c.disquscdn.com https://*.crunch.co.uk; frame-src 'self' https://*.crunch.co.uk https://connect.facebook.net https://disqus.com https://fast.wistia.com https://go.pardot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://widget.trustpilot.com; img-src 'self' data: *; connect-src 'self' https://api.mixpanel.com https://distillery.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://insights.hotjar.com https://in.hotjar.com https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com; object-src 'self' blob:; media-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; report-to /platform-api/csp-violations/report/; report-uri /platform-api/csp-violations/report/; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=9d07958599aa5d634ee68245c67ebf15 1
font-src 'self' fonts.gstatic.com script.hotjar.com; img-src 'self' maps.googleapis.com maps.gstatic.com www.facebook.com data script.hotjar.com ssl.google-analytics.com stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' connect.facebook.net dl.episerver.net maps.googleapis.com player.vimeo.com s.ytimg.com www.youtube.com s7.addthis.com az416426.vo.msecnd.net ssl.google-analytics.com static.hotjar.com v1.addthis.com v1.addthisedge.com www.googletagmanager.com px.ads.linkedin.com script.hotjar.com snap.licdn.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com addtocalendar.com; connect-src 'self' s7.addthis.com v1.addthis.com vc.hotjar.io www.facebook.com in.hotjar.com; style-src-attr 'unsafe-inline';report-uri https://6cfee9ad2f0a0f5886b889b97f0c1e3e.report-uri.com/r/d/csp/wizard 1
default-src 'self' postoffice-staging-f.squarecdn.com postoffice-production-f.squarecdn.com; font-src 'self' postoffice-staging-f.squarecdn.com postoffice-production-f.squarecdn.com; img-src 'self' square-postoffice-production.s3.amazonaws.com square-postoffice-staging.s3.amazonaws.com postoffice-staging-f.squarecdn.com postoffice-production-f.squarecdn.com d3g64w74of3jgu.cloudfront.net www.facebook.com; script-src 'self' connect.facebook.net graph.facebook.com postoffice-staging-f.squarecdn.com postoffice-production-f.squarecdn.com; style-src 'self' postoffice-staging-f.squarecdn.com postoffice-production-f.squarecdn.com; report-uri https://squareup.com/1.0/as-reporter/csp/xSNB2j61E9wxrRWnxyaS2hA5YKOO8470iTu0w0laubylDw== 1
default-src https://www.google-analytics.com 'self' https://*.akamaihd.net https://*.wistia.com; media-src https: http: ; script-src https://*.wistia.com https://*.wistia.net https://*.cloudflare.com https://*.twimg.com/ https://*.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com; connect-src https://*.akamaihd.net https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.google-analytics.com https://*.doubleclick.net 'self' wss://bitcoingold.org wss://explorer.bitcoingold.org; img-src 'self' https: http: data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.twitter.com https://*.twimg.com; font-src data: https://*.twitter.com 'self' https://themes.googleusercontent.comi https://*.gstatic.com https://*.googleapis.com https://*.w.org; frame-src https://*.wistia.com https://*.wistia.net https://*.twitter.com https://*.doubleclick.net 'self' https://*.facebook.com; object-src 'self' https://*.bitcoingold.org; report-uri https://bitcoingold.org/csp-report/ 1
script-src 'report-sample' 'nonce-ip9nCfzsqYfN5ii0vR2L2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /google-opinion-rewards/audience-measurement/cspreport 1
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1
connect-src 'self' in.hotjar.com insights.hotjar.com m.addthis.com; default-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self' syndication.twitter.com platform.twitter.com www.facebook.com; frame-src www.youtube.com vars.hotjar.com s7.addthis.com 5388338.fls.doubleclick.net platform.twitter.com syndication.twitter.com www.facebook.com staticxx.facebook.com connect.facebook.net 'self'; img-src data: 'self' scontent-sea1-1.cdninstagram.com instagram.fyyc4-1.fna.fbcdn.net widgets.magentocommerce.com www.kamik.com kamik.com maps.gstatic.com maps.googleapis.com instagram.fyxd1-1.fna.fbcdn.net scontent-ort2-1.cdninstagram.com www.facebook.com staticxx.facebook.com www.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdn-images.mailchimp.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' www.wheelofpopups.com js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com s3.amazonaws.com maps.googleapis.com data: www.googletagmanager.com www.google-analytics.com connect.facebook.net platform.twitter.com script.crazyegg.com s7.addthis.com m.addthisedge.com m.addthis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com cdn.joinhoney.com; 1
default-src 'self' *.rocketbank.ru *.rocket-cdn.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rocket-cdn.ru *.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net static.criteo.net pixel.betweenx.com www.googletagmanager.com api-maps.yandex.ru yandex.st connect.facebook.net enterprise.api-maps.yandex.ru mc.yandex.ru stats.g.doubleclick.net top-fwz1.mail.ru vk.com www.google-analytics.com www.google.com cdn.jsdelivr.net js-agent.newrelic.com maps.googleapis.com; connect-src 'self' https: wss: rocketbank.ru report.rocket-cdn.ru tetsuo.rocketbank.ru stats.g.doubleclick.net dadata.ru suggestions.dadata.ru top-fwz1.mail.ru mc.yandex.ru www.facebook.com www.google-analytics.com; frame-src 'self' *.fls.doubleclick.net *.googleadservices.com stats.g.doubleclick.net mc.yandex.ru www.google-analytics.com www.google.com www.facebook.com gum.criteo.com; media-src 'self' blob: ; img-src 'self' data: blob: *.rocket-cdn.ru maps.googleapis.com maps.gstatic.com api-maps.yandex.ru top-fwz1.mail.ru enterprise.api-maps.yandex.ru mc.yandex.ru *.maps.yandex.net vk.com www.facebook.com www.google-analytics.com www.google.ru www.google.com stats.g.doubleclick.net s3.amazonaws.com login.vk.com; style-src 'self' 'unsafe-inline' blob: *.rocket-cdn.ru cdn.jsdelivr.net; font-src 'self' data: https:; frame-ancestors 'self' *.rocketbank.ru webvisor.com *.yandex.net; report-uri https://report.rocket-cdn.ru/api/4/security/?sentry_key=0cc52e6197f842eeadf0de5d2c3cf600 1
default-src 'self' www.youtube.com www.cut-e.net www.maptq-staging.com fastpath.isvinternet.com op.scharley.ch; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src data: https:;  style-src 'unsafe-inline' https:; media-src 'self' vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com; font-src data: https: 1
default-src 'none';style-src 'self' https://statics-uhf-ppe.akamaized.net https://uhf.microsoft.com https://blobint.officehome.msocdn.com/ 'unsafe-inline';font-src 'self' https://assets.onestore.ms https://c.s-microsoft.com https://www.microsoft.com data: https://blobint.officehome.msocdn.com/;img-src 'self' https://assets.onestore.ms https://img-prod-cms-rt-microsoft-com.akamaized.net https://c1.microsoft.com https://c.bing.com https://uhf.microsoft.com https://web.vortex.data.microsoft.com data: https://blobint.officehome.msocdn.com/;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net;report-uri /api/csp-report?page=unauth&reportOnly=True;script-src 'self' 'unsafe-inline' https://web.vortex.data.microsoft.com https://statics-uhf-ppe.akamaized.net https://mem.gfx.ms https://uhf.microsoft.com https://blobint.officehome.msocdn.com/ 'nonce-ddlWTdXcday8qIQs/vYlDg==' 'unsafe-eval'; 1
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 1
script-src 'unsafe-eval' 'unsafe-inline' *.dca0.com maps.google.com bam.nr-data.net *.cloudmaestro.com www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com d.adroll.mgr.consensu.org www.google.com www.gstatic.com connect.facebook.net display.ugc.bazaarvoice.com maps.googleapis.com *.adroll.com *.bazaarvoice.com wileyx.com *.wileyx.com js-agent.newrelic.com ; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.goldwingdocs.com *.google.com *.google.ca *.google.co.uk *.google.fi *.google.de *.amazon-adsystem.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.gstatic.com *.googletagservices.com;  style-src 'self' 'unsafe-inline'; img-src * data; font-src * data; child-src *; connect-src *; report-uri /reportcsp.asp; 1
script-src 'nonce-cdli3N3D6ydEok0E0byWLg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https:; report-uri /csp-report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://m3knwt5xlxrylde4mnk41bfp.httpschecker.net/report 1
frame-ancestors https://adfs.bentley.com https://fim.emc.com https://share.ptc.com https://ssov3.adpcorp.com https://ssso.autodesk.com https://bentley.sharepoint.com https://rasfa.crm.dynamics.com https://pppwiki.oce.net https://partnercentral.equinix.com https://partner.veracode.com http://nw-domino.networld.co.jp http://out.accessify.com http://out.easycounter.com http://sur.ly https://www.brainshark.com https://*.force.com 'self' https://*.salesforce.com https://*.gosavo.com https://*.visualforce.com https://*.savoinspire.com; report-uri https://savoapi.com/csp; 1
default-src 'self'; connect-src 'self' data: https://webapps.norton.com https://webapps-green.norton.com https://nortonrenewal.gomoxie.solutions https://stage.nortoncdn.com https://location.gomoxie.solutions https://log-nortonrenewal.gomoxie.solutions https://connector-nortonrenewal.gomoxie.solutions https://events-nortonrenewal.gomoxie.solutions https://identity-nortonrenewal.gomoxie.solutions https://oms.symantec.com  https://conductor.clicktale.net https://memberportal.lifelock.com https://identitysafe.norton.com https://dpm.demdex.net https://family.norton.com https://ebiz-service.symantec.com https://asset.gomoxie.solutions https://spoc.norton.com https://static.nortoncdn.com https://connector-nortonrenewaltest.gomoxie.solutions https://dc.services.visualstudio.com https://ing-district.clicktale.net https://events-nortonrenewaltest.gomoxie.solutions https://hppqa5.sympay.musw1-en01.ebiz.symantec.com https://log-nortonrenewaltest.gomoxie.solutions https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com; font-src 'self' data: https://webapps.norton.com https://webapps-green.norton.com https://stage.nortoncdn.com https://identitysafe.norton.com https://memberportal.lifelock.com https://static.nortoncdn.com; frame-src 'self' https://webapps.norton.com https://webapps-green.norton.com https://www.youtube.com https://symantec.demdex.net https://norton.ehosts.net https://dls.symantec.com https://family.norton.com https://llmemex-api.norton.com https://static.nortoncdn.com https://login.norton.com  https://memberportal.lifelock.com https://identitysafe.norton.com https://www.gstatic.com https://www.google.com https://lldsp.norton.com https://asset.gomoxie.solutions https://nebula-cdn.kampyle.com; img-src 'self' data: https://bat.bing.com https://play.google.com https://nexus.ensighten.com https://www.google.com https://dpm.demdex.net https://cm.everesttech.net https://memberportal.lifelock.com https://family.norton.com https://static.nortoncdn.com https://stage.nortoncdn.com https://identitysafe.norton.com https://buy-static.norton.com https://nebula-cdn.kampyle.com https://oms.symantec.com https://udc-neb.kampyle.com https://webapps.norton.com https://webapps-green.norton.com; object-src https://webapps.norton.com https://webapps-green.norton.com https://static.nortoncdn.com https://memberportal.lifelock.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://asset.gomoxie.solutions https://cdnssl.clicktale.net https://lldsp.norton.com https://stage.nortoncdn.com https://www.google.com https://family.norton.com https://ajax.googleapis.com https://stage.nortoncdn.com https://buy-static.norton.com https://memberportal.lifelock.com https://az416426.vo.msecnd.net https://identitysafe.norton.com https://static.nortoncdn.com https://screencaptue-cdn.kampyle.com https://www.gstatic.com https://bat.bing.com https://cdn.optimizely.com https://lldsp.norton.co https://cdn.tt.omtrdc.net https://nebula-cdn.kampyle.com https://nexus.ensighten.com https://symantec.tt.omtrdc.net https://t.clicktale.net https://webapps.norton.com https://webapps-green.norton.com; style-src 'self' 'unsafe-inline' https://buy-static.norton.com https://memberportal.lifelock.com https://www.gstatic.com https://webapps.norton.com https://webapps-green.norton.com https://family.norton.com https://identitysafe.norton.com https://static.nortoncdn.com; report-uri /home/reportcsp 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/kolpin.com; 1
default-src 'self' https://www.epay.bg https://online.epay.bg 'unsafe-inline' ; img-src 'self' data: https://www.epay.bg https://online.epay.bg ; frame-src https: ; report-uri https://www.epay.bg/csp 1
script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com bam.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net secure-nz.imrworldwide.com static.criteo.net *.criteo.com *.appboycdn.com *.braze.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.fontawesome.com storage.googleapis.com *.fontawesome.com; default-src *.googlesyndication.com *.criteo.com static.criteo.net *.appboycdn.com bid.g.doubleclick.net blob: storage.googleapis.com popup.laybuy.com *.braze.com *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com 'self' data: secure-nz.imrworldwide.com www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com secure-nz.imrworldwide.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net secure-nz.imrworldwide.com *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com *.appboycdn.com *.braze.com storage.googleapis.com www.googletagservices.com *.googlesyndication.com popup.laybuy.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz *.appboycdn.com *.braze.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org *.doubleclick.net secure-nz.imrworldwide.com tags.crwdcntrl.net nzme-ads.co.nz *.googletagservices.com *.google.co.nz *.google.com *.fontawesome.com; font-src 'self' *.grabone.co.nz fonts.gstatic.com *.fontawesome.com data: storage.googleapis.com *.fontawesome.com; report-uri https://f6v4mfnzug.execute-api.ap-southeast-2.amazonaws.com/prod/csp 1
default-src 'self'; script-src 'self' 'nonce-190437cc-0010-43f2-a6d5-a4ecafc86fe4' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
report-uri /_/csp-reports/ 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
script-src *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://* 'self'; connect-src *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net; report-uri /ajax/content_policy_violation.php 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.ie *.ulsterbank.com *.ulsterbankanytimebanking.ie *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com www.irishlife.ie; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankroi.report-uri.com/r/t/csp/reportOnly 1
default-src 'none'; base-uri 'none'; worker-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; img-src 'self' https://ssl.google-analytics.com; script-src 'self' https://ssl.google-analytics.com; style-src 'self'; report-uri /csp; 1
child-src 'self'; connect-src 'self' https://*.alan.com https://*.algolia.net https://*.algolianet.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.intercom.io https://*.intercomcdn.com https://*.rollbar.com https://*.segment.io https://*.twitter.com https://*.webleads-tracker.com wss://*.intercom.io; default-src 'self'; font-src 'self' data: http://*.gstatic.com https://*.cloudflare.com https://*.gstatic.com https://*.intercomcdn.com https://*.typekit.net https://github.com; frame-src 'self' https://*.alan.com https://*.facebook.com https://*.g.doubleclick.net https://*.hellosign.com https://*.twitter.com https://intercom-sheets.com; img-src 'self' android-webview-video-poster: data: http://*.gstatic.com https://*.alan.com https://*.alan.eu https://*.amazonaws.com https://*.customer.io https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.fr https://*.googleapis.com https://*.gstatic.com https://*.intercom-attachments-5.com https://*.intercomassets.com https://*.intercomcdn.com https://*.twimg.com https://*.twitter.com; manifest-src 'self'; media-src 'self' http://*.alan.uploads.s3.eu-central-1.amazonaws.com https://*.eu-central-1.amazonaws.com; object-src 'self' https://*.alan.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ads.linkedin.com https://*.amazonaws.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.customer.io https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.linkedin.com https://*.segment.com https://*.smart-data-systems.com https://*.twitter.com https://*.webleads-tracker.com https://eqy.link wss://*.intercom.io; style-src 'self' 'unsafe-inline' https://*.bootstrapcdn.com https://*.cloudflare.com https://*.googleapis.com https://*.twitter.com https://*.typekit.net; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c6fda58203385ec7174f66424aa301bc 1
default-src 'self';font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src vontobel-cloudbased-streaming.s3.amazonaws.com 'self' data: ssl.siteimprove.com ad.doubleclick.net statse.webtrendslive.com www.google-analytics.com analytics.twitter.com www.facebook.com t.co;script-src 'self' 'unsafe-inline' *.linkedin.com analytics.twitter.com www.facebook.com snap.licdn.com www.google-analytics.com s.webtrends.com tags.tiqcdn.com static.ads-twitter.com connect.facebook.net 'unsafe-inline' siteimproveanalytics.com static.ads-twitter.com t.co snap.licdn.com google-analytics.com s.webtrends.com tags.tiqcdn.com;frame-ancestors 'self';frame-src 'self';media-src vontobel-cloudbased-streaming.s3.amazonaws.com;report-uri /csp/report/; 1
child-src 'self'; connect-src 'self' https://*.hotjar.com/ https://*.bitopro.com https://*.onesignal.com https://*.facebook.com https://*.google-analytics.com https://*.rollbar.com wss://*.bitopro.com wss://*.hotjar.com; default-src 'self' https://*.bitopro.com wss://*.bitopro.com; font-src 'self' data: https://*.bitopro.com https://*.gstatic.com; frame-src 'self' https://*.os.tc/ https://*.onesignal.com/ https://*.hotjar.com/ https://*.facebook.com https://*.google.com https://*.bitopro.com wss://*.bitopro.com; img-src 'self' data: https://stats.g.doubleclick.net https://*.hotjar.com/ https://*.bitopro.com https://*.google-analytics.com https://*.google.com https://*.google.com.tw https://*.googletagmanager.com https://*.gstatic.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.onesignal.com https://*.hotjar.com/ https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.bitopro.com https://*.newrelic.com wss://*.bitopro.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bitopro.com wss://*.bitopro.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_262aff7c6ed6c8d196bdc235e017eab1 1
report-uri https://csp.tsrs.cloud/r/12ad64980d074ee28aee2f911a9bed0433f0adcc; base-uri  'none'; object-src  'none'; style-src  'none'; img-src  'none'; worker-src  'none'; frame-src  'none'; script-src  'none' 'unsafe-inline'; media-src  'none'; font-src  'none'; connect-src  'none'; block-all-mixed-content;form-action  'none';  1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://comments.grahamedgecombe.com https://www.google-analytics.com; connect-src 'self' https://comments.grahamedgecombe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com; frame-ancestors 'none'; report-uri https://gpe.report-uri.io/r/default/csp/reportOnly 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/primera.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net *.google.com *.facebook.com *.twitter.com google-analytics.com  *.google-analytics.com *.youtube.com googletagmanager.com *.googletagmanager.com *.googletagservices.com connect.facebook.net *.gstatic.com maps.googleapis.com gstatic.com googletagservices.com youtube.com googletagmanager.com google-analytics.com twitter.com sociomantic.com facebook.com google.com g.doubleclick.net googleadservices.com googlesyndication.com www.google.com.ua *.google.com.ua *.googleapis.com *.bootstrapcdn.com goo.gl admin.verbox.ru static.me-talk.ru widget.sender.mobi *.exist.ua exist.ua;  1
default-src 'none'; connect-src 'self'; font-src 'self' https: data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; report-uri /csp-violation-report 1
default-src https:; report-uri /csp-violation-report-endpoint/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.questionpoint.org; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src *.questionpoint.org; upgrade-insecure-requests 1
default-src 'self' *.worlddancesport.org www.google-analytics.com staticxx.facebook.com; font-src 'self' data: cdnw.worlddancesport.org fonts.gstatic.com; connect-src 'self' clients6.google.com dc.services.visualstudio.com *.addthis.com www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' *.worlddancesport.org www.google.com browser-update.org; img-src data: *.worlddancesport.org *.ytimg.com *.facebook.com *.google.com *.calameoassets.com *.vimeocdn.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googleapis.com browser-update.org; script-src 'self' 'unsafe-inline' cdnw.worlddancesport.org az416426.vo.msecnd.net *.facebook.com *.facebook.net *.twitter.com *.addthis.com *.addthisedge.com *.google.com www.googleapis.com www.google-analytics.com browser-update.org; child-src 'self' cdnb.worlddancesport.org *.facebook.com *.twitter.com *.addthis.com *.google.com www.youtube.com player.vimeo.com www.saferpay.com; upgrade-insecure-requests; report-uri https://7ab93b867c81f64df54af5d5e2cd45ea.report-uri.com/r/d/csp/reportOnly 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://pcls.report-uri.com/r/d/csp/reportOnly 1
report-uri https://www.childcare.co.uk/app/csp-reports; default-src blob: data: https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.ampproject.org https://cdnjs.cloudflare.com https://code.jquery.com https://js.recurly.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://connect.facebook.net https://d1l6p2sc9645hc.cloudfront.net https://*.gosquared.com https://*.childcare.co.uk https://*.trustpilot.com https://*.doubleclick.net https://cdn.ckeditor.com https://appleid.cdn-apple.com https://*.totum.com 1
upgrade-insecure-requests; default-src *.therestaurantstore.com; script-src www.google-analytics.com maps.googleapis.com www.googleadservices.com *.doubleclick.net www.google.com *.gstatic.com cdnjs.cloudflare.com https://unpkg.com/spritespin@4.0.5/release/spritespin.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com 'self' 'unsafe-inline'; img-src data: *.therestaurantstore.com *.webstaurantstore.com www.google-analytics.com www.google.com www.googleadservices.com *.google.co.ve *.google.ru *.google.ca *.doubleclick.net *.ytimg.com *.gstatic.com *.googleapis.com 'self'; object-src 'none'; frame-src *.therestaurantstore.com www.google.com youtube.com *.youtube.com *.doubleclick.net; connect-src *.doubleclick.net www.youtube.com www.google-analytics.com *.therestaurantstore.com 'self'; font-src data: fonts.gstatic.com 'self'; report-uri /ajax/client-side-logging; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://cccis.report-uri.com/r/d/csp/wizard 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=137-9361366-7385461:rid=CJJ041KRNX2M6J4HY5QN:sn=www.audible.com 1
script-src 'self' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A1QAP3MOU4173J:sid=356-0275724-7843061:rid=D346Z80TPRDC1NVNMD49:sn=www.audible.co.jp 1
report-uri https://29977f31d1f0eee3894a742ddae91cae.report-uri.com/r/d/csp/reportOnly; child-src https://*.pocruises.com.au http://*.pocruises.com.au https://*.fls.doubleclick.net https://www.youtube-nocookie.com https://tags.tiqcdn.com https://sdn.sitecore.net https://*.adsymptotic.com; frame-src https://*.pocruises.com.au http://*.pocruises.com.au http://sdn.sitecore.net https://bid.g.doubleclick.net https://widget.stackla.com https://goconnect.stackla.com https://*.fls.doubleclick.net https://www.youtube.com https://tags.tiqcdn.com https://www.youtube-nocookie.com https://www.paypal.com https://checkout.paypal.com https://www.facebook.com https://*.adsymptotic.com https://*.mastercard.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src * 'unsafe-inline'; report-uri //report-csp-violation 1
report-uri default-src 'self' 'unsafe-inline' *.typekit.net *.googletagmanager.com *.cloudflare.com *.siteimprove.com *.debevoise.com *.vimeo.com *.google-analytics.com 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; connect-src 'self' 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; img-src 'self' st.pimg.net *.mapper.ntppool.org; script-src 'self' 'unsafe-inline' cdn.statuspage.io st.pimg.net www.mapper.ntppool.org; style-src 'self' fonts.googleapis.com st.pimg.net; report-uri https://ntp.report-uri.com/r/d/csp/wizard 1
script-src yastatic.net awaps.yandex.ru mc.yandex.ru an.yandex.ru 'nonce-H8muITexwhIRvVpyvZjcyA==' yandex.ru 'unsafe-eval';child-src yastatic.net mc.yandex.ru;default-src 'none';report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1575886669.51915.157211.325951&h=vla2-4158-168-vla-portal-any-p-8af-16891&csp=new&date=20191209&yandexuid=5330598701575886669;connect-src mc.admetrica.ru yastatic.net yandex.ru mc.yandex.ru an.yandex.ru;img-src mc.admetrica.ru data: awaps.yandex.net yandex.ru favicon.yandex.net an.yandex.ru 'self' yastatic.net avatars.mds.yandex.net mc.yandex.ru;style-src yastatic.net 'unsafe-inline' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=70792a0801f8edd2f9bb59c042044dba 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: ; report-uri https://csp.scran.ac.uk/scran-live; 1
script-src 'self' https://apis.google.com https://pagead2.googlesyndication.com https://platform.twitter.com; frame-src https://plusone.google.com https://facebook.com https://platform.twitter.com http://rcm.amazon.com; object-src 'self' 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/index 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.ad adservice.google.ae adservice.google.al adservice.google.al adservice.google.at adservice.google.az adservice.google.be adservice.google.bf adservice.google.bg adservice.google.bj adservice.google.bs adservice.google.bt adservice.google.ca adservice.google.cd adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.cm adservice.google.co.ao adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.ls adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.ug adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com adservice.google.com.af adservice.google.com.ag adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.bz adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.ly adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.na adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vc adservice.google.com.vn adservice.google.cv adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fm adservice.google.fr adservice.google.ge adservice.google.gg adservice.google.gl adservice.google.gm adservice.google.gp adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.je adservice.google.jo adservice.google.kg adservice.google.kg adservice.google.ki adservice.google.kz adservice.google.la adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.mn adservice.google.ms adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.nl adservice.google.no adservice.google.pl adservice.google.ps adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.rw adservice.google.se adservice.google.si adservice.google.sk adservice.google.sm adservice.google.so adservice.google.sr adservice.google.tg adservice.google.tm adservice.google.tn adservice.google.tt adservice.google.vg adservice.google.vu assets.pinterest.com cdnjs.cloudflare.com js.stripe.com log.pinterest.com pagead2.googlesyndication.com tpc.googlesyndication.com www.google.com www.google-analytics.com www.googleadservices.com www.googletagservices.com www.gstatic.com www.recaptcha.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; frame-src 'self' googleads.g.doubleclick.net hooks.stripe.com js.stripe.com tpc.googlesyndication.com www.google.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' api.stripe.com csi.gstatic.com pagead2.googlesyndication.com sentry.io www.google-analytics.com; img-src 'self' data: www.google.ad www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.mz www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.co.zm www.google.com.ar www.google.com.au www.google.com.bh www.google.com.br www.google.com.co www.google.com.cy www.google.com.eg www.google.com.hk www.google.com.kw www.google.com.lb www.google.com.mx www.google.com.my www.google.com.om www.google.com.pa www.google.com.ph www.google.com.qa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gp www.google.gr www.google.hr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.kz www.google.lu www.google.lv www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.tl www.google.tt cdnjs.cloudflare.com csi.gstatic.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com; manifest-src 'self'; media-src 'self'; form-action 'self' secure.worldpay.com www.paypal.com; frame-ancestors 'none'; report-uri https://shockwavesound.report-uri.com/r/d/csp/wizard 1
object-src 'none'; script-src https://apis.google.com/js/api.js 'nonce-/I62bRZBRAaQveBZzyTIHA==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://js.stripe.com https://www.google.com/recaptcha/ https://form.jotform.com https://submit.jotform.us https://www.docdroid.com https://kkb-production.jupyter-proxy.kaggle.net; base-uri 'none'; report-uri /csp/report 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob: https://www.google-analytics.com https://cdn-gl.imrworldwide.com https://secure-au.imrworldwide.com https://z.moatads.com;; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=AU&lang=en-AU&device=desktop&yrid=dd9is11eus340&partner=; 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.google.com seal.digicert.com ajax.googleapis.com a.optmnstr.com www.googletagmanager.com tpc.googlesyndication.com js.stripe.com cdn001.milotree.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net pixel-geo.prfct.co s.pinimg.com script.hotjar.com ssl.p.jwpcdn.com static.hotjar.com tag.marinsm.com www.google-analytics.com www.googleadservices.com www.shopperapproved.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src 'self' data: script.hotjar.com static.hotjar.com fonts.gstatic.com ssl.p.jwpcdn.com; connect-src 'self' api.stripe.com prd.jwpltx.com www.facebook.com vc.hotjar.io a.mstrlytcs.com z.opmnstr.com api.optmnstr.com api.opmnstr.com fps.ezdrm.com ct.pinterest.com in.hotjar.com www.google.dk www.google.com.vn www.google.com.pk www.google.com.my www.google.com.kw www.google.co.za www.google.co.ke www.google.co.in www.google.bs www.google.ca www.google.co.in www.google.co.uk www.google.com.au www.google.com.fj www.google.com.ph www.google.com.sa www.google.es www.google.fi www.google.fr www.google.no www.google.se graylog.hotjar.com playready.ezdrm.com *.vimeocdn.com stats.g.doubleclick.net www.google-analytics.com player.vimeo.com *.akamaized.net www.google.com wss://*.hotjar.com insights.hotjar.com *.calcworkshop.com widevine-dash.ezdrm.com; media-src blob: cws.freetls.fastly.net *.calcworkshop.com *.akamaized.net *.vimeocdn.com player.vimeo.com; frame-src 'self' vimeo.com www.googletagmanager.com tpc.googlesyndication.com g.jwpsrv.com js.stripe.com www.youtube.com player.vimeo.com connect.facebook.net cdn001.milotree.com bid.g.doubleclick.net vars.hotjar.com www.facebook.com; form-action 'self' connect.facebook.net www.facebook.com; report-uri https://calcworkshop.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' data: blob: blob 'unsafe-inline' 'unsafe-eval' https: wss://in.visitors.live wss://visitors.live; img-src 'self' data: https:; upgrade-insecure-requests; report-uri https://csp.plixer.com/ 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://n5mcn64l2tp5piztj1c2b0wj.httpschecker.net/report 1
child-src 'self'; connect-src 'self' data: https://*.cloudflare.com https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://bit4coin.net wss://*.hotjar.com; default-src 'self' *.ravenjs.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com https://unpkg.com; frame-src 'self' data: http://*.google.com https://*.cloudfront.net https://*.google.com https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.google.com https://*.bitbond.com https://*.cloudfront.net https://*.eu-central-1.amazonaws.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.webflow.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.hotjar.com https://*.newrelic.com https://*.nr-data.net https://unpkg.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://unpkg.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e1d179bd309a456abc36313a51dfc009 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; script-src 'unsafe-inline' https: http: 'unsafe-eval' https://www.gstatic.com ; report-uri /csp-violation/ 1
default-src https:; form-action https:; script-src 'self' 'unsafe-inline' chat.isac.org livechat.isac.org ajax.googleapis.com ssl.google-analytics.com code.highcharts.com cdn.datatables.net connect.facebook.net c0cre132.caspio.com secure.wufoo.com www.wufoo.com www.gstatic.com w.sharethis.com/button/buttons.js static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js public.tableau.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css c0cre132.caspio.com; img-src 'self' www.collegechangeseverything.org edfinancial.com ssl.google-analytics.com stats.g.doubleclick.net www.facebook.com chat.isac.org livechat.isac.org c0cre132.caspio.com; script-src-elem www.google.com/recaptcha/api.js; report-uri https://7e62cb02868e6169a2cec70f696ffb38.report-uri.com/r/d/csp/reportOnly 1
default-src https://*.rtr.at ; img-src https://*.rtr.at https://maps.wien.gv.at data: ; style-src https://*.rtr.at 'unsafe-inline' ; script-src https://*.rtr.at https://app.23degrees.io blob: 'unsafe-inline' 'unsafe-eval' ; font-src https://*.rtr.at data: ; frame-src https://*.rtr.at https://app.23degrees.io https://www.youtube-nocookie.com https://www.a-trust.at; report-uri /internal/csp-report.php 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' *.arpansa.gov.au *.sunsmart.com.au uv-makeup.azurewebsites.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.doubleclick.net data:;; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.datatables.net https://s.ytimg.com https://maps.google.com https://m.addthis.com https://js.stripe.com https://www.youtube.com/iframe_api https://www.youtube.com http://www.youtube.com  http://downloads.mailchimp.com https://downloads.mailchimp.com https://static.addtoany.com http://dev.openlayers.org https://dev.openlayers.org https://m.addthisedge.com https://s7.addthis.com https://apis.google.com https://googleads.g.doubleclick.net https://unpkg.com  https://use.fontawesome.com https://pro.fontawesome.com http://www.amcharts.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://www.google-analytics.com https://records-ws.nbnatlas.org https://use.typekit.net https://www.googleadservices.com https://mc.us16.list-manage.com https://www.googletagmanager.com https://tagmanager.google.com https://downloads.mailchimp.com https://code.jquery.com https://maps.googleapis.com https://connect.facebook.net   https://downloads.mailchimp.com https://csi.gstatic.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' http://dev.openlayers.org http://ajax.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://use.fontawesome.com https://p.typekit.net https://use.typekit.net https://pro.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://pro.fontawesome.com  https://maxcdn.bootstrapcdn.com; frame-src 'self'  https://s7.addthis.com https://www.google.com https://js.stripe.com https://e.issuu.com https://apis.google.com/ https://www.youtube.com/ https://staticxx.facebook.com/ https://accounts.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://web.facebook.com/; object-src 'self'; connect-src 'self' https://m.addthis.com https://syndication.twitter.com  https://performance.typekit.net/ ; media-src 'self' blob: https://e5c5a7c5.ssl.hwcdn.net; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self' 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com https://*.datatrans.com; img-src 'self' https://* * data:; script-src 'self' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://*.google-analytics.com *.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://*.datatrans.com https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.hotjar.com http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js; connect-src https://insights.hotjar.com 'self'; font-src 'self' data:; worker-src 'self' blob: data:; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net/r/collect; style-src 'self' 'unsafe-inline' data: https://seesparkbox.com http://afeld.github.io/emoji-css/emoji.css https://cloud.typography.com/655912/6152352/css/fonts.css; frame-src 'self' https://vars.hotjar.com; media-src data:; report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://netdna.bootstrapcdn.com https://static.syukatsulabo.jp; img-src * blob: data: https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://static.syukatsulabo.jp https://use.fontawesome.com https://netdna.bootstrapcdn.com https://s3-ap-northeast-1.amazonaws.com data: https://cdnjs.cloudflare.com; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://www.googletagmanager.com https://web.facebook.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.dmm.com/; connect-src 'self' https://log.syukatsulabo.jp https://www.google-analytics.com https://stats.g.doubleclick.net https://api.ipify.org https://s3-ap-northeast-1.amazonaws.com https://static.syukatsulabo.jp tag-api.dmm.com/v1.0 stg-tag-api.dmm.com/v1.0 https://trac.i3.dmm.com/ https://stg-trac-i3.dmm.com/ https://stg-trac.i3.syukatsulabo.jp; script-src 'report-sample' 'nonce-csgOqRFXxr2LP1CPS5nWToFKXmk=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; report-uri https://syukatsunet.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://98dba6326789eae01552e92f7b3e68d5.report-uri.io/r/default/csp/reportOnly 1
default-src https:; form-action https:; report-uri:https://openmikes.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ca ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ca *.spreadshirt.ca ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.ca ; font-src 'self' https: data: *.spreadshirt.ca ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ca ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ca ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'nonce-Sraayv1xOFslL1qJ_aB-KA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https: 'self'; base-uri 'self'; child-src 'self' cdn.nakedapartments.com *.twitter.com *.facebook.com www.youtube.com player.vimeo.com *.google.com tpc.googlesyndication.com; connect-src 'self' wss: www.google-analytics.com www.google.com securepubads.g.doubleclick.net cdn.nakedapartments.com bam.nr-data.net; font-src 'self' data: fonts.gstatic.com cdn.nakedapartments.com; form-action 'self' github.com; frame-ancestors 'none'; img-src 'self' 'unsafe-inline' data: cdn.nakedapartments.com react.nakedapartments.com *.streeteasy.com *.yelpcdn.com *.ggpht.com cbks0.googleapis.com 1520522.r.msn.com 1520522.r.bat.bing.com www.facebook.com www.google-analytics.com web.facebook.com www.appelsiini.net www.googleadservices.com tpc.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net s3.amazonaws.com csi.gstatic.com pagead2.googlesyndication.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com *.google.com *.realtymx.com; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.nakedapartments.com react.nakedapartments.com platform.twitter.com *.google.com ssl.google-analytics.com flex.msn.com js.pusher.com stats.pusher.com maps.googleapis.com pagead2.googlesyndication.com s3.amazonaws.com www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googletagservices.com www.googleadservices.com securepubads.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' cdn.nakedapartments.com *.google.com *.googleapis.com; report-uri https://1627f29bce741ebdc46108ecd8ebba3c.report-uri.io/r/default/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php 1
default-src https://www.thebusinessplanshop.com; base-uri 'self'; img-src 'self' data: https: https://www.thebusinessplanshop.com https://ad962edbae8ba7b03b7f-d10007df79b5b7a4e475a291e50a08cf.ssl.cf3.rackcdn.com https://f729fc5309edb4d2a809-42905546d373f150b1b6e131d3710cf2.r18.cf3.rackcdn.com http://f729fc5309edb4d2a809-42905546d373f150b1b6e131d3710cf2.r18.cf3.rackcdn.com https://platform-cdn.sharethis.com https://www.gstatic.com https://www.google.com https://www.google.co.uk https://bat.bing.com https://www.facebook.com https://track.customer.io https://seal.godaddy.com; script-src 'self'  'unsafe-inline'  'unsafe-eval' https://www.thebusinessplanshop.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://bat.bing.com https://connect.facebook.net https://graph.facebook.com https://www.googleadservices.com https://seal.godaddy.com https://api.amplitude.com https://cdn.amplitude.com https://assets.customer.io https://track.customer.io https://ad962edbae8ba7b03b7f-d10007df79b5b7a4e475a291e50a08cf.ssl.cf3.rackcdn.com https://2aa35c1eb48b4915c034-da4fb5e7c7bf63accb453cc1066a0e48.ssl.cf3.rackcdn.com https://fc9434489ece23a5e488-15c34f135294ae707e3c719a6f238f0b.ssl.cf3.rackcdn.com https://cdn.firstpromoter.com https://www.gstatic.com https://assets.pinterest.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://cdn.syndication.twimg.com https://platform.twitter.com; style-src 'self' https://www.thebusinessplanshop.com 'unsafe-inline'  https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://ton.twimg.com https://www.slideshare.net; connect-src 'self' wss://www.thebusinessplanshop.com https://www.thebusinessplanshop.com https://api.amplitude.com https://bat.bing.com https://connect.facebook.net https://vendorlist.consensu.org/vendorlist.json https://t.firstpromoter.com https://track.customer.io https://www.googleadservices.com https://www.google-analytics.com  https://www.paypal.com https://www.facebook.com https://*.g.doubleclick.net; child-src 'self' https://www.thebusinessplanshop.com https://www.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.youtube.com https://www.slideshare.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://*.amazon-adsystem.com https://platform.twitter.com; frame-src 'self' https://www.thebusinessplanshop.com https://www.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.youtube.com https://www.slideshare.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://*.amazon-adsystem.com https://platform.twitter.com; font-src 'self'  https://themes.googleusercontent.com https://fonts.gstatic.com https://www.gstatic.com; form-action 'self' ; frame-ancestors 'self' https://www.thebusinessplanshop.com; object-src 'none' ; report-uri https://www.thebusinessplanshop.com/app/csp-report; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.brightcove.com *.brightcove.net *.zencdn.net *.boltdns.net *.brightcovecdn.com *.googletagmanager.com *.google-analytics.com *.msecnd.net  *.visualstudio.com *.bizographics.com *.licdn.com *.ads-twitter.com *.twitter.com *.twimg.com *.addthis.com *.pardot.com *.linkedin.com *.addthisedge.com *.issuu.com *.cincopa.com *.google.com *.gstatic.com *.ceros.com;img-src 'self' data: about: t.co *.twitter.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twimg.com *.googletagmanager.com *.cincopa.com *.linkedin.com *.google.com *.doubleclick.net;style-src 'self' 'unsafe-inline' *.twitter.com *.cincopa.com;media-src 'self' blob:;font-src 'self' data: *.zencdn.net;object-src 'self';connect-src 'self' *.addthis.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.cincopa.com *.visualstudio.com;frame-src 'self' *.addthis.com *.twitter.com *.issuu.com *.google.com *.pardot.com *.ceros.com *.guggenheimpartners.com *.knightlab.com; frame-ancestors 'self';base-uri 'self';form-action 'self' *.twitter.com *.pardot.com *.guggenheimpartners.com; report-uri https://www.guggenheiminvestments.com/cspreport 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=cfcf939bc2e03b6e04971e6fe8974ea1 1
default-src https:;   connect-src https: ws://10.1.13.34;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;   font-src https: 'self' data:;   img-src 'self' data: https: https://zradio.org;   style-src 'self' https: 'unsafe-inline';   object-src 'none';   report-uri https://csp.zradio.org/ 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-BXRcNIpiczikwjlm6fUgTo7HNU'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' *.siteimprove.com *.google-analytics.com *.googleapis.com *.typography.com *.gstatic.com;script-src 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline' 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1
default-src 'unsafe-inline' 'unsafe-eval' https: http: blob: filesystem: data:; report-uri https://echo.deltafactory.biz/csp/ipdotcom 1
default-src 'self' *.localphone.com *.localphone.co.uk https://*.tawk.to wss://*.tawk.to; img-src * data: ; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://*.tawk.to https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com https://*.tawk.to wss://*.tawk.to; report-uri https://localphone.report-uri.io/r/default/csp/reportOnly 1
style-src widget.reviews.co.uk cdn.natterly.com 'self' c.disquscdn.com vps.freethought-internet.co.uk; child-src widget.reviews.co.uk disqus.com js.stripe.com; connect-src api-cache.reviews.co.uk api.natterly.com socket.natterly.com 'self' www.freethought-internet.co.uk cdn.natterly.com vps.freethought-internet.co.uk; font-src cdn.natterly.com 'self' vps.freethought-internet.co.uk; media-src cdn.natterly.com 'self'; script-src widget.reviews.co.uk cdn.natterly.com 'self' js.stripe.com c.disquscdn.com disqus.com freethought-internet.disqus.com vps.freethought-internet.co.uk; img-src www.freethought-internet.co.uk 'self' cdn.natterly.com files.natterly.com referrer.disqus.com c.disquscdn.com www.paypal.com vps.freethought-internet.co.uk; form-action 'self' portal.freethought-internet.co.uk www.paypal.com japetus.freethought-internet.co.uk ldex1-plesk1.uk.fi.net.uk ldex1-plesk3.uk.fi.net.uk www.freethought-internet.co.uk ldex1-cpanel1.uk.fi.net.uk ldex1-plesk4.uk.fi.net.uk; frame-ancestors 'self'; frame-src disqus.com js.stripe.com widget.reviews.co.uk 'self'; manifest-src 'self'; default-src widget.reviews.co.uk c.disquscdn.com disqus.com; object-src 'self'; report-uri https://freethought.report-uri.com/r/d/csp/wizard 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /misc/csp-report.php 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=134-8260136-7869346:rid=RTWC6WPTA0642T7VYPNP:sn=www.audible.com 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com/tr/ https://connect.facebook.net/log/error; connect-src 'self' https://chat.handyvertrag.de https://cdn2.spatialbuzz.com https://www.google.de https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://tags.tiqcdn.com; script-src 'strict-dynamic' 'nonce-ef5969792c9c5ab4dc3262e3904433f4' 'nonce-210ee6793c4b06ba643609feb8576990' 'nonce-39ea66d318de04840b7c9c9cf8bc6d2c' 'nonce-12c8e3311392c2071ff67c9d89c29fbb' 'nonce-6631ac343161cf0543e2160775c28b3a' 'nonce-644bef5897b6674efcef409c73af35f0' 'nonce-20447160ede3a6a6bc89ba27d9711cf8' 'nonce-497bb0083ddb1922413fbd700962ac6d' 'nonce-91a47587d797024499767862284dd087' 'unsafe-inline' 'self' https:; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://www.youtube-nocookie.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://uvbshvgaro0wreus1xk28aaq.httpschecker.net/report 1
block-all-mixed-content; report-uri https://www.matrony.ru/https-mixed-content-logger/csp_report_log.php; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.mx&source%5Bsection%5D=brochure&source%5Buuid%5D=4f46c24fb0601b0cf378fe55f0ae54a4 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.de&source%5Bsection%5D=brochure&source%5Buuid%5D=b47af4110ceccf11a285825b10ea2364 1
default-src 'self' https://www.viewpointmag.com; require-sri-for script 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=7olio15eurlgb&partner=; 1
connect-src 'self' https://edge.api.brightcove.com https://f1.media.brightcove.com https://knrpc.olark.com/nrpc/ https://secure.brightcove.com https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://www.google-analytics.com https://m.addthis.com https://s7.addthis.com https://v1.addthis.com/live/ https://in.hotjar.com/api/v2/ https://vc.hotjar.io; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com/releases/ https://vjs.zencdn.net/ https://use.typekit.net; frame-src 'self' 'unsafe-inline' https://l3.evidon.com https://pfizergrv-eu-dev.janrainsso.com https://pfizergrv-eu-qa.janrainsso.com https://pfizer-grv-eu.janrainsso.com https://static.addtoany.com https://static.olark.com https://www.google.com/recaptcha/ https://s7.addthis.com https://bid.g.doubleclick.net https://www.youtube.com https://app-sn01.marketo.com https://vars.hotjar.com https://edge.addthis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' about: data: https://ad.doubleclick.net https://adservice.google.com https://brightcove.hs.llnwd.net https://c.evidon.com https://cdn.rawgit.com/ckeditor/ https://f1.media.brightcove.com https://khms0.googleapis.com https://khms1.googleapis.com https://l.betrad.com https://log.olark.com/jslog/ https://maps.googleapis.com https://maps.gstatic.com https://metrics.brightcove.com https://pfizer.122.2o7.net https://pfizer.sc.omtrdc.net https://raw.githubusercontent.com/ckeditor/ https://s3.amazonaws.com/pfe_grv/ https://s3-eu-west-1.amazonaws.com/sfactorycorp/ https://www.google-analytics.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.googletagmanager.com https://www.gstatic.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://t.co https://www.facebook.com; object-src 'unsafe-inline' https://pfizergrv-eu-dev.janrainsso.com https://static.addtoany.com https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://api.olark.com https://assets.adobedtm.com https://ajax.googleapis.com https://bam.nr-data.net https://c.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://maps.googleapis.com https://players.brightcove.net https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://static.addtoany.com https://static.olark.com https://vjs.zencdn.net https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://s7.addthis.com https://v1.addthis.com https://connect.facebook.net https://amplify.outbrain.com https://s3.amazonaws.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://m.addthisedge.com https://m.addthis.com https://www.youtube.com https://s.ytimg.com https://analytics.twitter.com https://v1.addthisedge.com https://v1.addthisedge.com/live/ https://static.hotjar.com https://script.hotjar.com https://edge.addthis.com app-sn01.marketo.com https://cdn.rawgit.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com https://use.typekit.net/flu5uet.css https://p.typekit.net/p.css https://cdn.rawgit.com https://cdnjs.cloudflare.com https://app-sn01.marketo.com/js/forms2/css/ fonts.googleapis.com; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' blob: https://f1.media.brightcove.com https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/; report-uri https://pfeprod.report-uri.com/r/t/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=146-6757951-4312100:rid=Z1R09CDCB4VYJTJM961M:sn=www.audible.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.licdn.com *.ads-twitter.com *.twitter.com *.linkedin.com *.brightcove.net *.zencdn.net blob: *.twimg.com *.addthis.com *.addthisedge.com *.msecnd.net *.issuu.com *.pardot.com; style-src 'self' 'unsafe-inline' *.twitter.com *.datatables.net; img-src 'self' *.googletagmanager.com *.google-analytics.com t.co *.doubleclick.net *.google.com *.brightcove.com *.boltdns.net data: *.twitter.com *.twimg.com *.linkedin.com; media-src 'self' blob: *.boltdns.net; font-src 'self' data: *.zencdn.net; object-src 'self'; connect-src 'self' *.brightcove.com *.boltdns.net *.brightcovecdn.com *.addthis.com *.visualstudio.com *.google-analytics.com *.doubleclick.net; frame-src 'self' *.twitter.com *.addthis.com *.brightcove.net *.issuu.com; report-uri /cspreport 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl https://public.tableau.com https://popcard.unibuddy.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://try.abtasty.com https://dcinfos.abtasty.com https://cdn.rawgit.com https://public.tableau.com f1-eu.readspeaker.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; report-uri https://eurnl.report-uri.com/r/d/csp/wizard 1
report-uri /_csp/report 1
style-src 'self' *.texasfile.com fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/bokeh/1.0.4/bokeh.min.css https://cdnjs.cloudflare.com/ajax/libs/bokeh/1.0.4/bokeh-widgets.min.css https://cdnjs.cloudflare.com/ajax/libs/bokeh/1.0.4/bokeh-tables.css app.pendo.io cdn.pendo.io pendo-static-5685311968116736.storage.googleapis.com 'unsafe-inline'; font-src 'self' *.texasfile.com fonts.googleapis.com fonts.gstatic.com; frame-src *.texasfile.com https://www.google.com; default-src 'self' *.texasfile.com 'nonce-OSaI40UFhlZy4nU8'; frame-ancestors *.texasfile.com app.pendo.io; worker-src blob:; connect-src *.texasfile.com app.pendo.io data.pendo.io pendo-static-5685311968116736.storage.googleapis.com; img-src 'self' media.texasfile.com www.texasfile.com https://ssl.google-analytics.com staging.texasfile.com qa.texasfile.com lb2.texasfile.com assets.texasfile.com staging-assets.texasfile.com https://stats.g.doubleclick.net https://www.google.com/ads cdn.pendo.io app.pendo.io pendo-static-5685311968116736.storage.googleapis.com data.pendo.io data: blob:; script-src 'self' *.texasfile.com cdn.ravenjs.com *.google-analytics.com https://recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com https://cdn.pydata.org/bokeh/release/bokeh-1.3.1.min.js https://cdn.pydata.org/bokeh/release/bokeh-widgets-1.3.1.min.js https://cdn.pydata.org/bokeh/release/bokeh-tables-1.3.1.min.js app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5685311968116736.storage.googleapis.com data.pendo.io data: 'unsafe-eval' 'unsafe-inline' 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://d1dpob6jfpke0c.cloudfront.net https://formsmarts.s3.amazonaws.com https://ajax.googleapis.com https://*.bootstrapcdn.com https://oss.maxcdn.com https://ssl.google-analytics.com https://*.google.com https://cdnjs.cloudflare.com https://feeds.feedburner.com;object-src 'none';frame-ancestors 'self';base-uri 'none';report-uri https://syronex.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.centrum24.pl ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.centrum24.pl ; img-src 'self' data: http://www.bzwbk.pl https://static3.bzwbk.pl https://www.centrum24.pl ; connect-src 'self' wss://ibiznes24.pl ; font-src 'self' https://www.centrum24.pl https://fonts.gstatic.com ; media-src 'none' ; object-src 'self' ; frame-src 'self' https://www.centrum24.pl/ https://centrum24.pl/ https://doradca.centrum24.pl ; frame-ancestors 'self' https://ibiznes24.pl https://centrum24.pl/ ; report-uri https://ibiznes24.pl/contentSecurityPolicyReportServlet ;  1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=4169c9690c91f9567756f0bd99029d8b 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.youtube.com *.siteimprove.com *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com https://www.youtube.com *.siteimprove.com *.ytimg.com *.hubbardone.com;object-src 'self'; img-src 'self' *.google-analytics.com https://www.googletagmanager.com *.siteimprove.com;font-src 'self' *.gstatic.com; connect-src 'self';frame-ancestors 'self' *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'self' https:; style-src 'self' https:; img-src https: data: 'self'; object-src https: 'self'; font-src https: 'self'; connect-src https: 'self'; frame-ancestors 'self'; worker-src blob: https: 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com https://s.ytimg.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/grizzlycoolers.com; 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com.au ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com.au *.spreadshirt.com.au ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com.au ; font-src 'self' https: data: *.spreadshirt.com.au ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com.au ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com.au ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' https://*.sayinsurance.com:* https://*.kampyle.com localhost https://*.doubleclick.net https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.entrust.net https://*.googleadservices.com https://*.google-analytics.com *.cloudfront.net https://bat.bing.com https://*.facebook.net *.googletagmanager.com https://*.pinimg.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.facebook.com https://*.sessioncam.com https://*.pinterest.com https://pinterest.adsymptotic.com https://*.kampyle.com https://*.sayinsurance.com localhost https://*.smartystreets.com https://*.googleapis.com https://*.cloudflare.com https://unpkg.com/@say-shared/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.kampyle.com https://*.sayinsurance.com localhost https://*.cloudflare.com https://*.googleapis.com; img-src 'self' data: https://*.entrust.net https://*.googleadservices.com https://*.google-analytics.com https://*.cloudfront.net bat.bing.com https://*.facebook.net https://*.googletagmanager.com https://*.pinimg.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.facebook.com https://*.sessioncam.com https://*.pinterest.com https://pinterest.adsymptotic.com https://*.kampyle.com https://*.sayinsurance.com localhost https://*.quotelab.com https://*.nextinsure.com; font-src 'self' https://*.sayinsurance.com:* localhost https://fonts.gstatic.com;  report-uri /acquisition/global-form/log-csp; connect-src 'self' https://*.sayinsurance.com:* https://*.kampyle.com https://*.sessioncam.com 1
block-all-mixed-content 1
style-src-elem 'unsafe-inline' 'self'; connect-src 'self' api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' fonts.gstatic.com; frame-src vars.hotjar.com widget.trustpilot.com; img-src 'self' data: bat.bing.com px.ads.linkedin.com c0.adalyser.com cx.atdmt.com data heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1
report-uri /es/Error/ReportCPS; 1
form-action 'none'; frame-ancestors 'none'; report-uri https://devbridgesecurityteam.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://cdn.performanceplustire.com https://www.performanceplustire.com; connect-src *.performanceplustire.com https://*.affirm.com https://d38nbbai6u794i.cloudfront.net https://e1.fanplayr.com https://js.callrail.com https://stats.g.doubleclick.net https://tracker.affirm.com https://w1.fanplayr.com https://www.facebook.com https://www.google-analytics.com https://www.iconfigurators.com; font-src *.performanceplustire.com data: https://assets.resultspage.com https://cdn1.affirm.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://sxt.cdn.skype.com; frame-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; child-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; img-src *.performanceplustire.com cdn.performanceplustire.com data: https://*.cloudfront.net https://aa.agkn.com https://adadvisor.net https://ads.betweendigital.com https://ads.yahoo.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://beacon.krxd.net http://cf.kampyle.com https://cm.g.doubleclick.net https://cw.addthis.com https://d.agkn.com https://d38nbbai6u794i.cloudfront.net https://dmp.truoptik.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://dyn.yelpcdn.com http://farm4.static.flickr.com https://i.ytimg.com https://ib.adnxs.com https://iconfigurators.com https://images.iconfigurators.com https://insight.adsrvr.org https://match.adsrvr.org https://match.sharethrough.com https://nsg.symantec.com https://odr.mookie1.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.personagraph.com https://pixel.rubiconproject.com https://pixel.tapad.com https://s.thebrighttag.com https://s.w.org http://s3.amazonaws.com https://s3.amazonaws.com https://secure.gravatar.com https://simage2.pubmatic.com https://sp.adbrn.com https://stats.g.doubleclick.net https://su.addthis.com https://sync.adap.tv https://sync.adaptv.advertising.com https://test.kampyle.com https://upload.wikimedia.org https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.iconfigurators.com https://www.insureship.com https://x.bidswitch.net; script-src 'unsafe-eval' 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://api-cf.affirm.com https://assets.pinterest.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://cdn.callrail.com https://cdn.performanceplustire.com https://cdn1.affirm.com https://connect.facebook.net https://d1q7pknmpq2wkm.cloudfront.net https://d38nbbai6u794i.cloudfront.net https://dyn.yelpcdn.com https://e1.fanplayr.com https://js.callrail.com https://log.pinterest.com https://maps.googleapis.com https://my.fanplayr.com https://nsg.symantec.com https://performanceplustire.resultspage.com https://s.btstatic.com https://s.thebrighttag.com https://savingsslider-a.akamaihd.net https://script.crazyegg.com https://w1.fanplayr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.iconfigurators.com https://www.insureship.com https://www.yelp.com https://yelp.com; style-src 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://assets.resultspage.com https://cdn1.affirm.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://performanceplustire.resultspage.com https://www.iconfigurators.com 1
script-src 'nonce-8mpsU1mB2h07Zv6LcRCxDw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.uk:*; frame-ancestors *.calypso.net.au *.flightcentre.co.uk; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; style-src 'unsafe-inline' https:; img-src data: about: https:; font-src data: https:; form-action 'self' https:; block-all-mixed-content; report-uri https://travelonbags.report-uri.com/r/d/csp/reportOnly; 1
report-uri https://csp.edipresse.pl/report/viva; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
object-src 'none';base-uri 'self';script-src 'nonce-G8e4uLQ+jdIn17/3uyLp' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
script-src 'self' 'nonce-ZsSLBLm1zXK647cXvGpFzQ=='; report-uri /yusaauth.onmicrosoft.com/B2C_1_SignInUp/client/cspreport?p=B2C_1_SignInUp 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';report-uri https://agrian.com/global/csp_report/ 1
default-src 'self' *.ccavenue.com *.fonepaisa.com view.officeapps.live.com www.google.com use.fontawesome.com; connect-src 'self' *.elitmus.com *.elitmus.net err.elitmusmail.com *.google-analytics.com api.mixpanel.com wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com api.mixpanel.com; object-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' *.newrelic.com cdn0.elitmus.net google-analytics.com api.mixpanel.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1
default-src 'self' d1h3z56lhcmivt.cloudfront.net; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' d1h3z56lhcmivt.cloudfront.net d2i2wahzwrm1n5.cloudfront.net ajax ajax.aspnetcdn.com www.google-analytics.com *.hotjar.com code.jquery.com *.uservoice.com *.honeycomb.nbspayments.com *.pendo.io; style-src 'self' 'unsafe-inline' d1h3z56lhcmivt.cloudfront.net ajax.aspnetcdn.com maxcdn.bootstrapcdn.com *.pendo.io; img-src 'self' data: d1ap1qjj9o2qr0.cloudfront.net ajax.aspnetcdn.com www.google-analytics.com d1h3z56lhcmivt.cloudfront.net *.honeycomb.nbspayments.com *.pendo.io; connect-src 'self' www.google-analytics.com *.hotjar.com *.honeycomb.nbspayments.com; font-src 'self' data: d1h3z56lhcmivt.cloudfront.net maxcdn.bootstrapcdn.com; frame-ancestors 'self'; frame-src 'self' *.pendo.io *.hotjar.com; child-src 'self' *.hotjar.com *.pendo.io; report-uri /public/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://js.hscta.net https://cta-service-cms2.hubspot.com https://collect.mopinion.com https://deploy.mopinion.com https://www.googletagmanager.com https://js.hs-scripts.com https://js.hsforms.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://code.jquery.com https://www.google-analytics.com https://translate.googleapis.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline'  https://fonts.mopinion.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://translate.googleapis.com; img-src 'self' data: https://track.hubspot.com https://no-cache.hubspot.com https://forms.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://images.ctfassets.net https://i.vimeocdn.com https://secure.gravatar.com https://maps.gstatic.com https://maps.googleapis.com https://hub.digitalasset.com https://cdn2.hubspot.net; connect-src 'self' https://cacheorcheck.mopinion.com https://pastease.mopinion.com https://survey.app.mopinion.com https://forms.hubspot.com https://cdn.contentful.com https://hoogle.daml.com https://survey.app.mopinion.com https://www.google-analytics.com https://api.sitesearch360.com; font-src 'self' data: https://gstatic.mopinion.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; report-uri https://report-uri.digitalasset.com/report-uri; object-src 'self'; frame-src 'self' https://forms.hsforms.com https://player.vimeo.com https://docs.daml.com; manifest-src 'self' https://gateway.zscalertwo.net 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
connect-src 'self' apay-us.amazon.com api.braintreegateway.com api.sandbox.braintreegateway.com beaconapi.helpscout.net chatapi.helpscout.net client-analytics.braintreegateway.com coin.amazonpay.com core32-helpscout.pusher.com core33-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net origin-analytics-sand.sandbox.braintree-api.com payments-sandbox.amazon.com payments.amazon.com payments.braintree-api.com payments.sandbox.braintree-api.com sock32-helpscout.pusher.com sock33-helpscout.pusher.com sockjs-helpscout.pusher.com stats.g.doubleclick.net www.amazon.com www.facebook.com www.google-analytics.com www.paypal.com wss://ws-helpscout.pusher.com; frame-ancestors 'none'; font-src 'self' data: *; form-action 'self' apay-us.amazon.com payments.amazon.com www.facebook.com; frame-src 'self' accounts.google.com apay-us.amazon.com api-cdn.amazon.com assets.braintreegateway.com c.paypal.com pay.google.com payments.amazon.com static-na.payments-amazon.com web.facebook.com www.facebook.com www.google.com www.paypal.com www.sandbox.paypal.com www.youtube.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com apay-us.amazon.com apis.google.com bat.bing.com beacon-v2.helpscout.net c.paypal.com connect.facebook.net converter.dynamicconverter.com detect.dynamicconverter.com js.braintreegateway.com optimize.google.com pay.google.com payments-sandbox.amazon.com payments.amazon.com s.ytimg.com static-na.payments-amazon.com static.cloudflareinsights.com tagmanager.google.com www.googleapis.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.paypal.com www.paypalobjects.com www.youtube.com; style-src 'self' 'unsafe-inline' *; object-src 'none'; report-uri https://divegearexpress.report-uri.com/r/d/csp/wizard 1
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp-report 1
default-src 'self' oekom.de www.oekom.de *.newsletter2go.com *.saferpay.com captcha.wirth-horn.de matomo.oekomlamp.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://fonts.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.nl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.nl *.spreadshirt.nl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.nl ; font-src 'self' https: data: *.spreadshirt.nl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.nl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.nl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.za:*; frame-ancestors *.calypso.net.au *.flightcentre.co.za; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self' api.balena-cloud.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://d1l6p2sc9645hc.cloudfront.net/tracker.js *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com cdn.mxpnl.com js.intercomcdn.com widget.intercom.io cdn.statuspage.io/se-v2.js js.recurly.com; connect-src 'self' api.balena-cloud.com builder.balena-cloud.com actions.balena-devices.com terminal.balena-devices.com wss://terminal.balena-devices.com *.sentry.io app.getsentry.com raw.githubusercontent.com api.github.com api.mixpanel.com api.recurly.com www.google-analytics.com *.intercom.io wss://*.intercom.io support-chat-api.balena-cloud.com wss://support-chat-api.balena-cloud.com *.statuspage.io *.algolia.net; frame-src api.recurly.com www.google.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.intercomcdn.com *.intercomassets.com stats.g.doubleclick.net *.gravatar.com; media-src *.intercomcdn.com; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com; report-uri https://api.balena-cloud.com/csp-report 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://apr1drrztrvo00vplh4evdpg.httpschecker.net/report 1
default-src 'self' *.callbackhunter.com callbackhunter.com ws://callbackhunter.com wss://callbackhunter.com https://mc.yandex.ru https://fonts.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.ru *.facebook.com https://*.facebook.com https://ajax.googleapis.com *.youtube.com https://youtube.com; img-src 'self' data: *.callbackhunter.com callbackhunter.com vk.com https://vk.com t.co https://mc.yandex.ru *.google-analytics.com https://www.google-analytics.com https://analytics.twitter.com *.facebook.com https://*.facebook.com https://*.google.com https://*.google.ru https://*.doubleclick.net *.adroll.com https://*.adroll.com https://pixel.rubiconproject.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net; style-src 'self' 'unsafe-inline' *.callbackhunter.com callbackhunter.com *.googleapis.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.callbackhunter.com callbackhunter.com *.vimeocdn.com vk.com mc.yandex.ru https://mc.yandex.ru *.googleadservices.com *.google-analytics.com https://www.google-analytics.com *.twitter.com https://*.twitter.com *.facebook.net https://connect.facebook.net *.adroll.com https://*.adroll.com https://ajax.googleapis.com *.oneretarget.com https://*.oneretarget.com; child-src 'self' *.callbackhunter.com callbackhunter.com *.vimeo.com *.youtube.com https://youtube.com *.youtube-nocookie.com https://youtube-nocookie.com googleads.g.doubleclick.net *.google.com *.google.ru; report-uri /csp/index 1
child-src 'self' *.haarlem.nl www.youtube-nocookie.com js2ios player.vimeo.com surveys.enalyzer.com; connect-src 'self' *.haarlem.nl *.zandvoort.nl wss://www.haarlem.nl ssl.google-analytics.com translate.googleapis.com get.geojs.io; default-src 'self'; frame-src 'self' data: surveys.enalyzer.com www.google.com; font-src 'self' data: www.haarlem.nl cdn.faceworks.nl fonts.gstatic.com static3.avast.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com; img-src 'self' data: haarlem.nl *.haarlem.nl www.zandvoort.nl *.vimeocdn.com tiles.wmflabs.org *.gstatic.com geodata.nationaalgeoregister.nl www.visithaarlem.com translate.google.com ssl.google-analytics.com *.openstreetmap.org ssl.siteimprove.com *.googleapis.com *.global.siteimproveanalytics.io; manifest-src 'self' gateway.zscloud.net; style-src 'self' 'unsafe-inline' www.haarlem.nl *.zandvoort.nl www.visithaarlem.com fast.fonts.net *.googleapis.com cdnjs.cloudflare.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.haarlem.nl www.vrk.nl www.visithaarlem.com *.googleapis.com siteimproveanalytics.com ssl.google-analytics.com translate.google.com cdnjs.cloudflare.com microsofttranslator.com; frame-ancestors 'self' https://www.haarlem.nl *.haarlem.nl; report-uri https://haarlem.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' https://vk.com chrome-extension: https://api-maps.yandex.ru https://cdn.onesignal.com 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://gosbar.gosuslugi.ru https://www.googletagmanager.com https://www.google-analytics.com https://mc.yandex.ru http://127.0.0.1:5005 https://onesignal.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://onesignal.com chrome-extension: https://mc.yandex.ru https://mc.yandex.md https://dl.metabar.ru; object-src 'self'; report-uri /cspreportonly; 1
default-src 'self'; connect-src 'self' https://api.sbab.se https://www.google-analytics.com https://*.doubleclick.net https://in.hotjar.com https://www.googleapis.com https://*.visualwebsiteoptimizer.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://bloggen.sbab.se; frame-src https://www.youtube.com https://*.rfihub.com https://syndication.twitter.com https://platform.twitter.com https://embed.bambuser.com https://in.hotjar.com https://vars.hotjar.com https://service.force.com; img-src 'self' https://syndication.twitter.com https://bilder.hemnet.se https://platform.twitter.com https://*.twimg.com https://www.sbab.se https://bloggen.sbab.se https://i.ytimg.com https://aa.agkn.com https://ads.yahoo.com https://simage2.pubmatic.com https://*.g.doubleclick.net https://us-u.openx.net https://www.google.com https://*.rfihub.com https://d.agkn.com https://dev.visualwebsiteoptimizer.com https://dsum-sec.casalemedia.com https://ib.adnxs.com https://o.adtriba.com https://pixel.rubiconproject.com https://soma.smaato.net https://sync.search.spotxchange.com https://tapestry.tapad.com https://www.facebook.com https://*.google-analytics.com https://www.google.* https://*.googlesyndication.com https://x.bidswitch.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://track.adform.net https://www.googleadservices.com https://platform.twitter.com https://cdn.syndication.twimg.com https://bloggen.sbab.se https://s.ytimg.com https://a.rfihub.com/idr.js https://c1.rfihub.net/js/tc.min.js https://cdn.adtriba.com/v2/adtriba.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/677988019016414 https://dev.visualwebsiteoptimizer.com https://*.hotjar.com https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://ssl.google-analytics.com https://service.force.com https://*.salesforceliveagent.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com http://fonts.googleapis.com https://bloggen.sbab.se https://maxcdn.bootstrapcdn.com https://bloggen.sbab.se/wp-content/themes/wpex-luxmag_1.0 https://bloggen.sbab.se/wp-content/themes/wpex-luxmag_1.0/css/ https://service.force.com; https://sbab.boost.ai report-uri https://sbab.report-uri.com/r/d/csp/reportOnly 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coachseye.com *.stripe.com platform.twitter.com apis.google.com *.cloudfront.net *.doubleclick.net script.crazyegg.com www.techsmith.com *.googleapis.com *.googlecode.com www.googleadservices.com *.addthis.com connect.facebook.net az416426.vo.msecnd.net www.google-analytics.com analytics.twitter.com static.ads-twitter.com www.youtube.com;object-src *.coachseye.com assets.techsmith.com;style-src 'self' 'unsafe-inline' *.coachseye.com www.techsmith.com tagmanager.google.com fonts.googleapis.com optimize.google.com;img-src 'self' *.coachseye.com *.stripe.com www.facebook.com *.twitter.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net secure.gravatar.com t.co www.google-analytics.com stats.g.doubleclick.net data: *.gstatic.com *.googleapis.com *.pinimg.com *.blogspot.com www.google.com;media-src *.coachseye.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src *.coachseye.com platform.twitter.com staticxx.facebook.com www.youtube.com *.stripe.com;font-src 'self' *.coachseye.com www.techsmith.com use.typekit.net fonts.gstatic.com;connect-src 'self' *.stripe.com performance.typekit.net az416426.vo.msecnd.net dc.services.visualstudio.com *.cloud.tsc-dev.co *.tsc-stage.co *.techsmith.com;frame-ancestors 'self';report-uri https://coachseye.report-uri.com/r/d/csp/reportOnly 1
script-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com data: *.googleadservices.com *.gstatic.com seal-easttexas.bbb.org *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com cdnjs.cloudflare.com *.wdsvc.net *.adsrvr.org 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/content_policy_violation.php 1
default-src 'none'; base-uri 'self'; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com js.intercomcdn.com data: magnetis-herokuapp-com.global.ssl.fastly.net use.fontawesome.com; img-src 'self' data: cdn.jsdelivr.net t.co www.google-analytics.com magnetis-herokuapp-com.global.ssl.fastly.net magnetis-staging-herokuapp-com.global.ssl.fastly.net www.google.com www.google.com.br track.hubspot.com *.intercom.io *.intercomcdn.com www.googletagmanager.com www.facebook.com secure.adnxs.com static.intercomassets.com static.intercom-mail-300.com intercom.help *.cloudfront.net analyticspage.tools *.gstatic.com www.googleadservices.com *.hubspot.net *.doubleclick.net; object-src 'self'; script-src 'self' 'unsafe-eval' js-agent.newrelic.com bam.nr-data.net magnetis-herokuapp-com.global.ssl.fastly.net tagmanager.google.com d2dq2ahtl5zl1z.cloudfront.net static.ads-twitter.com *.hotjar.com js.hs-analytics.net www.googletagmanager.com www.google-analytics.com *.intercom.io js.hs-scripts.com js.usemessages.com js.intercomcdn.com analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net www.googleadservices.com www.facebook.com static.sback.tech viacep.com.br embed.typeform.com cdn.segment.com *.hsleadflows.net *.hsadspixel.net *.branch.io app.link 'nonce-X3WcL015RUItckvxD8l4Qg=='; style-src 'self' https: cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' api.segment.io *.hotjar.com *.intercom.io wss://*.intercom.io wss://*.hotjar.com *.airbrake.io www.google-analytics.com future-value-simulator.herokuapp.com ads.adaptv.advertising.com ajax.googleapis.com analyticspage.tools api.ipify.org bpb.opendns.com code.jquery.com front.shopconvert.com.br front.shoptarget.com.br *.intercomcdn.com www.facebook.com d8myem934l1zi.cloudfront.net br.api4load.com cdn.jsdelivr.net ckies.net connect.facebook.net d2dq2ahtl5zl1z.cloudfront.net fonts.googleapis.com fonts.gstatic.com gj.track.uc.cn gjtrack.ucweb.com js.hs-analytics.net magnetis-herokuapp-com.global.ssl.fastly.net future-value-simulator-staging.herokuapp.com maxcdn.bootstrapcdn.com static.ads-twitter.com *.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com *.loggly.com *.hotjar.io *.hubapi.com *.hubspot.com *.branch.io; child-src 'self' www.youtube.com vars.hotjar.com/ api-iam.intercom.io www.facebook.com  connect.facebook.net www.googletagmanager.com; frame-src 'self' intercom-sheets.com connect.facebook.net www.facebook.com www.googletagmanager.com www.youtube.com vars.hotjar.com www.google.com diagnosticomagnetis.typeform.com *.doubleclick.net; form-action 'self' connect.facebook.net intercom.help www.facebook.com api-iam.intercom.io; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' js.intercomcdn.com; report-uri https://magnetis.report-uri.com/r/d/csp/enforce 1
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/private/csp-report 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.com/ https://pagead2.googlesyndication.com/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.com https://apis.google.com https://accounts.google.com; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.com/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.com http://vk.com https://accounts.google.com/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.es&source%5Bsection%5D=brochure&source%5Buuid%5D=ae2796097e93dd8469acae53ebf49b88 1
script-src 'nonce-GSt0HcnB1sWZPO_nY0a9TA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/private/csp-report 1
Content-Security-Policy: default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.rejoiner.com *.demandjump.com i.simpli.fi www.googletagmanager.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com *.amazon.com *.addthisedge.com *.authorize.net *.beachfrontmedia.com *.s3.amazonaws.com *.payments-amazon.com www.googleadservices.com *.moatads.com vpaid.springserve.net vidoplay.b-cdn.net ucads-cdn.ucweb.com static.vertamedia.com static.ctctcdn.com s0.2mdn.net player-cdn.beachfrontmedia.com imasdk.googleapis.com dtm.advertising.com cdn.pmmapads.com cdn-ssl.vidible.tv ad.lkqd.net 127.0.0.1:* blob:; style-src * data: 'unsafe-inline' blob:; report-uri https://swarming.report-uri.com/r/d/csp/wizard; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.co.uk *.ulsterbank.com *.ulsterbankanytimebanking.co.uk *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankni.report-uri.com/r/t/csp/reportOnly 1
default-src https: wss: 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; frame-src https: 1
default-src 'self' *.facebook.com *.fbcdn.net *.google-analytics.com *.doubleclick.net *.bing.com secure.adnxs.com *.google.com *.google.it go.turboadv.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.bing.com *.turboadv.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;              report-uri /none; 1
default-src 'self'; script-src 'self' 'nonce-f23d03a0-8a26-4832-a412-0b9a1eb712bb' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
default-src 'self'; img-src 'self' https://www.comune.palermo.it// https://s.bookcdn.com/ https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://widgets.booked.net https://connect.facebook.net https://cse.google.com https://www.google-analytics.com https://clients1.google.com; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src https://www.facebook.com https://staticxx.facebook.com https://youtube.com; connect-src 'self' https://www.google-analytics.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; connect-src https: wss:; block-all-mixed-content; report-uri https://4care.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' 'unsafe-inline' blob: https://*.launchdarkly.com https://api.segment.com https://vimeo.com https://player.vimeo.com https://fonts.googleapis.com https://api.segment.io https://fonts.gstatic.com https://api.amplitude.com https://sentry.io ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.kustomerapp.com https://cdn.amplitude.com https://player.vimeo.com https://assets.customer.io https://www.google-analytics.com; img-src 'self' https://www.google.com https://*.doubleclick.net https://*.customer.io https://www.google-analytics.com https://s3.amazonaws.com; 1
script-src 'nonce-GpQOdhThUAQU5vexF0qWSw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' data: *.doubleclick.net *.adriver.ru *.google.ru *.google.com *.criteo.com *.criteo.net tags.soloway.ru vk.com top-fwz1.mail.ru *.facebook.com *.facebook.net www.googletagmanager.com www.googleadservices.com player.vimeo.com *.livetex.ru *.yandex.net *.yandex.ru kontur.ru *.kontur.ru www.google-analytics.com counter.yadro.ru fonts.gstatic.com *.s-microsoft.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.kontur-extern.ru/private/csp-report 1
default-src 'self' https://cdn-static.paw.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-static.paw.cloud https://cdn.ravenjs.com https://ssl.google-analytics.com https://www.google-analytics.com https://platform.twitter.com https://js.stripe.com/; style-src 'unsafe-inline' https://cdn-static.paw.cloud https://fonts.googleapis.com; img-src 'self' data: https://cdn-static.paw.cloud https://ssl.google-analytics.com https://www.gravatar.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src https://cdn-static.paw.cloud https://fonts.gstatic.com; connect-src 'self' https://syndication.twitter.com https://app.getsentry.com https://*.algolia.net https://*.algolianet.com; media-src 'none'; object-src 'none'; frame-src https://platform.twitter.com https://syndication.twitter.com/; block-all-mixed-content; report-uri https://69f11294947f3fb3cb6158678233837a.report-uri.com/r/d/csp/reportonly 1
style-src 'self' 'unsafe-inline' *.tecnoempleo.com *.googleapis.com cdnjs.cloudflare.com *.indeed.com www.googleadservices.com; font-src 'self' *.tecnoempleo.com data: *.gstatic.com *.google-analytics.com  *.googletagmanager.com *.linkedin.com; form-action 'self' *.tecnoempleo.com *.redsys.es; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tecnoempleo.com snap.licdn.com *.google-analytics.com *.googletagmanager.com *.linkedin.com *.recruitics.com *.gstatic.com *.twitter.com static.ads-twitter.com connect.facebook.net *.indeed.com www.googleadservices.com cdnjs.cloudflare.com code.jquery.com *.googleapis.com; frame-src 'self' *.tecnoempleo.com www.youtube.com *.recruitics.com *.redsys.es *.gstatic.com *.linkedin.com 1
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://dmcltd.report-uri.io/r/default/csp/reportOnly; 1
object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://tags.srv.stackadapt.com https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' www.youtube.com *.hotjar.com; script-src 'self' 'nonce-+q7TtN/QUjmk6esFsm3nVw==' report-sample *.google-analytics.com *.googletagmanager.com *.hotjar.com 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://*.googletagmanager.com/; frame-src 'self' vars.hotjar.com www.youtube.com; connect-src 'self' *.pusher.com *.hotjar.io https://sentry.io google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.google-analytics.com res.cloudinary.com stats.g.doubleclick.net google.com *.google.com google.no *.google.no; worker-src 'none'; media-src 'self' https://res.cloudinary.com/obos/; block-all-mixed-content; report-uri /csp-error/; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://zhklrkwwz3qjjxbsljqmqe2b.httpschecker.net/report 1
base-uri 'self'; default-src 'self' https: blob:; font-src 'self' https: data: https://files.clinchtalent.com https://files.career-pages.eu https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net; img-src 'self' https: data: blob: *; object-src 'none'; script-src 'self' blob: https://d3ooc9jud7priz.cloudfront.net https://d14oyx6svlks79.cloudfront.net https://files.clinchtalent.com https://files.career-pages.eu https://*.google-analytics.com https://*.linkedin.com https://*.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.googleapis.com https://*.bing.com https://script.hotjar.com https://www.googletagmanager.com https://*.facebook.com https://*.instagram.com https://*.marketo.com https://use.typekit.net https://*.wistia.net https://*.indeed.com https://*.google.com boards.greenhouse.io 'nonce-GS7PdqwlimPLczoZQDUiUA=='; style-src 'self' https://d3ooc9jud7priz.cloudfront.net https://cdnjs.cloudflare.com https://files.clinchtalent.com https://files.career-pages.eu https://fonts.googleapis.com https://*.youtube.com https://use.typekit.net https://*.indeed.com https://*.google.com 'unsafe-inline'; report-uri /api/v1/public/csp_reports 1
script-src 'nonce-J84c9joIm36NZvKw2Qw4Ag' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src  cpg.dev cmsadmin.dev *.cpg.org 'unsafe-inline' 'unsafe-eval'; options eval-script inline-script; script-src  cpg.dev cmsadmin.dev *.cpg.org 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com ips-invite.iperceptions.com ips-img.iperceptions.com freewebview.com cdn.mxpnl.com edge.omnitwig.com logging.vitruvian.biz my.vocalocity.com pluginext.utop.it savingsslider-a.akamaihd.net solidsaving-a.akamaihd.net secure.shopathome.com services.upromise.com evernote.com superfish.com vitruvianleads.com *.zuznow.com *.siteimprove.com cw.na1.hgncloud.com; img-src cpg.dev cmsadmin.dev *.cpg.org *.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com ips-invite.iperceptions.com ips-img.iperceptions.com freewebview.com cdn.mxpnl.com edge.omnitwig.com logging.vitruvian.biz my.vocalocity.com pluginext.utop.it savingsslider-a.akamaihd.net solidsaving-a.akamaihd.net secure.shopathome.com services.upromise.com evernote.com superfish.com vitruvianleads.com *.zuznow.com *.siteimprove.com cw.na1.hgncloud.com;  media-src cpg.dev cmsadmin.dev *.cpg.org; frame-src cpg.dev cmsadmin.dev *.cpg.org *.surveygizmo.com blip.tv player.vimeo.com youtube.com *.google.com *.gstatic.com; report-uri / 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.es ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.es *.spreadshirt.es ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.es ; font-src 'self' https: data: *.spreadshirt.es ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.es ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.es ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; img-src 'self' https://d300tb5wusuhi2.cloudfront.net https://abenity.s3.amazonaws.com https://assets.abenity.com https://bam.nr-data.net https://chart.apis.google.com https://d300tb5wusuhi2.cloudfront.net https://embedwistia-a.akamaihd.net https://fast.wistia.com https://hexagon-analytics.com https://rdc.rdcimage.com https://s3.amazonaws.com https://sealserver.trustkeeper.net https://stats.g.doubleclick.net https://translate.google.com https://www.facebook.com https://www.google-analytics.com https://www.gstatic.com https://www.movienewsletters.net https://www.valpak.com android-webview-video-poster: blob: data:; font-src 'self' https://d300tb5wusuhi2.cloudfront.net https://fast.wistia.com https://fonts.gstatic.com https://use.fontawesome.com data:; object-src 'none'; connect-src 'self' https://d300tb5wusuhi2.cloudfront.net http://distillery.wistia.com http://pipedream.wistia.com https://bam.nr-data.net https://distillery.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://app.wistia.com https://bam.nr-data.net https://cdn.siftscience.com https://cdn.walkme.com https://cdn-javascript.net https://connect.facebook.net https://fast.wistia.com https://js-agent.newrelic.com https://maps.googleapis.com https://s3.amazonaws.com https://sealserver.trustkeeper.net https://static-resource.com https://www.google-analytics.com about: asset: blob: data: eval:; style-src 'self' 'unsafe-inline' https://d300tb5wusuhi2.cloudfront.net https://fonts.googleapis.com https://s3.amazonaws.com https://translate.googleapis.com; media-src 'self' https://d300tb5wusuhi2.cloudfront.net http://media.westworldmedia.com https://embedwistia-a.akamaihd.net blob: data:; frame-src 'self' https://d300tb5wusuhi2.cloudfront.net https://abenityinc.freshdesk.com https://embedwistia-a.akamaihd.net https://fast.wistia.com ms-appx-web:// fillr:; manifest-src 'self' http://login9.cpsserv.com; report-uri https://api.abenity.com/public/csp-logger.json; 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/tristarengines.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' widget.trustpilot.com twitter.com cdn.checkout.com *.gstatic.com googleads.g.doubleclick.net *.twitter.com cdn.mouseflow.com  js-agent.newrelic.com   *.googleapis.com  *.nr-data.net *.googleadservices.com *.ads-twitter.com intl-tel-input.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.freshchat.com *.freshmarketer.com *.cloudflare.com *.google.com;style-src 'self' 'unsafe-inline' cdn.checkout.com *.googleapis.com *.cloudflare.com *.freshchat.com;img-src 'self' data: stats.g.doubleclick.net *.gstatic.com cx.atdmt.com www.google-analytics.com *.google.co.uk *.google.nl *.google.ro *.google.dk *.google.it *.google.co.id *.google.co.in *.google.com.br *.google.com.gh *.google.com.ph *.google.qa *.google.tr *.google.dz *.google.gr *.google.je *.google.pl *.google.sn  *.google.se *.google.ie *.google.cz *.google.fr *.google.es *.google.de cdn.acemoneytransfer.com *.google.com.pk *.google.com.ng *.google.be *.google.fi *.google.com.mt *.google.com.bd *.google.com.cy *.google.ca *.google.no *.google.ci *.google.bj *.google.ae *.google.at *.google.pt *.google.com.au *.trustly.com t.co *.facebook.com *.checkout.com ace-promotions.s3-eu-west-1.amazonaws.com *.google.iq customer-id-documents.s3.eu-west-2.amazonaws.com *.google-analytics.com *.googletagmanager.com *.google.com; font-src 'self' *.cloudflare.com cdn.checkout.com *.googleapis.com *.gstatic.com; form-action 'self' *.creditmutuel.fr *.wlp-acs.com gw1.judopay.com pay.judopay-sandbox.com secure.ogone.com;frame-src 'self'  *.wirecard.com *.freshchat.com *.checkout.com widget.trustpilot.com *.facebook.com *.youtube.com bid.g.doubleclick.net *.google.com *.googletagmanager.com; connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.mouseflow.com; report-uri https://ace4news.com/dev/csp-reporting.php 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.it ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.it *.spreadshirt.it ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.it ; font-src 'self' https: data: *.spreadshirt.it ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.it ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.it ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'nonce-jL8kG_ePFFEa_EUhd7nyng' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=9vam39teurerp&partner=; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; report-uri /nelmio/csp/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.hk&source%5Bsection%5D=brochure&source%5Buuid%5D=543a2f338add022af7450e6d3618a883 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1
default-src 'self' 'unsafe-inline' data: *.csbs.org *.googleapis.com *.gstatic.com *.googleusercontent.com *.google.com *.addtoany.com *.twitter.com *.twimg.com *.dayforcehcm.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.youtube.com *.cld.bz *.tableau.com  *.powerbi.com *.soundcloud.com soundcloud.com govmatters.tv youtu.be *.hotjar.com; report-uri /report-csp-violation 1
require-sri-for script; require-sri-for style 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://2gub4a67k9.execute-api.eu-central-1.amazonaws.com/csp/ 1
default-src 'self' https: 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; report-uri https://escalated.io/code/cspreport 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /i/csp-report 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src youtube.com youtube-nocookie.com www.google.com www.facebook.com staticxx.facebook.com mc.yandex.ru mc.yandex.md; connect-src 'self' tomesto.ru wss://api.tomesto.ru api.tomesto.ru www.google-analytics.com stats.g.doubleclick.net *.bugsnag.com api.mixpanel.com api-js.mixpanel.com mxpnl.net www.facebook.com/tr/ mc.yandex.ru mc.yandex.md top-fwz1.mail.ru dadata.ru/api/ formgeek.net api.amplitude.com bam.nr-data.net gcdn.tomesto.ru; font-src 'self' fonts.gstatic.com data:; form-action 'self' www.facebook.com/tr/; img-src 'self' data: https:; manifest-src 'none'; media-src 'self' tomesto.ru *.tomesto.ru; object-src 'self'; plugin-types application/pdf; script-src 'self' 'unsafe-inline' 'unsafe-eval' tomesto.ru *.tomesto.ru www.google-analytics.com d2wy8f7a9ursnm.cloudfront.net mc.yandex.ru mc.yandex.md connect.facebook.net top-fwz1.mail.ru formgeek.net cdn4.mxpnl.com maps.google.com maps.googleapis.com js-agent.newrelic.com bam.nr-data.net dadata.ru/static/ cdn.amplitude.com; style-src 'self' 'unsafe-inline' tomesto.ru *.tomesto.ru fonts.googleapis.com dadata.ru/static/; worker-src 'none'; report-uri https://api.tomesto.ru/csp_report 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=iregiony&d=2019-12-09 1
default-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk www.youtube-nocookie.com; script-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk cdn.ravenjs.com ssl.google-analytics.com www.google-analytics.com static.addtoany.com dfsrovckda8bt.cloudfront.net hitcounter.servmetric.com www.google.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com *.googleapis.com www.googletagmanager.com platform.twitter.com babm.texthelp.com plus.browsealoud.com *.tawk.to cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ websurveys2.servmetric.com websurveys2.govmetric.com hitcounter.govmetric.com content.govdelivery.com cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.charnwood.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.google.com maps.google.co.uk *.googleapis.com plus.browsealoud.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com websurveys2.govmetric.com websurveys2.servmetric.com 'unsafe-inline'; img-src 'self' data: www.charnwood.gov.uk secure.cuttlefish.com static.cuttlefish.com ssl.google-analytics.com www.google-analytics.com dfsrovckda8bt.cloudfront.net www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com maps-api-ssl.google.com babm.texthelp.com plus.browsealoud.com syndication.twitter.com platform.twitter.com stats.g.doubleclick.net cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com abs.twimg.com https://*.ggpht.com static-v.tawk.to websurveys2.govmetric.com websurveys2.servmetric.com content.govdelivery.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com static-v.tawk.to; connect-src 'self' www.charnwood.gov.uk ssl.google-analytics.com www.google-analytics.com translate.googleapis.com babm.texthelp.com plus.browsealoud.com baspeech.speechstream.net sentry.cuttlefish.com https://stats.g.doubleclick.net *.tawk.to wss://*.tawk.to https://api.mixpanel.com; frame-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk static.addtoany.com platform.twitter.com syndication.twitter.com www.facebook.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ va.tawk.to websurveys2.govmetric.com; media-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk baspeech.speechstream.net; frame-ancestors 'self' www.charnwood.gov.uk my.charnwood.gov.uk; child-src 'self' va.tawk.to; form-action 'self' www.charnwood.gov.uk my.charnwood.gov.uk pa.charnwood.gov.uk va.tawk.to https://public.govdelivery.com/accounts/UKCHARNWOOD/subscribers/qualify; report-uri https://us-central1-domains-174713.cloudfunctions.net/csp?report_only; 1
default-src 'none'; form-action 'self' https://*.pensionsmyndigheten.se https://*.legitimeringstjanst.se https://*.underskriftstjanst.se https://*.minpension.se https://idp-sweden-connect-valfr-2017.prod.frejaeid.com https://connector.eidas.swedenconnect.se; frame-ancestors 'none'; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.pensionsmyndigheten.se https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://f1-eu.readspeaker.com https://translate.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pensionsmyndigheten.se https://f1-eu.readspeaker.com https://*.usabilla.com https://track.adform.net https://web.easyresearch.se https://d6tizftlrpuof.cloudfront.net https://system.webday.se https://translate.googleapis.com https://connect.facebook.net https://ajax.googleapis.com; img-src 'self' https://*.pensionsmyndigheten.se data: https://ppm.112.2o7.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.gstatic.com https://img.youtube.com https://www-dist.minpension.se https://f1-eu.readspeaker.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://translate.googleapis.com; frame-src 'self' https://*.youtube.com https://d6tizftlrpuof.cloudfront.net https://*.readspeaker.com https://system.webday.se https://*.netigate.se; media-src 'self' https://*.readspeaker.com; report-uri https://pensionsmyndigheten.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-cloud.net ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ 1
default-src 'self' data: *.express-scripts.com *.accredo.com *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.cloudfront.net *.qualtrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com *.everestjs.net *.cloudflare.com *.rawgit.com *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.s3.amazonaws.com *.dialogtech.com *.cloudfront.net *.marketo.net *.qualtrics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net; object-src 'self' *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.s3.amazonaws.com *.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.express-scripts.com *.accredo.com *.cloudflare.com *.s3.amazonaws.com *.amazonaws.com; img-src 'self' data: *.accredo.com accredo.com expressscripts.sc.omtrdc.net *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net esi-drupal-cdn-prod.s3.amazonaws.com *.boltdns.net *.qualtrics.com; media-src 'self' blob: *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.brightcove.com *.dotsub.com *.express-scripts.com *.accredo.com *.s3.amazonaws.com *.boltdns.net *.brightcovecdn.com *.qualtrics.com; frame-src 'self' abesiemsen.github.io *.s3.amazonaws.com *.amazonaws.com *.s3.amazonaws.com  *.qualtrics.com; child-src 'self' blob: *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.express-scripts.com *.accredo.com; font-src * 'self' data: fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com *.amazonaws.com *.accredo.com accredo.com; connect-src 'self' *.express-scripts.com expressscriptsholdin.tt.omtrdc.net dpm.demdex.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net dotsub.com *.s3.amazonaws.com *.accredo.com *.boltdns.net *.brightcovecdn.com *.mktoresp.com *.qualtrics.com; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' assets.chargeover.com *; connect-src 'self' api.segment.io api.chatlio.com api-cdn.chatlio.com *.pingdom.net geoip-js.maxmind.com; media-src w.chatlio.com; object-src 'self'; worker-src 'none'; img-src 'self' data: *.chargeover.com assets.chargeover.com ssl.gstatic.com www.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com www.google.com; style-src 'self' 'unsafe-inline' assets.chargeover.com fonts.googleapis.com w.chatlio.com tagmanager.google.com; font-src 'self' data: *.chargeover.com fonts.gstatic.com w.chatlio.com; frame-src player.vimeo.com bid.g.doubleclick.net; frame-ancestors 'none'; form-action 'self'; report-uri https://app.chargeover.com/contentsecuritypolicy 1
script-src 'self' 'unsafe-inline' https://v2.zopim.com https://static.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; report-uri https://selectra.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' https://createsend.com; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.twitter.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com platform.twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /report-csp-violation; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ieep.createsend.com https://www.google-analytics.com/analytics.js https://*.twitter.com https://*.twimg.com https://js.createsend1.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com platform.twitter.com https://*.twimg.com; 1
default-src *.gstatic.com *.googleapis.com *.sharethis.com *.google-analytics.com cdnjs.cloudflare.com ; script-src *.gstatic.com *.googleapis.com *.sharethis.com *.google-analytics.com cdnjs.cloudflare.com maps.google.com *.sharethis.mgr.consensu.org 'self' 'unsafe-inline' *.ckeditor.com *.youtube.com *.ytimg.com *.googletagmanager.com; object-src 'self'; style-src fonts.googleapis.com *.sharethis.com *.constellium.com 'unsafe-inline' *.ckeditor.com; img-src *.g.doubleclick.net *.gstatic.com maps.google.com *.google-analytics.com data: 'self' cdn.ckeditor.com; media-src 'self'; frame-src *.sharethis.com *.sharethis.mgr.consensu.org *.youtube.com youtu.be 'self'; frame-ancestors 'self'; child-src 'self'; font-src fonts.gstatic.com *.constellium.com; connect-src *.sharethis.com 'self'; report-uri /report-csp-violation 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5b0dfxfhuka0vuk5ju0see3i.httpschecker.net/report 1
default-src 'none';script-src 'self' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com https://storage.googleapis.com www.youtube.com *.ytimg.com https://az416426.vo.msecnd.net https://www.snapengage.com 'sha256-/T8ei2agBozQQf3bDP88s4kGQHpPZ895F7C9leXiAuI=' 'sha256-84SdRJ3V5kHdFpCNyPHV65PvbVR7CrU+frk6XrjiJYk=' 'sha256-tlnnbbyW1jYRDa/xbAikIzyAehZr5yVUewyVV0ES5Fo=' 'sha256-YMXr6nR4Y24J/A3BV0rsAejvq8rQNrZPFXrMwPNInMY=' 'sha256-dZB5CgpmP37thT2f4phKMohGYLl6vnHS9aV6jLXI/Ww=' 'sha256-270dzOys3KjArpkwzugCwnTIScNZF0OAftN0dXMjFn0=' 'sha256-YdzAfGxOs9AMecT6I4/YEdEWdLYO3yZER2AJxJle9Wg=' 'sha256-pDSwtKqiYezpPoJIKuKQi7lyp3nPhHS+zVOEt81jLe0=';object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-PLhQ1IguHjjEeFz1rcHAp1G0kdXEviAPtpMGhKEoxLw=' 'sha256-NJ45L53GQHjbanjFYsFzNI6wUt9suktEt2cgKsSVXPI=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=';img-src 'self' https://www.google-analytics.com https://storage.googleapis.com;media-src 'none';frame-src 'self' www.youtube.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' https://api.ipgeolocation.io;child-src www.youtube.com;form-action 'self' https://az416426.vo.msecnd.net https://www.snapengage.com;worker-src 'self' blob:;report-uri /api/csp-report/log 1
default-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net  pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net  *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com trc.taboola.com;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg http://i.imgur.com i.imgur.com fast.wistia.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbfweb.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src https://static.groklearning-cdn.com 'nonce-5whl5oo5HfZJuvI26sKofpPE' https://groklearning.com https://mathjax.groklearning-cdn.com https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net connect.facebook.net https://www.google-analytics.com; style-src https://static.groklearning-cdn.com 'unsafe-inline' https://mathjax.groklearning-cdn.com https://d12wqas9hcki3z.cloudfront.net https://djtflbt20bdde.cloudfront.net https://fonts.googleapis.com; img-src 'self' data: https://groklearning-cdn.com https://static.groklearning-cdn.com https://web.comp.gl www.facebook.com web.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com d33v4339jhl8k0.cloudfront.net https://www.gravatar.com; connect-src 'self' https://groklearning-cdn.com https://static.groklearning-cdn.com wss://realtime.groklearning.com wss://terminals.groklearning.com wss://sandbox.comp.gl wss://*.sandbox.comp.gl https://preview.comp.gl https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.groklearning.io https://secure.helpscout.net https://api.ipify.org https://docs.groklearning.io; font-src https://static.groklearning-cdn.com https://mathjax.groklearning-cdn.com https://fonts.gstatic.com; object-src https://djtflbt20bdde.cloudfront.net; media-src https://static.groklearning-cdn.com https://groklearning-cdn.com; frame-src 'self' https://static.groklearning-cdn.com https://web.comp.gl cybersecurity.comp.gl pxtmicrobit.comp.gl https://djtflbt20bdde.cloudfront.net staticxx.facebook.com *.sandbox.comp.gl preview.comp.gl *.preview.comp.gl; child-src 'self' https://web.comp.gl cybersecurity.comp.gl pxtmicrobit.comp.gl https://djtflbt20bdde.cloudfront.net *.facebook.com; form-action 'self' https://www.paypal.com; base-uri docs.helpscout.net; report-uri /csp/report-violation/ 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src 'self' https:; child-src 'self' vimeo.com player.vimeo.com www.google.com; connect-src wss://* 'self' *.intercom.io *.intercomcdn.com s3.amazonaws.com js.leadin.com js.hs-scripts.com forms.hubspot.com; font-src data: *; img-src data: 'unsafe-inline' *; object-src 'none'; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; upgrade-insecure-requests; report-uri https://cobalt.report-uri.io/r/default/csp/enforce 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https:; frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://rules.quantcount.com/ https://ajax.googleapis.com/ https://secure.quantserve.com/quant.js https://assets.delvenetworks.com/player/embed.js https://ssl.google-analytics.com/ga.js; img-src 'self' https://img.delvenetworks.com/ https://secure.quantserve.com/pixel/p-65annTnPZswCE.gif https://ssl.google-analytics.com/ https://pixel.quantserve.com/ data:; style-src 'self' 'unsafe-inline'; report-uri https://efxcsptest.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' data: gap: wss: ws: http: https: android-webview-video-poster:; script-src 'self' 'unsafe-inline' http://www.gstatic.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.intercomcdn.com https://www.googletagmanager.com https://*.mxpnl.com https://*.intercom.io https://*.polyfill.io https://*.stripe.com https://*.cloudinary.com 'nonce-IiXfWzI5kXw3wIhLnhGJx'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self'; report-uri /api/__cspreport__ 1
default-src https: ws:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
script-src 'nonce-Dv3402qCN7uEjEaPghn_7g' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src 'self' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.sharethis.com  *.sharethis.mgr.consensu.org; script-src 'self' 'unsafe-inline' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.newrelic.com *.nr-data.net *.aviary.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.adobedtm.com 'unsafe-eval' *.bizographics.com *.mookie1.com *.licdn.com *.google-analytics.com meetingsimagined.com *.tiqcdn.com *.linkedin.com *.mookie1.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.typography.com *.aviary.com *.sharethis.com; img-src 'self' *.meetingsimagined.com:* *.marriott.com meetingsimagined.com *.google-analytics.com *.linkedin.com *.sharethis.com; frame-src 'self' *.tiqcdn.com *.sharethis.com; font-src * data:; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; media-src 'self' *.lpsnmedia.net; connect-src 'self' *.addthis.com; script-src 'unsafe-inline' 'unsafe-eval' *.ihi.com *.liveperson.net *.statcamp.net *.tiqcdn.com *.lpsnmedia.net *.addthis.com *.addthisedge.com *.sitecore.net *.altapaysecure.com; img-src 'self' *; style-src 'unsafe-inline' *.ihi.com; frame-src * *.lpsnmedia.net *.addthis.com *.sitecore.net *.altapaysecure.com; frame-ancestors 'self' *.sitecore.net; report-uri https://b7721d9ad86b5309f9f32cb683371289.report-uri.com/r/d/csp/enforce; 1
default-src 'self' https://www.google.com; connect-src 'self' https://vimeo.com https://sentry.io https://app.zencoder.com https://checkout.stripe.com https://www.google-analytics.com https://rs.fullstory.com https://www.facebook.com 1q-askvert-assets-prod.s3.amazonaws.com 1q-video-input-prod.s3.amazonaws.com blob:; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://player.vimeo.com http://player.vimeo.com https://platform.twitter.com https://checkout.stripe.com https://staticxx.facebook.com; img-src * data: blob:; media-src blob: https://d3g65oypf6prn3.cloudfront.net https://d1rhiywm6dcjyw.cloudfront.net; script-src 'self' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://platform.twitter.com https://checkout.stripe.com https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://fullstory.com https://vimeo.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; report-uri https://sentry.io/api/1263064/security/?sentry_key=8a5ec54260bb45868b737b446557eaa0 1
child-src 'self' blob:; connect-src 'self' https://*.doctena.be https://*.doctena.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.mapbox.com https://*.tiles.mapbox.com; default-src 'self'; font-src 'self' data: https://*.doctena.com https://*.gstatic.com; frame-src 'self' https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com; img-src 'self' blob: data: https://*.cloudinary.com https://*.doctena.be https://*.doctena.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.at https://*.google.be https://*.google.bg https://*.google.ca https://*.google.ch https://*.google.cm https://*.google.co.cr https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.co.za https://*.google.com https://*.google.com.ar https://*.google.com.co https://*.google.com.eg https://*.google.com.hk https://*.google.com.mt https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hr https://*.google.ie https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' about: data: https://*.cloudflare.com https://*.doctena.be https://*.doctena.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.rijedegevu.com; style-src 'self' 'unsafe-inline' https://*.doctena.be https://*.doctena.com https://*.googleapis.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_95372572bb0e4bc8aa84cd78470247c3 1
default-src 'none'; img-src 'self' data: https://q.quora.com https://www.google.com/ads https://www.google.co.uk/ads https://static.localcoinswap.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://insights.hotjar.com https://static.hotjar.com; font-src 'self' data: https://static.localcoinswap.com https://fonts.gstatic.com https://static.hotjar.com; media-src 'self' https://static.localcoinswap.com; script-src 'self' https://localcoinswap.com https://static.localcoinswap.com https://maps.googleapis.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.onesignal.com https://onesignal.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.localcoinswap.com https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' https://vc.hotjar.io https://api.ipify.org wss://localcoinswap.com https://sentry.localcoinswap.com https://www.facebook.com/tr/ https://maps.google.com https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://www.google.com https://vars.hotjar.com https://onesignal.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://static.localcoinswap.com; report-uri https://localcoinswap.com/report-csp-violation/ 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://pmjsulxvuv1wvuwvesziy6jt.httpschecker.net/report 1
object-src 'none';base-uri 'self';script-src 'nonce-WHTcDjBZT+kQ7yI32y9u' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk ajax.googleapis.com apps.nestle.com apps.nestle.co.uk https://js-agent.newrelic.com https://static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.krxd.net *.serving-sys.com *.facebook.net *.cloudfront.net bfred-it.github.io bam.nr-data.net *.hypemarks.com *.cloudflare.com *.wowza.com momentjs.com *.serving-sys.com; style-src 'self' 'unsafe-inline' *.acsitefactory.com fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.wowza.com *.addtoany.com; img-src 'self' 'unsafe-inline'  data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com *.youtube.com *.facebook.com *.krxd.net www.googletagmanager.com; media-src 'self' 'unsafe-inline' blob: *.akamaihd.net *.sanpellegrinofruitbeverages.com; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.fls.doubleclick.net *.facebook.com *.hypemarks.com *.krxd.net *.nestle-watersna.com s.amazon-adsystem.com; child-src 'self' blob: static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.fls.doubleclick.net *.sanpellegrinofruitbeverages.com s.amazon-adsystem.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://collect.analyze.ly *.serving-sys.com *.doubleclick.net *.akamaihd.net *.krxd.net; report-uri /us/report-csp-violation 1
default-src *.cookcountyboardofreview.com; report-uri /report-csp-violation 1
policy-uri /http://204.131.106.240:10514 1
default-src 'self' http://www.westlotto.de https://www.westlotto.de http://westlotto.de https://westlotto.de http://wlresults.westlotto.com https://wlresults.westlotto.com http://ergebnisse.westlotto.com https://ergebnisse.westlotto.com http://www.westlotto.com https://www.westlotto.com http://www.youtube.com https://www.youtube.com http://start.unblu.com https://start.unblu.com http://cdn.unblu.com https://cdn.unblu.com http://t23.intelliad.de https://t23.intelliad.de http://s.ytimg.com https://s.ytimg.com http://scripts.psyma.com https://scripts.psyma.com http://maps.googleapis.com https://maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com http://fonts.gstatic.com https://fonts.gstatic.com http://fonts.googleapis.com https://fonts.googleapis.com http://fount.artequalswork.com https://fount.artequalswork.com http://error.westlotto.de https://error.westlotto.de http://api.ciuvo.com https://api.ciuvo.com http://westlotto.perbit-job.de https://westlotto.perbit-job.de http://www.lotto-thueringen.de https://www.lotto-thueringen.de http://bs.serving-sys.com https://bs.serving-sys.com http://secure-ds.serving-sys.com https://secure-ds.serving-sys.com http://data1.open-dog.com https://data1.open-dog.com http://act.webmasterplan.com https://act.webmasterplan.com http://tags.tiqcdn.com https://tags.tiqcdn.com http://westlotto01.webtrekk.net https://westlotto01.webtrekk.net http://app-westlotto.loyjoy.com https://app-westlotto.loyjoy.com http://westlotto.loyjoy.com https://westlotto.loyjoy.com http://www.paypal.com https://www.paypal.com http://www.paypalobjects.com https://www.paypalobjects.com wss://www.westlotto.com wss://westlotto.com wss://www.westlotto.de wss://westlotto.de data: blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' http://www.westlotto.de https://www.westlotto.de http://westlotto.de https://westlotto.de http://www.westlotto.com https://www.westlotto.com http://westlotto.com https://westlotto.com http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.unblu.com http://cdn.unblu.com data: ; img-src 'self' http://www.westlotto.de https://www.westlotto.de http://westlotto.de https://westlotto.de http://www.westlotto.com https://www.westlotto.com http://csi.gstatic.com https://csi.gstatic.com http://maps.gstatic.com https://maps.gstatic.com http://www.gstatic.com https://www.gstatic.com http://maps.googleapis.com https://maps.googleapis.com http://www.google-analytics.com https://www.google-analytics.com http://westlotto01.webtrekk.net https://westlotto01.webtrekk.net http://app-westlotto.loyjoy.com https://app-westlotto.loyjoy.com http://westlotto.loyjoy.com https://westlotto.loyjoy.com http://fbc.wcfbc.net https://fbc.wcfbc.net http://lh3.ggpht.com https://lh3.ggpht.com data: blob: ; child-src 'self' http://www.westlotto.de https://www.westlotto.de http://westlotto.de https://westlotto.de https://cdn.unblu.com https://cdn.unblu.com http://www.youtube.com https://www.youtube.com http://www.sparkassen-internetkasse.de https://www.sparkassen-internetkasse.de http://ciuvo.com https://ciuvo.com http://westlotto.perbit-job.de https://westlotto.perbit-job.de; http://partners.webmasterplan.com https://partners.webmasterplan.com frame-src 'self' http://www.westlotto.de https://www.westlotto.de http://westlotto.de https://westlotto.de http://ergebnisse.westlotto.com https://ergebnisse.westlotto.com http://cdn.unblu.com https://cdn.unblu.com http://www.youtube.com https://www.youtube.com http://www.sparkassen-internetkasse.de https://www.sparkassen-internetkasse.de http://ciuvo.com https://ciuvo.com http://westlotto.perbit-job.de https://westlotto.perbit-job.de http://partners.webmasterplan.com https://partners.webmasterplan.com data: ; block-all-mixed-content; reflected-xss block; base-uri 'self'; report-uri /csp_to_mail_wlcom.php 1
default-src 'self' syndication.twitter.com; script-src js.suedtirolerland.it 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.suedtirolerland.it css.suedtirolerland.it www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.suedtirolerland.it js.suedtirolerland.it; font-src css.suedtirolerland.it; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.slachtofferhulp.nl apps.mypurecloud.com dhqbrvplips7x.cloudfront.net *.gstatic.com fonts.googleapis.com vimeo.com *.vimeo.com *.typekit.net *.hotjar.com dc.services.visualstudio.com *.vo.msecnd.net www.googletagmanager.com *.google.com *.google.nl googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com; report-uri https://slachtofferhulp.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com scotland.shinyapps.io; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' embed.tawk.to cdn.jsdelivr.net code.jquery.com maps.gstatic.com www.google-analytics.com www.googletraveladservices.com www.googletagmanager.com script.google.com fonts.googleapis.com pagead2.googlesyndication.com adservice.google.com adservice.google.co.kr www.googletagservices.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' code.jquery.com cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' tawk.link static-v.tawk.to cdn.jsdelivr.net www.google-analytics.com code.jquery.com; media-src 'self' static-v.tawk.to; object-src 'self'; report-uri https://malwarezero.report-uri.io/r/default/csp/readOnly 1
report-uri https://dtagovau.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; script-src 'self' https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=IN&lang=en-IN&device=desktop&yrid=6suq3lteuront&partner=; 1
report-uri /api/log_csp_event 1
default-src 'self'; img-src 'self' data: shareasale.com *.bizrate.com *.connexity.net *.scanalert.com *.feedburner.com *.authorize.net dkolz1uzvia15.cloudfront.net dts57qhtf7twy.cloudfront.net d2ldlvi1yef00y.cloudfront.net *.googletagmanager.com  https://*.google-analytics.com gammonvillage.com www.gammonvillage.com https://*.visa.com https://*.paypal.com ssl.comodo.com sealserver.trustwave.com *.paypalobjects.com bat.bing.com https://*.doubleclick.net *.online-metrix.net *.whoson.com *.twitter.com *.bizrateinsights.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yieldmanager.com *.msn.com *.bootstrapcdn.com *.bizrate.com *.amazon.com bat.bing.com *.authorize.net *.payments-amazon.com *.googleadservices.com *.doubleclick.net *.mastercard.com *.paypal.com *.paypalobjects.com *.aexp-static.com *.clickguard.com cdnjs.cloudflare.com *.googlesyndication.com *.google.com cdn.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.visa.com sealserver.trustwave.com *.online-metrix.net *.whoson.com *.facebook.net *.twitter.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.amazon.com io.clickguard.com *.visa.com *.google-analytics.com *.doubleclick.net; frame-src 'self' *.visa.com *.mastercard.com *.americanexpress.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com *.doubleclick.net *.online-metrix.net *.twitter.com *.facebook.com; object-src *.visa.com; report-uri https://gammonvillage.report-uri.com/r/d/csp/wizard; report-to default 1
object-src 'none'; script-src https://apis.google.com/js/api.js 'nonce-/A3QQrsnG7GHmjBm1ta15g==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://js.stripe.com https://www.google.com/recaptcha/ https://form.jotform.com https://submit.jotform.us https://www.docdroid.com https://kkb-production.jupyter-proxy.kaggle.net; base-uri 'none'; report-uri /csp/report 1
; report-uri 1
script-src 'nonce-59W12eYmEMhLLcDhjSS9Uw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
default-src https: ; script-src https: 'unsafe-inline'; img-src https: ; style-src https: 'unsafe-inline' ; block-all-mixed-content; report-uri https://uflib.report-uri.com/r/d/csp/reportOnly 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.nz:*; frame-ancestors *.calypso.net.au *.flightcentre.co.nz; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' https://tag.yieldoptimizer.com https://www.gstatic.com https://cdn.polyfill.io https://code.jquery.com https://cdnjs.cloudflare.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://*.responsetap.com https://*.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://use.fontawesome.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://storify.com https://fonts.gstatic.com data:; child-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; frame-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; connect-src 'self' https://*.google-analytics.com https://*.facebook.com https://*.doubleclick.net https://api.trustpilot.com https://*.google.com; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/reportOnly; media-src 'self'; worker-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com *.doubleclick.net *.msecnd.net *.hotjar.net *.hotjar.com *.amazon-adsystem.net *.facebook.net *.zopim.com *.youtube.com;object-src 'none';style-src 'self' 'unsafe-inline' *.googleapis.com tagmanager.google.com;img-src 'self' *.unitestudents.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.google.co.uk *.facebook.com *.amazon-adsystem.com *.omnitagjs.com *.doubleclick.net *.zopim.com data: api.mapbox.com;media-src 'none';frame-src 'self' tagmanager.google.com *.doubleclick.net *.hotjar.com *.amazon-adsystem.com *.youtube.com;font-src 'self' tagmanager.google.com *.zopim.com fonts.gstatic.com data:;connect-src 'self' *.visualstudio.com tagmanager.google.com *.google-analytics.com *.zopim.com wss://widget-mediator.zopim.com;frame-ancestors 'self' tagmanager.google.com *.unitestudents.com;report-uri /WebResource.axd?cspReport=true 1
script-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com gitcdn.github.io www.google-analytics.com kit.fontawesome.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com gitcdn.github.io cdnjs.cloudflare.com kit-free.fontawesome.com; img-src 'self' data: www.google-analytics.com code.jquery.com ffbeequip.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com kit-free.fontawesome.com; connect-src 'self' www.google-analytics.com firebasestorage.googleapis.com https://api.github.com https://discordapp.com https://api.imgur.com/3/image; media-src 'none'; object-src 'none'; child-src 'self'; worker-src 'self'; frame-src 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://ffbeequip.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google.com/jsapi https://ssl.google-analytics.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn.jsdelivr.net/webshim/ https://www.youtube.com/iframe_api https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/ https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.de https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com http://kendo.cdn.telerik.com https://pbs.twimg.com; media-src 'self' https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/; frame-src data: https://berenberg-staging.factsheetslive.com https://www.berenberg.de/my_templates/ https://www.youtube.com; child-src https://www.youtube.com; connect-src 'self' https://karriere.berenberg.de; report-uri https://bego.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'nonce-d6a47037-ba88-4aa0-a1ba-0c7472e7c81b' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://cwlvpkmvvatrszaoarsm7ffl.httpschecker.net/report 1
default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net www.facebook.com intranet.microk12.com middleman.microk12.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' accounts.us.stockinthechannel.com app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com www.facebook.com; frame-ancestors accounts.us.stockinthechannel.com; img-src * data:; media-src 'self' images.us.stockinthechannel.com media.stockinthechannel.com; manifest-src images.us.stockinthechannel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.us.stockinthechannel.com images.us.stockinthechannel.com static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com analytics.twitter.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://blogscanada.ca/z-log.php 1
script-src 'nonce-1kGHTCnAoxjcd8hLfcpl1MmfVi6PgDe2L7tHqZyE0I8=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample';object-src 'self' https://*.kc-usercontent.com;base-uri 'self';report-uri https://kenticocloud.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.qa.carwise.com/ https://www.carwise.com https://www.google-analytics.com http://www.google-analytics.com ws:; child-src https://www.qa.carwise.com/ https://www.carwise.com; img-src blob: 'self' https://www.google.com https://www.google.ca https://www.google.com.mx https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://www.qa.carwise.com https://www.carwise.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src https://www.qa.carwise.com https://www.carwise.com; object-src 'none'; report-uri /api/error/content_violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' *.googleapis.com *.instagram.com *.cdninstagram.com *.cloudflare.com *.fonts.net *.typography.com *.amazonaws.com *.google.com *.youtube.com *.vimeo.com *.gstatic.com *.oniqa.com *.onenorth.com *.tklaw.com *.oniedge.com *.googletagmanager.com *.google-analytics.com 1
script-src 'nonce-5I9uml6k6kZygnzaEsC9qQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; img-src 'self' 'unsafe-inline' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.bugyard.io *.twitter.com *.bamboohr.com *.ampproject.org *.cloudflare.com agorbatchev.typepad.com  *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.marketo.com *.marketo.net munchkin.marketo.net *.drift.com *.driftt.com *.swiftypecdn.com *.addtoany.com *.googleadservices.com *.doubleclick.net *.disqus.com *.disquscdn.com; frame-src 'self' *.youtube.com disqus.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.driftt.com *.addtoany.com *.marketo.com *.marketo.net *.doubleclick.net *.twitter.com www.youtube-nocookie.com ; object-src 'self'; report-uri https://gridgain.report-uri.com/r/d/csp/reportOnly 1
report-uri /csp-report-collector; default-src 'none'; script-src 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss:; img-src 'self' data: https:; font-src data: https:; media-src blob: https:; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=metroh&d=2019-12-09 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; media-src 'self' blob: data: https: *.idnes.cz; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ocko&d=2019-12-09 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/nuaire.com; 1
default-src; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://consent.cookiebot.com/uc.js https://consent.cookiebot.com/97d3b191-ad18-48f5-80ae-d62b3aea1449/cc.js https://consentcdn.cookiebot.com/consentconfig/97d3b191-ad18-48f5-80ae-d62b3aea1449/state.js https://consent.cookiebot.com/b5074936-b18e-4414-88f2-8de62ed0b7c9/cc.js https://consentcdn.cookiebot.com/consentconfig/b5074936-b18e-4414-88f2-8de62ed0b7c9/state.js https://consent.cookiebot.com/6354fd3d-924e-434a-955c-43d3db73e62d/cc.js https://consentcdn.cookiebot.com/consentconfig/6354fd3d-924e-434a-955c-43d3db73e62d/state.js http://w.usabilla.com/8f9054bf779b.js http://w.usabilla.com/cbf59fb24a0a.js http://w.usabilla.com/6feb7f1df1ac.js http://w.usabilla.com/99158a893ac6.js https://chat.vanlanschot.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://sjs.bizographics.com https://bat.bing.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.linkedin.com/px https://px.ads.linkedin.com https://www.googleadservices.com https://maps.googleapis.com https://deploy.mopinion.com/js/pastease.js https://collect.mopinion.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://chat.vanlanschot.nl;img-src 'self' https://www.google-analytics.com https://insights.hotjar.com https://static.hotjar.com http://static.hotjar.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://stats.g.doubleclick.net https://pixel.mathtag.com/event/ https://cx.atdmt.com https://www.facebook.com/tr https://bat.bing.com https://pixel.rubiconproject.com https://beleggingsinformatie.vanlanschot.nl https://*.cloudfront.net data: https://www.google.com https://www.google.nl https://www.google.be https://www.google.ch https://login.vanlanschot.com https://acc-login.vanlanschot.com;frame-src 'self' https://chat.vanlanschot.nl https://player.vimeo.com https://vars.hotjar.com https://www.google.com https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/' https://consentcdn.cookiebot.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com https://static.hotjar.com http://static.hotjar.com;connect-src 'self' https://chat.vanlanschot.nl http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://deploy.mopinion.com https://cacheorcheck.mopinion.com/survey/public/emoji;child-src 'self' https://vars.hotjar.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/api2 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com connect.facebook.net static.ads-twitter.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' www.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com https://www.google.nl https://googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.be www.googletagmanager.com i.ytimg.com img.youtube.com; media-src 'self'; frame-src 'self' www.google.nl https://www.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net www.youtube.com www.facebook.com player.vimeo.com; font-src 'self' https://themes.googleusercontent.com/static/fonts/opensans/ fonts.gstatic.com; connect-src 'self' https://www.facebook.com/tr/ stats.g.doubleclick.net www.google-analytics.com; report-uri /admin/config/system/seckit/csp-report 1
script-src 'self' 'unsafe-inline' https://www.dnc.org.nz 'unsafe-eval' https://www.dnc.org.nz; object-src 'self'; 1
script-src 'nonce-fqaMr8JHhvlt7YUHYuQRew' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
upgrade-insecure-requests;default-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; script-src 'nonce-eWaQ3Frt4ceZ/yQgGW85mLhOs7E=' 'unsafe-inline' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; img-src 'unsafe-inline' 'data:' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com; style-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com https://*.cardinalcommerce.com'unsafe-inline'; report-uri /event/csp-violation 1
default-src fonts.googleapis.com www2.summitholdings.com fonts.gstatic.com 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com maxcdn.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com; img-src test.summitholdings.com 'self' www.google-analytics.com www.summitholdings.com ajax.googleapis.com stats.g.doubleclick.net; style-src-elem fonts.googleapis.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com; script-src-elem 'self' www.google-analytics.com 'unsafe-inline' www.googletagmanager.com; style-src-attr 'unsafe-inline'; connect-src 'self'; form-action 'none'; frame-ancestors 'none'; report-uri https://summit.report-uri.com/r/d/csp/wizard 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.fnbsf.com connect.facebook.net www.youtube.com s.ytimg.com www.google-analytics.com www.googleadservices.com *.g.doubleclick.net www.google.com www.gstatic.com maps.googleapis.com js-agent.newrelic.com bam.nr-data.net *.cloudflare.com *.addthis.com *.addthisedge.com *.juicer.io; img-src 'self' data: *.fnbsf.com www.facebook.com www.google-analytics.com *.gstatic.com maps.googleapis.com www.google.com secure.gravatar.com *.juicer.io scontent.cdninstagram.com s.w.org *.g.doubleclick.net; child-src 'self' www.youtube.com bid.g.doubleclick.net www.google.com www.calcxml.com fnbsf.mortgagewebcenter.com *.addthis.com www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com *.juicer.io; connect-src 'self' *.fnbsf.com *.juicer.io *.g.doubleclick.net www.google.com www.facebook.com bam.nr-data.net; font-src 'self' *.fnbsf.com fonts.gstatic.com use.fontawesome.com *.juicer.io; report-uri /cspReport.php; 1
default-src https://www.liquidlight.co.uk; script-src https://www.liquidlight.co.uk https://www.google-analytics.com https://js.createsend1.com 'unsafe-inline'; connect-src https://www.liquidlight.co.uk https://search.gelo.co.uk; img-src https://www.liquidlight.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.gravatar.com https://i0.wp.com https://*.createsend1.com data:; frame-src https://www.liquidlight.co.uk https://www.youtube.com https://a.tiles.mapbox.com; style-src https://www.liquidlight.co.uk 'unsafe-inline'; report-uri https://www.liquidlight.co.uk/?eID=error 1
default-src https:; frame-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 1
block-all-mixed-content; report-uri https://sentry.io/api/48505/security/?sentry_key=871480a8630e44649bec7550ff43bd2f; connect-src 'self' buddlycrafts.zendesk.com ekr.zdassets.com fonts.googleapis.com fonts.gstatic.com sentry.io stats.g.doubleclick.net www.google-analytics.com; frame-src bid.g.doubleclick.net www.googletagmanager.com; img-src 'self' bdly.uk googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com www.google.co.us www.google.com www.google.com.us www.google.us www.googletagmanager.com; script-src bdly.uk browser.sentry-cdn.com googleads.g.doubleclick.net https://static.zdassets.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com; style-src 'unsafe-inline' bdly.uk fonts.googleapis.com 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/frenchpaper.com; 1
default-src 'self' https://*.google-analytics.com https://*.w.org https://*.youtube.com 'unsafe-inline' https://*.googleapis.com https://www.googletagmanager.com https://d3vyv7r1om3d5m.cloudfront.net https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://*.gstatic.com/; media-src 'self' https://d3vyv7r1om3d5m.cloudfront.net; report-uri https://webdigi.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' http://maxcdn.bootstrapcdn.com *.youtube-nocookie.com/embed/ https://fonts.gstatic.com/ widgets.trustedshops.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com https://maps.googleapis.com https://connect.facebook.net/ widgets.trustedshops.com https://bot.moin.ai/ https://dialog.botcast.ai/ https://code.jquery.com/jquery-1.10.2.min.js; connect-src 'self' https://www.google-analytics.com/ https://www.facebook.com/tr/ https://azure.botcast.ai/ wss://bot.moin.ai/primus https://stats.g.doubleclick.net; img-src 'self' data: *.admiraldirekt.de http://www.google-analytics.com https://www.google.com/ads/ https://www.google.de/ads/ https://stats.g.doubleclick.net https://*.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com/ https://media.botcast.ai/ https://scontent.xx.fbcdn.net/ https://external.xx.fbcdn.net/; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/ widgets.trustedshops.com; worker-src 'self'; font-src 'self' https://fonts.gstatic.com  widgets.trustedshops.com/fonts/; media-src 'self'; object-src 'self'; form-action 'self'; frame-ancestors 'none'; plugin-types application/pdf; sandbox allow-forms allow-scripts; report-uri /csp/CSPReporting 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.se ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.se *.spreadshirt.se ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.se ; font-src 'self' https: data: *.spreadshirt.se ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.se ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.se ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: wss:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
script-src https://embed.tawk.to/ https://maps.googleapis.com https://www.google.com/ https://www.gstatic.com https://ssl.google-analytics.com 'unsafe-inline' 'self' 'unsafe-eval'; report-uri https://crm.basenet.nl/servlets/logjavascripterror 1
script-src 'self' 'unsafe-inline' *.cloudfront.net js-agent.newrelic.com bam.nr-data.net platform.twitter.com cdn.syndication.twimg.com online.tableau.com maps.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: maps.googleapis.com maps.gstatic.com *.google-analytics.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://static.addtoany.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com https://*.google.com https://*.webspellchecker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com; media-src 'self' data: http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://stats.g.doubleclick.net; frame-src https://*.webspellchecker.net https://static.addtoany.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://maps.google.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://stats.addtoany.com https://stats.g.doubleclick.net https://www.google-analytics.com; report-uri /report-csp-violation 1
block-all-mixed-content; report-uri https://sentry.io/api/240559/csp-report/?sentry_key=88a08f84524d43a48004246638cd9c7f; img-src https: data:; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'self'; connect-src *; font-src 'unsafe-inline' 'unsafe-eval' *; frame-src https://js.stripe.com https://checkout.stripe.com https://app.hubspot.com; img-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; report-uri /lift/content-security-policy-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: chrome-extension: safari-extension: connect-src: about: frame-src:; report-uri /csp-report.php 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epixnow.com https://api.mixpanel.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; script-src 'self' 'unsafe-inline' blob: data: https://*.epixnow.com https://api.mixpanel.com/ https://www.google.com/ https://www.gstatic.com/ https://recaptcha.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://analytics.twitter.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://static.ads-twitter.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.krxd.net/ https://*.doubleclick.net/ https://cdn.polyfill.io/ https://cdnjs.cloudflare.com/ ; connect-src https://*.epixnow.com/ https://epixnow.com/ https://api.mixpanel.com/ https://stats.g.doubleclick.net/ https://sentry.io/ https://epixhlsxtrts-i.akamaihd.net ; img-src 'self' https://*.epixnow.com https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com.ar/ https://www.google.com.ua/ https://www.google.ro/ https://www.google.ae/ https://t.co/ https://www.facebook.com/ https://jslog.krxd.net/ https://beacon.krxd.net/ data: ; style-src 'self' 'unsafe-inline'; font-src data: https://*.epixnow.com/ https://epixnow.com/ ; frame-src https://9089879.fls.doubleclick.net/ https://cdn.krxd.net/ https://bid.g.doubleclick.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/1229739/security/?sentry_key=fc99f2d07f6e472681f711aa39fdfe3d&sentry_environment=prod 1
default-src https: blob:; connect-src https: wss:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; report-uri /csp-violation-endpoint/ 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://script.crazyegg.com https://*.youtube.com https://*.ytimg.com https://use.typekit.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.typekit.net; media-src 'self'; img-src 'self' data: https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.typekit.net https://*.ytimg.com; connect-src 'self' https://www.google-analytics.com https://performance.typekit.net; frame-src 'self' https://*.google.com https://*.vimeo.com https://*.youtube.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.typekit.net https://use.typekit.net; report-uri https://tokybd.report-uri.io/r/default/csp/enforce; 1
connect-src 'self' collect-eu-central-1.tealiumiq.com in.hotjar.com; font-src 'self'; frame-src 'self' d6tizftlrpuof.cloudfront.net directdoorgaan.nl gateway.zscaler.net gateway.zscloud.net login.zscaler.net player.vimeo.com sts-ot.asr.nl vars.hotjar.com www.asr.nl; img-src 'self' d6tizftlrpuof.cloudfront.net dev.visualwebsiteoptimizer.com gateway.zscaler.net gateway.zscloud.net w.usabilla.com www.facebook.com www.google-analytics.com www.google.com www.google.nl; style-src-elem www.asr.nl 'unsafe-inline' 'self'; manifest-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.asr.nl cdnjs.cloudflare.com connect.facebook.net d6tizftlrpuof.cloudfront.net dev.visualwebsiteoptimizer.com gateway.zscaler.net gateway.zscloud.net googleads.g.doubleclick.net plugins.companda.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.hotjar.com tags.tiqcdn.com visitor-service-eu-central-1.tealiumiq.com w.usabilla.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com; script-src 'unsafe-eval'; style-src-attr 'unsafe-inline'; report-uri https://0f9929fb5d40f13b36e790281de4df92.report-uri.com/r/d/csp/wizard 1
default-src 'self' maxcdn.bootstrapcdn.com; connect-src www.google-analytics.com stats.g.doubleclick.net login-prod.nlm.nih.gov auth.nih.gov; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com webfonts.zohostatic.com; img-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' www.google-analytics.com maxcdn.bootstrapcdn.com script.crazyegg.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: chrome-extension: safari-extension: connect-src: about: frame-src: ms-appx-web:; report-uri /csp-report.php 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' connect.facebook.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com widget.intercom.io js.intercomcdn.com wootric-eligibility.herokuapp.com d27j601g4x0gd5.cloudfront.net cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net googleads.g.doubleclick.net www.google.com www.google.dk www.google.co.uk cdn.headwayapp.co consentcdn.cookiebot.com consent.cookiebot.com static.hotjar.com script.hotjar.com www.redditstatic.com; report-uri https://elmahio.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ch ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ch *.spreadshirt.ch ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.ch ; font-src 'self' https: data: *.spreadshirt.ch ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ch ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ch ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://csp.rcahms.gov.uk/ncap-live; 1
frame-ancestors 'self' https://www.beanstream.com ;font-src 'self' https://fonts.gstatic.com https://webfonts.zohostatic.com https://static.ecorebates.com https://ajax.googleapis.com https://github.com data: ;base-uri 'self' ; object-src 'self' https://www.beanstream.com https://na.electroluxmedia.com  https://media.frigidaire.com; report-uri /CSP-report; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://assets.gravityscan.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.gravityscan.com https://www.google-analytics.com https://apis.google.com https://js.braintreegateway.com https://cdn.ravenjs.com; img-src 'self' data: https://assets.gravityscan.com https://www.google-analytics.com; font-src 'self' data: https://assets.gravityscan.com https://fonts.gstatic.com; frame-src https://accounts.google.com https://assets.braintreegateway.com https://checkout.paypal.com https://player.vimeo.com; connect-src 'self' https://wss.gravityscan.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://sentry.io; upgrade-insecure-requests; block-all-mixed-content; reflected-xss filter; report-uri https://wordfence.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self' duncker-humblot.de www.duncker-humblot.de captcha.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
default-src https: wss:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.turne.com.ua/api/csp 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/proarmor.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' analyse.elaon.de 1
default-src                  'self'                  data:                  blob:                  localhost:*                  ws://localhost:*                  https://bam.nr-data.net                 https://play.google.com                  https://*.googleapis.com                 https://*.facebook.net                  https://*.facebook.com                  http://*.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com                  https://*.gstatic.com                  https://mc.yandex.ru                  https://www.google.ru                 https://www.google.by                 https://www.google.kz                 https://www.google.nl                 https://www.google.fr                 https://www.google.es                 https://www.google.com.my                 https://www.google.com                 https://www.google-analytics.com                  https://stats.g.doubleclick.net                  https://www.youtube.com/                 https://use.fontawesome.com                 https://cdnjs.cloudflare.com                 https://educationerp.blob.core.windows.net                 http://storage.education-erp.com                 https://cdn.jsdelivr.net                 https://i.ytimg.com                 https://vk.com                 https://pp.userapi.com                 https://travel.fsjunior.com                 https://my.swim-kids.com                 https://my.fsjunior.com                 https://my.schoolballet.com                 https://my.ei-kids.com                 https://education-erp.com                 https://3dsec.sberbank.ru                 https://web.rbsuat.com                android-webview-video-poster                 blob;                             script-src                  'unsafe-inline'                  'unsafe-eval'                  'self'                  localhost:*                  https://js-agent.newrelic.com                  https://bam.nr-data.net                 https://*.googleapis.com                  *.facebook.net                  *.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com        https://vk.com/js/api/openapi.js          https://*.gstatic.com                  https://mc.yandex.ru                  https://www.google-analytics.com                  https://www.google.com/                  https://code.jquery.com                 https://cdn.jsdelivr.net                 https://cdnjs.cloudflare.com                 https://travel.fsjunior.com                 https://education-erp.com;             style-src                  'unsafe-inline'                  'self'                  https://bam.nr-data.net                 https://*.googleapis.com                  https://*.gstatic.com                  *.facebook.net                  *.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com                  https://mc.yandex.ru                  https://www.google-analytics.com                 https://use.fontawesome.com                 https://cdnjs.cloudflare.com                 https://cdn.jsdelivr.net                 https://education-erp.com;             report-uri                  https://education-erp.com/Administrator/ReportCsp 1
default-src 'self' https://www.gstatic.com *.enova.no *.enova.no/* api.enova.no localhost:* localhost:*/* www.youtube.com ssl.google-analytics.com https://www.google-analytics.com https://https//ssl.google-analytics.com https://stats.g.doubleclick.net gstatic.com www.gstatic.com https://search.atom.no https://siteimproveanalytics.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.enova.no *.enova.no/* https://www.google-analytics.com localhost:* csi.gstatic.com https://www.gstatic.com gstatic.com www.gstatic.com https://www.googletagmanager.com https://*.adform.net:* https://connect.facebook.net http://www.googletagmanager.com https://code.highcharts.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://track.adform.net http://www.google-analytics.com https://*.edialog24.com https://login.edialog24.com https://cdn.polyfill.io https://www.google.com www.youtube.com/ s.ytimg.com;object-src 'self' *;style-src 'self' 'unsafe-inline' https://www.gstatic.com fonts.googleapis.com https://*.adform.net:*;img-src 'self' * data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://ssl.gstatic.com;media-src 'self' *;frame-src 'self' *.doubleclick.net https://app.powerbi.com https://www.youtube.com https://www.facebook.com;font-src * data:;connect-src 'self' https://www.google-analytics.com *.enova.no localhost:* http://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com https://api.ducky.eco;base-uri 'self';child-src 'self' *;form-action 'self' *.enova.no localhost:* www.facebook.com;frame-ancestors 'self' www.enova.no *.enova.no localhost:* *.doubleclick.net/;plugin-types application/pdf;sandbox allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts;block-all-mixed-content;report-uri /WebResource.axd?cspReport=true 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.universaltraveller.com.au:*; frame-ancestors *.calypso.net.au *.universaltraveller.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; media-src 'self'; img-src 'self'; connect-src 'self' 'unsafe-inline'; report-uri https://www.biosciencewriters.com/CSP.aspx/CSPReport 1
default-src 'none'; child-src 'none'; connect-src 'self' https://edge.api.brightcove.com https://f1.media.brightcove.com https://knrpc.olark.com/nrpc/ https://secure.brightcove.com https://stats.addtoany.com/menu https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com/releases/ https://vjs.zencdn.net/; frame-src 'self' https://l3.evidon.com https://pfizergrv-eu-dev.janrainsso.com https://static.addtoany.com https://static.olark.com https://www.google.com/recaptcha/; img-src 'self' about: data: https://ad.doubleclick.net https://adservice.google.com https://brightcove.hs.llnwd.net https://c.evidon.com https://cdn.rawgit.com/ckeditor/ https://f1.media.brightcove.com https://l.betrad.com https://log.olark.com/jslog/ https://maps.gstatic.com https://metrics.brightcove.com https://pfizer.122.2o7.net https://pfizer.sc.omtrdc.net https://raw.githubusercontent.com/ckeditor/ https://s3.amazonaws.com/pfe_grv/ https://s3-eu-west-1.amazonaws.com/sfactorycorp/ https://www.google-analytics.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.googletagmanager.com https://www.gstatic.com; manifest-src 'self'; media-src blob: https://f1.media.brightcove.com https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/; script-src 'self' 'unsafe-inline' blob: https://api.olark.com https://assets.adobedtm.com https://ajax.googleapis.com https://bam.nr-data.net https://c.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://maps.googleapis.com https://players.brightcove.net https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_im/ https://static.addtoany.com https://static.olark.com https://vjs.zencdn.net https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://cdn.rawgit.com https://cdnjs.cloudflare.com https://fast.fonts.net https://ui.powerreviews.com https://www.google.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com fonts.googleapis.com https://cdn.rawgit.com https://cdnjs.cloudflare.com; worker-src 'self' blob:; report-uri https://pfeprod.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ph&source%5Bsection%5D=brochure&source%5Buuid%5D=c5f055221c81324bf3ab864de060417b 1
: default-src https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.archive-it.org archive-it.org *.qa-archive-it.org qa-archive-it.org archive.org *.archive.org https://*.archive-it.org https://archive-it.org https://*.qa-archive-it.org https://qa-archive-it.org https://archive.org https://*.archive.org data: blob: ; frame-src 'self' *.archive-it.org archive-it.org *.qa-archive-it.org qa-archive-it.org archive.org *.archive.org https://*.archive-it.org https://archive-it.org https://*.qa-archive-it.org https://qa-archive-it.org https://archive.org https://*.archive.org ; report-uri https://partner.archive-it.org/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/css;img-src 'self' https://www.google-analytics.com/r/collect; font-src 'self' https://fonts.gstatic.com; report-uri https://multimediasolutions.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'nonce-899c35ca-9f36-4424-9c1f-2ab42f2742a8' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src https: 'unsafe-eval' 'unsafe-inline';         font-src https: data:;         img-src https: data:;         report-uri https://gaa.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=ffb472c880b7226ca6d338044f3d7f1d 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://basinelectric.report-uri.com/r/d/csp/wizard 1
object-src self; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.segment.com https://www.googletagmanager.com https://www.youtube.com https://bam.nr-data.net https://cdn.mxpnl.com https://ajax.cloudflare.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://s.ytimg.com https://connect.facebook.net https://js-agent.newrelic.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://*.addthis.com https://m.addthisedge.com https://betterment-prod-cdn.s3.amazonaws.com https://static.ads-twitter.com https://www.googleadservices.com https://static.zdassets.com https://assets.zendesk.com https://cdnjs.cloudflare.com https://cdn.mathjax.org https://collector-2087.tvsquared.com;; block-all-mixed-content; report-uri /_/csp-reports 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1
report-uri https://sentry.io/api/1318134/security/?sentry_key=180a5bb8e9f14da280c79e29fca852e9 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mtmo.wordops.eu/mtmo.js; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io https://netdata.wordops.eu https://mtmo.wordops.eu https://www.gstatic.com; font-src 'self' data:; media-src 'self'; object-src 'none'; prefetch-src 'self' wordops.net ga.vtbox.net; child-src 'none'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self'; report-uri https://virtubox.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.oktacdn.com realogy.okta.com; connect-src 'self' *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com *.authenticatorlocalprod.com:* *.authenticatorlocaldev.com:* realogy.okta.com realogy-admin.okta.com https://oinmanager.okta.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.oktacdn.com; style-src 'unsafe-inline' 'self' *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' login.okta.com; img-src 'self' *.oktacdn.com realogy.okta.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data:; font-src data: 'self' *.oktacdn.com; report-uri https://okta.report-uri.com/r/d/csp/reportOnly; report-to csp-report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.verasafe.com *.hsforms.net  *.hsforms.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.cloudfront.net *.hsforms.com; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1
default-src 'self' https://www.elend.com; connect-src 'self' https://*.cloudfront.net https://*.elend.com https://*.mktoresp.com https://gamewoozy.com https://services.myloancenter.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.elend.com; font-src 'self' data: https://fonts.gstatic.com https://www.elend.com; frame-src https://app-ab01.marketo.com https://connect.facebook.net https://insight.adsrvr.org https://match.adsrvr.org https://www.facebook.com https://www.googletagmanager.com; child-src https://app-ab01.marketo.com https://connect.facebook.net https://insight.adsrvr.org https://match.adsrvr.org https://www.facebook.com https://www.googletagmanager.com; img-src 'self' data: https://*.cloudfront.net https://*.g.doubleclick.net https://*.msecnd.net https://analytics.twitter.com https://beacon.krxd.net http://dev-elend.pantheonsite.io https://dpm.demdex.net https://ib.adnxs.com https://idsync.rlcdn.com https://ih.adscale.de https://image2.pubmatic.com http://info.elend.com https://load77.exelator.com https://loadus.exelator.com https://maps.googleapis.com https://maps.gstatic.com https://match.adsrvr.org https://pix.btrll.com https://pixel.rubiconproject.com https://pixel.tapad.com https://pm.w55c.net https://secure.gravatar.com https://stags.bluekai.com https://stats.g.doubleclick.net https://sync.adap.tv https://sync.adaptv.advertising.com https://sync.rhythmxchange.com https://sync.search.spotxchange.com https://tags.bluekai.com https://tags.w55c.net https://us-u.openx.net https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.co.in https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.com.ph https://www.google.dk https://www.googletagmanager.com https://x.bidswitch.net https://www.elend.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.marketo.com https://*.ytimg.com https://bam.nr-data.net https://connect.facebook.net https://js-agent.newrelic.com https://js.adsrvr.org https://maps.googleapis.com https://match.prod.bidr.io https://munchkin.marketo.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.elend.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.marketo.com https://www.elend.com; report-uri https://www.elend.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=ccb26500c3 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/waterousco.com; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: http://img.chaos-online.ru http://static-cdn.jtvnw.net http://www.twitch.tv; font-src https: data:; report-uri /csp-report 1
child-src 'self' blob:; connect-src 'self' http://*.doctena.com http://*.doctena.de https://*.doctena.com https://*.doctena.de https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.mapbox.com https://*.tiles.mapbox.com wss://*.doctena.de; default-src 'self'; font-src 'self' data: http://*.doctena.com http://*.doctena.de http://*.gstatic.com https://*.doctena.com https://*.doctena.de https://*.gstatic.com wss://*.doctena.de; frame-src 'self' http://*.doctena.de https://*.doctena.de https://*.google.com https://*.googletagmanager.com wss://*.doctena.de; img-src 'self' blob: data: http://*.doctena.com http://*.doctena.de http://*.gstatic.com https://*.cloudinary.com https://*.doctena.com https://*.doctena.de https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.at https://*.google.ba https://*.google.be https://*.google.bj https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.in https://*.google.co.ma https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.br https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.hk https://*.google.com.kw https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hu https://*.google.ie https://*.google.it https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.se https://*.google.sk https://*.google.tn https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com wss://*.doctena.de; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.doctena.com http://*.doctena.de http://*.gstatic.com https://*.cloudflare.com https://*.doctena.com https://*.doctena.de https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.open-dog.com wss://*.doctena.de; style-src 'self' 'unsafe-inline' http://*.doctena.com http://*.doctena.de https://*.doctena.com https://*.doctena.de https://*.googleapis.com wss://*.doctena.de; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_a3268b54df024cbc8a41867852e683b2 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://apis.google.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com https://google-analytics.com https://t.womtp.com https://api.ipify.org https://maps.googleapis.com https://www.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com https://stats.g.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ad.doubleclick.net https://ads.profilemkt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com; img-src 'self' data: *.azureedge.net https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://cdnpcomercialsolvia.azureedge.net https://www.google.com https://www.google.es https://sb.scorecardresearch.com *.g.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://in.hotjar.com *.cdnwebcloud.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; report-uri https://69b2b976c6287d70a018dda40c4a3fca.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' www.google-analytics.com www.googletagmanager.com *.formitable.com www.w3.org connect.facebook.net *.facebook.com secure-hotel-tracker.com player.vimeo.com www.youtube.com js-agent.newrelic.com bam.nr-data.net *.cookiebot.com  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.loyaltyinabox.com https://iframeshop.chipta.com 'unsafe-eval' data:; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' www.facebook.com www.google-analytics.com www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net https://www.gstatic.com https://secure.gravatar.com data:; style-src 'self' https://optimize.google.com https://fonts.googleapis.com *.formitable.com https://secure.gravatar.com/ 'unsafe-inline' data:; connect-src 'self' https://www.facebook.com *.formitable.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net www.google-analytics.com; frame-src 'self' www.google-analytics.com www.googletagmanager.com *.formitable.com https://*.youtube.com www.w3.org connect.facebook.net *.facebook.com secure-hotel-tracker.com player.vimeo.com www.youtube.com js-agent.newrelic.com bam.nr-data.net *.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.loyaltyinabox.com https://iframeshop.chipta.com 'unsafe-eval' data:; frame-ancestors: self https://*.volkshotel.nl; base-uri: 'self'; form-action: 'self'; report-uri https://volkshotel0.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' pr.prchecker.info www.zip.dk zipstat.dk; style-src 'self' 'unsafe-inline'; script-src 'self' www.zip.dk www.zipstat.dk 'unsafe-inline'; upgrade-insecure-requests; report-uri https://tryl.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: https://*.hotjar.com:* https://*.hotjar.io 'unsafe-eval'; base-uri 'none'; connect-src 'self' https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://*.hotjar.com; font-src https: data:; frame-src https://bid.g.doubleclick.net https://www.youtube.com https://codepen.io http://codepen.io https://www.facebook.com https://staticxx.facebook.com/ https://platform.twitter.com/ https://www.google.com/recaptcha/ https://intercom-sheets.com https://js.intercomcdn.com https://*.hotjar.com:* https://*.hotjar.io; img-src 'self' https: http: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' https://*.hotjar.com https://*.hotjar.io 'nonce-9VKuFQ8QlikMjtAg3aUEfEVIfBGQdvoJYBu4b7vSp6Q='; style-src 'self' https: 'unsafe-inline'; report-uri https://formkeep.com/f/fda9843107fc 1
default-src 'self' vars.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org static.cloud.coveo.com stats.g.doubleclick.net tdn.r42tag.com www.averoachmea.nl www.google-analytics.com connect.facebook.net *.usabilla.com www.googleadservices.com avero.speed-trap.nl googleads.g.doubleclick.net imp2.nowinteract.com api.usabilla.com cba-acct.svc.onmarc.nl static.hotjar.com script.hotjar.com d6tizftlrpuof.cloudfront.net ajax.googleapis.com bat.bing.com admin.relay42.com cse.google.com www.google.com a.svtrd.com  onmarc.nl snap.licdn.com px.ads.linkedin.com linkedin.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com static.cloud.coveo.com;img-src data: 'self' img.youtube.com t.svtrd.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.nl www.google.com d6tizftlrpuof.cloudfront.net avero.speed-trap.nl *.usabilla.com cm.g.doubleclick.net a.svtrd.com n01d05.cumulus-cloud.com tdn.r42tag.com admin.relay42.com bat.bing.com www.googleapis.com clients1.google.com avr.imgix.net;font-src 'self' fonts.gstatic.com;connect-src 'self' *.hotjar.com cm.g.doubleclick.net connect.facebook.net googleads.g.doubleclick.net stats.g.doubleclick.net;media-src 'self' ;object-src 'self' ;child-src 'self' youtube.com 6162542.fls.doubleclick.net t.svtrd.com *.hotjar.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com;form-action 'self' t.svtrd.com *.averoachmeaonline.nl;block-all-mixed-content;report-uri https://c0918c210d42424be54e906e71357ca7.report-uri.io/r/default/csp/enforce; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://myopfwsstaftavrgb007rwpl.httpschecker.net/report 1
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 1
script-src 'nonce-qqpkesjAzwrVikoJfK5Reg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://heinlein-support.de/piwik/; style-src 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-inline' https://heinlein-support.de/upload/ http://www.heinlein-support.de/; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com/; font-src 'self'; connect-src 'self'; object-src 'self'; form-action 'self'; base-uri 'none' 1
default-src 'self' 2l9u8tyqi4-flywheel.netdna-ssl.com; script-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com google-analytics.com www.google-analytics.com google.com www.google.com www.gstatic.com gstatic.com static.addtoany.com fast.wistia.net fast.wistia.com; style-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com stats.g.doubleclick.net google-analytics.com www.google-analytics.com embedwistia-a.akamaihd.net fast.wistia.net; font-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io distillery.wistia.com; media-src * 'self' https://www.essvote.com; frame-src 'self' www.google.com google.com fast.wistia.net; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' web-in21.mxradon.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net cdnjs.cloudflare.com js.zohostatic.com salesiq.zoho.com maxcdn.bootstrapcdn.com googleads.g.doubleclick.net px.ads.linkedin.com api.tiles.mapbox.com; style-src 'self' 'unsafe-inline' css.zohostatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: blob: img.zohostatic.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.co.in; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' api.locus.sh wss://vts.zohopublic.com api.mapbox.com *.tiles.mapbox.com; media-src 'self' ; frame-src salesiq.zohopublic.com; worker-src 'self' blob: ; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: s.ytimg.com www.youtube.com www.googletagmanager.com www.google-analytics.com cdn.mouseflow.com static.hotjar.com connect.facebook.net script.hotjar.com js-agent.newrelic.com bam.nr-data.net www.google.com www.gstatic.com f24.org maps.googleapis.com ssp.deepmap.de cdnjs.cloudflare.com cdn.rawgit.com *.mapsindoors.com; connect-src 'self' insights.hotjar.com stats.g.doubleclick.net www.bing.com www.google-analytics.com ws://www.olma-messen.ch o2.mouseflow.com *.facebook.com *.mapsindoors.com; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.mapsindoors.com; font-src 'self' data: fonts.gstatic.com; object-src 'self'; worker-src www.google.com; frame-ancestors 'self'; frame-src 'self' data: www.youtube.com vars.hotjar.com www.facebook.com www.google.com curationwall.com connect.facebook.net www.googletagmanager.com clients.mapsindoors.com; base-uri 'self'; form-action 'self' www.facebook.com connect.facebook.net; manifest-src 'self'; media-src 'self'; report-uri https://unic.report-uri.com/r/d/csp/reportOnly; report-to cspro; 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl https://public.tableau.com https://popcard.unibuddy.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://try.abtasty.com https://dcinfos.abtasty.com f1-eu.readspeaker.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://f1-eu.readspeaker.com https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; report-uri https://www.ihs.nl/en/report-uri/reportOnly 1
default-src 'self'; style-src 'unsafe-inline' https://*.esetstatic.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.en25.com https://s.ytimg.com https://cdn1.esetstatic.com https://assets.esetstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://script.hotjar.com https://connect.facebook.net https://www.youtube.com https://maps.googleapis.com; img-src 'self' https://cookieconsent.eset.com https://ssitecat.eset.com https://cdn1.esetstatic.com https://www.google-analytics.com https://*.gstatic.com https://www.facebook.com https://dpm.demdex.net *.eloqua.com https://cm.everesttech.net https://www.googletagmanager.com https://maps.googleapis.com; frame-src https://www.google.com https://www.youtube.com https://int.form.eset.com https://vars.hotjar.com https://eset.demdex.net https://www.opinionstage.com; font-src 'self' https://cdn1.esetstatic.com https://fonts.gstatic.com; connect-src 'self' https://cookieconsent.eset.com https://api.eset.com https://dpm.demdex.net https://in.hotjar.com wss://*.hotjar.com https://*.pingdom.net https://www.google-analytics.com; report-uri https://eset.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' * 'unsafe-inline'; font-src 'self' fonts.gstatic.com use.fontawesome.com cdnjs.cloudflare.com fonts.googleapis.com  data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googletagmanager.com www.google.com *.gstatic.com www.google-analytics.com deedi-search.clients.squiz.net cdn.datatables.net  s.ytimg.com www.youtube.com  ; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net ; report-uri  https://csp.itp.qld.gov.au/api/report; 1
script-src 'nonce-89kbjHGlmrhlTa03JQvq4g' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; script-src 'self' 'sha256-E1CX85wHvWF/y6s82yeROOKvv7fg4U4BvTUmJJfi1A0=' 'sha256-dCgNNQbz7M56gjHacv0oyAA8QnEVO4bf0ryRNA7zO0E=' 'sha256-IZEZH7e/zlP3IUYvwXhRUYhd0fVH6D/aL6RZP2VYIv8=' 'sha256-ad/ucyxjjVdQMlQYYnGcLVbrOD19/jHD/inyecFiz9I=' 'sha256-UuBlltmn7Djcq4b1tw5To9AJk4IndFxmzUs2+YHpcSo=' 'sha256-EPMv0D/5R2ttb97miDjAzOyGo3tbbaTJIWqf5Ido02U=' 'sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=' 'sha256-WE8Bzn8LS+cG0zAPMZrSrmKfpDOl/hXnmXethBQckXQ=' 'nonce-y0qr59jviq' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://boards.greenhouse.io/ https://player.vimeo.com/; style-src 'unsafe-inline' 'self' https://fonts.google.com/ https://netdna.bootstrapcdn.com/ https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/ https://netdna.bootstrapcdn.com/; img-src 'self' https://www.google-analytics.com/ https://secure.gravatar.com/; connect-src https://api.greenhouse.io/; frame-src https://boards.greenhouse.io/ https://player.vimeo.com/ 1
default-src 'self'; script-src 'self' 'report-sample' 'nonce-8pll3IhVI-DLxwL8hfIetw==' https://www.google-analytics.com; connect-src 'self' https://*.evemarketer.com https://esi.tech.ccp.is https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://imageserver.eveonline.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; report-uri https://report-uri.appspot.com/987196350443556864?ro=1 1
default-src * 'unsafe-eval' 'unsafe-inline' 'self' blob:; font-src 'self' https://vjs.zencdn.net data:; img-src * data:; media-src 'self' https://vjs.zencdn.net https://*.brightcove.com blob:; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self'; report-uri /ContentSecurityPolicy/Report 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://www.gstatic.com https://connect.facebook.net https://*.ekomi.com https://googleads.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://ssl.google-analytics.com https://i.ytimg.com https://i.imgur.com https://www.googletagmanager.com https://www.google.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.youtube.com https://*.facebook.com; object-src 'none'; connect-src 'self' https://*.algolianet.com https://*.algolia.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net http://*.google-analytics.com; report-uri /cors; 1
default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com *.googleapis.com sync.ecal.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://*.ytimg.com *.db-app.de https://www.google.com *.googleapis.com *.google.com integration.hotelmap.com googleads.g.doubleclick.net https://www.hotelmap.com https://hotelmap.com https://www.googleadservices.com *.facebook.net https://www.linkedin.com https://px.ads.linkedin.com https://sync.ecal.com/; style-src 'self' data: 'unsafe-inline' fast.fonts.net hotelmap.com translate.googleapis.com; img-src 'self' data: reedexpo-service.com https://www.barconvent.com *.db-app.de *.googletagmanager.com *.googleapis.com *.google-analytics.com https://*.ytimg.com https://www.google.de https://www.google.com https://www.google.at stats.g.doubleclick.net *.cloudfront.net integration.hotelmap.com hotelmap.com https://i.travelapi.com https://www.hotelmap.com https://sync.ecal.com https://www.facebook.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com stats.g.doubleclick.net *.googleapis.com connect.facebook.net https://www.facebook.com; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com https://www.google.com reedexpo-service.com *.google.com https://www.hotelmap.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://sync.ecal.com https://rxosc.messe.at; frame-ancestors 'self' data:; report-uri https://www.composites-europe.com/?ajax=csp:log 1
report-uri https://44481d4b4b55ba9f3c6f633aa6a0c151.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.trentino.com css.trentino.com www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
default-src self; report-uri //report-csp-violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' *.yandex.ru; style-src https: 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src https: data: fonts.googleapis.com; frame-src https: www.youtube.com; report-uri /csp-report 1
default-src 'none'; script-src 'self' https://www.google-analytics.com 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=bonusweb&d=2019-12-09 1
default-src *.addthis.com,*.google-analytics.com,*.googleapis.com; report-uri /admin/settings/seckit/csp-report 1
connect-src * 'self'; style-src * 'unsafe-inline'; default-src * gap://ready file: 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * file: gap: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; report-uri /csp/report/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fpartners&source%5Buuid%5D=b9535665d2d8bac2711dbdc00c3f3ad4 1
base-uri 'self' vc.hotjar.io; upgrade-insecure-requests; connect-src bam.nr-data.net *.inside-graph.com *.hotjar.com wss://au-live.inside-graph.com *.hotjar.io *.google.com.au *.googleadservics.com *.doubleclick.net 'self' *.facebook.com *.typekit.net l.sharethis.com sumo.com front.optimonk.com; form-action 'self'; font-src 'unsafe-inline' data: 'self' *.typekit.net *.inside-graph.com script.hotjar.com fonts.gstatic.com; img-src * 'self' data:; frame-src 'self' merchants.paycorp.com.au *.gopsjump.com.au *.cohortdigital.com.au *.go2jump.org *.clickmeter.com *.google.com vars.hotjar.com *.facebook.com *.fls.doubleclick.net *.inside-graph.com optimize.google.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' *.inside-graph.com  optimize.google.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.inside-graph.com; script-src 'unsafe-inline' *.inside-graph.com bat.bing.com bam.nr-data.net connect.facebook.net *.doubleclick.net js-agent.newrelic.com s.ytimg.com *.hotjar.com use.typekit.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com; script-src-elem 'self' 'unsafe-inline' bam.nr-data.net js-agent.newrelic.com cdnjs.cloudflare.com use.typekit.net bat.bing.com *.youtube.com *.gstatic.com *.google.com s.ytimg.com *.inside-graph.com bat.bing.cm *.doubleclick.net connect.facebook.net *.hotjar.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com; default-src 'self' api.productreview.com.au *.inside-graph.com bam.nr-data.net fonts.gstatic.com; report-uri https://clickenergy.report-uri.com/r/d/csp/wizard 1
report-uri /algemeen/report_CSP_error.php; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' *.yandex.ru 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://soaps.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinsidr.com cloudinsidr.com *.digitalmastersmag.com digitalmastersmag.com *.google-analytics.com https://sync.sharethis.com https://apis.google.com https://accounts.google.com https://cdn.heapanalytics.com load.sumome.com https://sumome.com https://sumome-140a.kxcdn.com https://sumo.com https://js.stripe.com https://gc.kis.scr.kaspersky-labs.com https://platform.twitter.com https://connect.facebook.net https://api.facebook.com https://graph.facebook.com https://widgets.pinterest.com https://buttons.reddit.com https://www.linkedin.com https://www.yummly.com https://api.bufferapp.com https://affiliate.thesslstore.com https://ad.linksynergy.com https://contextual.media.net http://contextual.media.net https://srvjsr.media.net https://cdn.inspectlet.com https://lg1.media.net https://srvjsre.media.net z-na.amazon-adsystem.com https://digital-masters-magazine.disqus.com https://cloudinsidr-com.disqus.com https://c.disquscdn.com https://disqus.com https://fast.wistia.net https://mstat.acestream.net https://links.services.disqus.com https://gateway.zscalertwo.net http://cdn.inspectlet.com https://m59.prod2016.com; img-src 'self' data: https://sumome-140a.kxcdn.com *.cloudinsidr.com cloudinsidr.com *.digitalmastersmag.com digitalmastersmag.com https://s.w.org https://load.sumo.com https://sumome.com https://sumo.com https://media.sumo.com https://sumome-media.s3.amazonaws.com https://micro.sumo.com https://www.gravatar.com https://secure.gravatar.com https://www.gstatic.com https://q.stripe.com https://www.facebook.com https://syndication.twitter.com https://dashboard.zopim.com https://affiliate.thesslstore.com *.amazon-adsystem.com https://images-na.ssl-images-amazon.com *.google-analytics.com https://stats.g.doubleclick.net ad.linksynergy.com https://mproxy.banner.linksynergy.com https://impus.tradedoubler.com https://vht.tradedoubler.com https://qsearch-a.akamaihd.net https://c.adyield.co https://c.ad-srv.co https://srvjsr.media.net https://contextual.media.net https://lg1.media.net https://s.mnet-ad.net https://referrer.disqus.com https://c.disquscdn.com https://disqus.com https://links.services.disqus.com https://code.jquery.com https://cdn.viglink.com https://i1.wp.com https://heapanalytics.com https://hn.inspectlet.com https://bcp.crwdcntrl.net https://ps.w.org https://gateway.zscalertwo.net https://www.a4c.com https://microsumo-140a.kxcdn.com https://sync.sharethis.com https://easyid.scansafe.net; style-src 'self' 'unsafe-inline' data: *.cloudinsidr.com *.digitalmastersmag.com https://fonts.googleapis.com https://sumome-140a.kxcdn.com https://sumo.com load.sumome.com https://code.jquery.com https://c.disquscdn.com https://disqus.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://sumome-140a.kxcdn.com https://contextual.media.net https://sxt.cdn.skype.com https://maxcdn.bootstrapcdn.com; form-action 'self'; connect-src 'self' wss://www.digitalmastersmag.com wss://www.cloudinsidr.com https://apis.google.com https://www.google-analytics.com https://sumome.com https://sumo.com https://sumome-140a.kxcdn.com https://clients6.google.com https://code.jquery.com https://hn.inspectlet.com https://yoast.com https://links.services.disqus.com wss://ws.inspectlet.com https://stats.g.doubleclick.net https://cr-input.mxpnl.net; frame-src 'self' https://apis.google.com https://accounts.google.com https://js.stripe.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://impus.tradedoubler.com https://ad.linksynergy.com https://affiliate.thesslstore.com http://affiliate.thesslstore.com https://contextual.media.net https://sumo.com https://c.disquscdn.com https://disqus.com https://fast.wistia.net https://static.media.net; object-src 'self'; report-uri https://f454b82e7d32b8566fe5e2c5adce5e2e.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' *.googleapis.com *.cloudflare.com *.typekit.net *.amazonaws.com *.google.com *.gstatic.com *.oniqa.com *.onenorth.com *.gibbonslaw.com *.googletagmanager.com *.google-analytics.com 1
default-src 'self'; connect-src 'self' https://usc-srt-wapp01.prls.net https://usc-skb.prls.net https://forum.parallels.com; img-src 'self' https://www.google-analytics.com https://static.myparallels.com https://www.parallels.com data:; font-src 'self' https://static.myparallels.com; frame-src 'self' https://chat.parallels.com https://usc-skb.prls.net; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://appleid.cdn-apple.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri https://my.myparallels.com/csp_report 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=labuznik 1
script-src 'self' 'unsafe-inline' *.netdna-ssl.com https://www.google-analytics.com *.googletagmanager.com connect.facebook.net load.sumo.com *.bufferapp.com *.facebook.com *.linkedin.com *.pinterest.com *.reddit.com; style-src 'self' 'unsafe-inline' *.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: *.netdna-ssl.com https://www.google-analytics.com *.facebook.com clubscash.com kasidie.com *.ytimg.com *.sumo.com 1
default-src 'self'; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google-analytics.com https://performance.typekit.net; font-src 'self' https://wp-static.assets.sh https://use.typekit.net; frame-src 'self' https://www.googletagmanager.com https://player.vimeo.com; img-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.be https://www.google.com https://p.typekit.net data: https://hugoandmarie-wp.imgix.net; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net; script-src 'self' 'unsafe-inline' https://cdn.polyfill.io https://wp-static.assets.sh https://www.google-analytics.com https://www.googletagmanager.com https://use.typekit.net https://s3.amazonaws.com https://s3.amazonaws.com/downloads.mailchimp.com/js/; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://use.typekit.net https://p.typekit.net; worker-src 'self' https://wp-static.assets.sh; frame-ancestors 'none'; form-action 'self' https://hugoandmarie.us12.list-manage.com; report-uri https://mrhenry.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ie ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ie *.spreadshirt.ie ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.ie ; font-src 'self' https: data: *.spreadshirt.ie ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ie ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ie ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bpoint.com.au/webapi/v2/txns/processiframetxn/ https://www.bpoint.com.au; frame-src 'self' 'unsafe-inline' https://www.bpoint.com.au/ https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/; img-src 'self' https://www.google-analytics.com/ https://6178240.global.siteimproveanalytics.io https://stats.g.doubleclick.net/r/collect; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://siteimproveanalytics.com/js/siteanalyze_6178240.js https://cdn.rawgit.com https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.rawgit.com https://cdnjs.cloudflare.com; report-uri https://www.nhvr.gov.au/report-uri/reportOnly 1
script-src 'nonce-YZE9x_kNg4cwcR2MxtZ77Q' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' images.masterlogin.de; media-src 'none'; frame-src 'none'; connect-src *; report-uri /violation.php 1
default-src https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' evidon.com betrad.com https://fonts.googleapis.com; font-src data: 'self' https://fonts.gstatic.com; form-action 'self'; upgrade-insecure-requests 1
default-src 'none'; font-src 'self'; img-src * 'self' secure.gravatar.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/webfont/ www.google-analytics.com; connect-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net https://www.google-analytics.com https://*.libertexgroup.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com; img-src * data:; font-src 'self' https://*.typekit.net http://fonts.gstatic.com; connect-src 'self'  https://*.typekit.net https://*.libertexgroup.com; report-uri /report-csp-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src 'self' data: fonts.gstatic.com; report-uri https://puplookup.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; frame-src https://rivm.nl/ https://*.rivm.nl/; frame-ancestors https://rivm.nl/ https://*.rivm.nl/; child-src https://rivm.nl/ https://*.rivm.nl/; report-uri //report-csp-violation 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://www.google.com cdnjs.cloudflare.com code.highcharts.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; report-uri https://www.haigekassa.ee/report-uri/reportOnly 1
default-src 'self'; script-src * 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src *; media-src *; frame-src youtube.com, vimeo.com; frame-ancestors papowerswitch.com; child-src youtube.com, vimeo.com; font-src *; report-uri /report-csp-violation 1
default-src https: 1
frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 1
default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'  data:;style-src  'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com;frame-src *.youtube.com app.readspeaker.com  rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 1
default-src 'self' 'nonce-nhskplwxmjnnmkxxewgwklgndolalcpjsnsgjrsb' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=entertainment&region=US&lang=en-US&device=desktop&yrid=asd0c9deurm14&partner=; 1
default-src 'self' https://www.google-analytics.com www.google-analytics.com ajax.googleapis.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri /csp.php; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com code.jquery.com ajax.googleapis.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com storage.googleapis.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com maps.googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net snap.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com translate.googleapis.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net static.ads-twitter.com analytics.twitter.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; font-src 'self' data: use.typekit.net *.typekit.net fonts.gstatic.com fonts.googleapis.com storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io www.google-analytics.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.google.fi www.google.dk maps.googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com translate.google.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com tagmanager.google.com ssl.gstatic.com translate.googleapis.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com commondatastorage.googleapis.com i.ytimg.com dl.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com t.co *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com performance.typekit.net api.siteattention.com www.google-analytics.com stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com tagmanager.google.com restdev.siteattention.com *.mktoresp.com events.mapbox.com wss://www.upmraflatac.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com dl.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com player.youku.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tagmanager.google.com go.upmraflatac.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi; report-uri https://upmcms.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://translate.google.com https://translate.googleapis.com https://bat.bing.com https://m.addthis.com https://widget.intercom.io  https://app.intercom.io https://js.intercomcdn.com https://platform-api.sharethis.com https://m.addthisedge.com https://buttons-config.sharethis.com https://s7.addthis.com https://inlinemanual.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://code.jquery.com https://cdn.syndication.twimg.com https://stackpath.bootstrapcdn.com; style-src-elem * 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://translate.googleapis.com https://translate.googleapis.com/* https://translate.google.com https://platform-api.sharethis.com https://widget.intercom.io https://code.jquery.com https://js.intercomcdn.com https://connect.facebook.net; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://platform.twitter.com https://ton.twimg.com; connect-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://twitter.com https://firebasestorage.googleapis.com https://staticxx.facebook.com https://www.facebook.com https://c.sharethis.mgr.consensu.org https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com; object-src 'none'; media-src * 'unsafe-inline'; report-uri api/v1/public/reports 1
default-src 'self'; script-src 'self' 'unsafe-inline' asset; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com/; report-uri //joinpage.webbilling.com/logservice.php 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=e7ed7191b9b84693d5d8f98495957419 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://optykrozmus.report-uri.com/r/d/csp/reportOnly; 1
default-src     'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.googleadservices.com  *.trengo.eu *.google-analytics.com;            font-src        'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.gstatic.com *.cloudflare.com *.bootstrapcdn.com data:;            form-action     'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.facebook.com *.facebook.net;            connect-src     'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.adcalls.nl *.hotjar.com *.hotjar.io *.google-analytics.com *.doubleclick.net *.trengo.eu *.facebook.com *.thuiswinkel-cdn.org;            frame-src       'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.hotjar.com *.facebook.com *.facebook.net *.google.com *.vimeo.com *.youtube.com *.ardanta.nl;            frame-ancestors 'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.ardanta.nl *.trengo.eu;            script-src      'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl *.adcalls.nl *.google.com *.facebook.net *.thuiswinkel-cdn.org *.googletagmanager.com *.hotjar.com *.googleadservices.com  *.google-analytics.com *.doubleclick.net *.bing.com *.hotjar.io *.gstatic.com *.adcrowd.com *.duckduckgo.com 'unsafe-inline' *.jsdelivr.net *.ardanta.nl *.thuiswinkel.org;            img-src *       'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl data: https:;            style-src       'self' *.diks.nl *.geennee.nl *.tijdelijke-autoverzekering.nl *.brommerverzekering.nl *.eendagskenteken.nl 'unsafe-inline' *.googleapis.com *.jsdelivr.net *.thuiswinkel-cdn.org;            report-uri /content_security_policy_rapport.php; 1
block-all-mixed-content; report-uri https://aaac.report-uri.io/r/default/csp/reportOnly; 1
default-src 'unsafe-inline' 'self' www.informatiweb.net us.informatiweb.net www.informatiweb-pro.net us.informatiweb-pro.net *.doubleclick.net www.google-analytics.com fonts.googleapis.com *.gstatic.com static.digidip.net informatiweb.digidip.net pagead2.googlesyndication.com connect.facebook.net *.twitter.com *.google.com *.google.be *.facebook.com *.disqus.com *.disquscdn.com disqus.com googletagservices.com 1
default-src 'self' junfermann.de www.junfermann.de captcha.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://fonts.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://www.blickinsbuch.de https://appjs.blickinsbuch.de https://www.instagram.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
default-src 'self';script-src 'self' 'nonce-ndnoB7ArnUcmTlox6uAS' *.jquery.com *.google.com *.youtube.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cloudflare.com unpkg.com *.sharethis.com *.ytimg.com;style-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net via.placeholder.com *.sharethis.com data: waspshubmedia.blob.core.windows.net;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com;font-src 'self' *.gstatic.com data:;connect-src 'self' query.yahooapis.com *.sharethis.mgr.consensu.org *.pingdom.net *.sharethis.com 1
default-src 'none'; style-src 'unsafe-inline' *.hl-inside.ru platform.twitter.com ton.twimg.com; img-src data: *.hl-inside.ru pbs.twimg.com abs.twimg.com syndication.twitter.com platform.twitter.com ton.twimg.com mc.yandex.ru img.youtube.com site.yandex.net i.ytimg.com i1.ytimg.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com vk.com steamcdn-a.akamaihd.net mc.webvisor.com mc.webvisor.org ymetrica.com mc.yandex.ua mc.yandex.ru ymetrica1.com googletagmanager.com; script-src 'nonce-hs0jwM9nCFrXPiFOEgrmtg==' *.hl-inside.ru platform.twitter.com cdn.syndication.twimg.com mc.yandex.ru graph.facebook.com vk.com login.vk.com site.yandex.net c-cdn.coub.com yastatic.net sitesearch-suggest.yandex.ru www.google-analytics.com d31j93rd8oukbv.cloudfront.net mc.webvisor.com mc.webvisor.org cdn.jsdelivr.net; frame-src syndication.twitter.com platform.twitter.com store.steampowered.com w.soundcloud.com orphus.ru archive.org coub.com www.youtube.com vk.com docs.google.com gfycat.com; frame-ancestors 'self'; connect-src *.hl-inside.ru mc.yandex.ru mc.yandex.by passport.yandex.fr www.googleapis.com ssl.google-analytics.com mc.webvisor.com mc.webvisor.org ymetrica.com report.appmetrica.webvisor.com passport.yandex.ua lalablah.com syndication.twitter.com www.google-analytics.com; media-src *.hl-inside.ru; 1
default-src 'self' https://www.afrwholesale.com; connect-src 'self' https://*.mktoresp.com https://onesignal.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.juicer.io https://www.afrwholesale.com; font-src 'self' data: https://assets.juicer.io https://fonts.gstatic.com https://www.afrwholesale.com; frame-src https://*.marketo.com https://connect.facebook.net https://onesignal.com https://vapayments.afrwholesale.com https://www.facebook.com https://www.youtube.com; child-src https://*.marketo.com https://connect.facebook.net https://onesignal.com https://vapayments.afrwholesale.com https://www.facebook.com https://www.youtube.com; img-src 'self' data: https://*.afrwholesale.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.twimg.com https://*.xx.fbcdn.net https://analytics.twitter.com https://beacon.krxd.net https://bh.contextweb.com https://cm.g.doubleclick.net https://dpm.demdex.net https://e.nexac.com https://ib.adnxs.com https://idsync.rlcdn.com https://image2.pubmatic.com http://info.afrwholesale.com https://match.adsrvr.org https://pix.btrll.com https://pixel.rubiconproject.com https://pixel.tapad.com https://secure.gravatar.com https://stags.bluekai.com https://stats.g.doubleclick.net https://sync.rhythmxchange.com https://sync.search.spotxchange.com https://tags.bluekai.com https://tags.w55c.net https://us-u.openx.net https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://x.bidswitch.net https://x.dlx.addthis.com https://www.afrwholesale.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.linkedin.com https://*.marketo.com https://bam.nr-data.net https://cdn.onesignal.com https://connect.facebook.net https://js-agent.newrelic.com https://match.prod.bidr.io https://munchkin.marketo.net https://onesignal.com https://s.ytimg.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www.afrwholesale.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.marketo.com https://www.juicer.io https://www.afrwholesale.com; report-uri https://www.afrwholesale.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=faf771c37d 1
connect-src 'self' https://releases.wagtail.io/; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtm.js?id=GTM-THR5KJ8 https://js.stripe.com 'unsafe-inline' www.google-analytics.com wagtail.hamilton-trust.org.uk; default-src 'self' www.googletagmanager.com wagtail.hamilton-trust.org.uk; style-src 'self' 'unsafe-inline' wagtail.hamilton-trust.org.uk; img-src 'self' hamiltontrust-live-b211b12a2ca14cbb94d6-36f68d2.divio-media.net wagtail.hamilton-trust.org.uk www.google-analytics.com www.gravatar.com 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src pagead2.googlesyndication.com stats.g.doubleclick.net kraken.rambler.ru counter.yadro.ru mc.yandex.ru stats.g.doubleclick.net ssl.google-analytics.com favicon.yandex.net yastatic.net  avatars-fast.yandex.net avatars.mds.yandex.net an.yandex.ru vk.com hron-prostatit.ru data: blob:; font-src fonts.gstatic.com https: data:; report-uri /csp-report 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://rko-router.herokuapp.com/_csp 1
script-src 'nonce-mRZN2PsGdBq58gemfSAL3w' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelassociates.com:*; frame-ancestors *.calypso.net.au *.travelassociates.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.eu.mywebsite-editor.com/app/reporting/policyviolation/submit 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/serola.net; 1
default-src 'self'; connect-src 'self' https://wp-static.assets.sh https://notify.bugsnag.com https://sessions.bugsnag.com https://www.google-analytics.com https://performance.typekit.net https://*.mapbox.com; font-src 'self' https://wp-static.assets.sh https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.googletagmanager.com https://www.youtube.com; img-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.be https://www.google.com https://p.typekit.net blob: data:; manifest-src 'self' https://wp-static.assets.sh; media-src 'self' https://wp.assets.sh https://wp-assets-sh.imgix.net https://wp-static.assets.sh; script-src 'self' 'unsafe-inline' https://cdn.polyfill.io https://wp-static.assets.sh https://www.googletagmanager.com https://www.google-analytics.com https://use.typekit.net https://api.mapbox.com https://stats.g.doubleclick.net https://c52.livecom.net; style-src 'self' 'unsafe-inline' https://wp-static.assets.sh https://fonts.googleapis.com https://api.mapbox.com https://c52.livecom.net https://p.typekit.net https://use.typekit.net; worker-src 'self' https://wp-static.assets.sh blob:; frame-ancestors 'none'; form-action 'self'; report-uri https://mrhenry.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:;font-src 'self' data:; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.my&source%5Bsection%5D=brochure&source%5Buuid%5D=1f093d68a0f816aa4175c4d99c01b2b9 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.google.com *.googletagmanager.com; report-uri https://poirot.selesti.com/api/violation/avery 1
default-src 'none'; connect-src 'self' translate.googleapis.com syndication.twitter.com www.google.com id.siteimprove.com app.trackduck.com my2.siteimprove.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net svc.webspellchecker.net login.microsoftonline.com login.windows.net dc.services.visualstudio.com; font-src data fonts.gstatic.com svc.webspellchecker.net 'self'; manifest-src 'self'; object-src 'self'; frame-src 'self' update.mills-reeve.com twitter.com e.issuu.com cdn.yoshki.com login.windows.net player.vimeo.com static.addtoany.com platform.twitter.com syndication.twitter.com tpc.googlesyndication.com analytics-google.net www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src dev-mr.mills-reeve.com qa-mr.mills-reeve.com uat-mr.mills-reeve.com staging-mr.mills-reeve.com www.mills-reeve.com *.siteimproveanalytics.io abs.twimg.com platform.twitter.com syndication.twitter.com lowffdompro.com ton.twimg.com login.microsoftonline.com pbs.twimg.com googleads.g.doubleclick.net www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' ssl.gstatic.com data:; script-src 'self' data platform.twitter.com siteimproveanalytics.com az416426.vo.msecnd.net cdn.syndication.twimg.com svc.webspellchecker.net www.gstatic.com www.google.com tpc.googlesyndication.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src svc.webspellchecker.net ton.twimg.com platform.twitter.com ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline'; report-uri https://mills.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'none'; report-uri /api/csp_report; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.co&source%5Bsection%5D=brochure&source%5Buuid%5D=0d879732e86af825144b35b0ec296309 1
report-uri //report-csp-violation 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com; font-src 'self' fonts.gstatic.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com 'unsafe-inline' 'sha256-UVd1bfzbP7xrxtJSDHp//V/fO0IkNJkciQP0yeBrIPw=' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY=' 'sha256-sjHn4TEpK5Mg0DnixdVitXRrBEVkwGriDPnccbpj+Nw='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://application-logging.connectholland.nl/api/2/csp-report/?sentry_key=3a6a15101ed14a5b96645510c953fd5d 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com oss.maxcdn.com www.googletagmanager.com www.google.com *.gstatic.com *.googleapis.com *.kameleoon.com *.kameleoon.eu platform.linkedin.com platform.twitter.com connect.facebook.net *.amazonaws.com static.sfam.group; upgrade-insecure-requests; 1
default-src *; style-src *  data: 'unsafe-inline'; img-src *  data:; font-src *  data:; connect-src *; media-src * ; frame-src *;  script-src * data: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com; 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=0rhpn4peurah4&partner=; 1
default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-d5fe587b-b822-44bd-88f7-a20f3daa293d' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com 'unsafe-eval' .plot.ly scotland.shinyapps.io; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
object-src 'none';frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://maps.google.com ;script-src 'self' https://fonts.googleapis.com https://www.youtube.com https://ajax.googleapis.com https://ssl.google-analytics.com https: http: 'nonce-bcac06a0e1084a35a261f7e3deee9b14' 'strict-dynamic' 'unsafe-inline' ;base-uri 'self';font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com;form-action 'self' ;manifest-src 'self';block-all-mixed-content;img-src 'self' https://netsential.com https://twitter-badges.s3.amazonaws.com https://ssl.google-analytics.com https://i2.ytimg.com https://www.google-analytics.com data: https://*.netsential.com https://netsential.com;report-uri /Content_Security_Policy.aspx 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com https://adservice.google.com https://adservice.google.co.jp https://*.googleapis.com https://maps.google.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://googleads.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://maps.gstatic.com https://*.googleapis.com; connect-src 'self' https://www.google-analytics.com; report-uri https://report-uri.appspot.com/987194809741479936?ro=1 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=play&d=2019-12-09 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com https://*.datatrans.com; img-src 'self' https://* * data:; script-src 'self' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://*.google-analytics.com *.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://*.datatrans.com https://media2.supermagnete.fr https://www.supermagnete.fr 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.fr https://www.supermagnete.fr 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=mafra&d=2019-12-09 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com;; object-src 'none'; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com; img-src 'self' data: *; frame-src pim.schiller.ch www.google.com; frame-ancestors 'self'; font-src 'self' data: fast.fonts.net use.typekit.net fonts.gstatic.com; form-action 'self'; connect-src 'self' performance.typekit.net stats.g.doubleclick.net www.google-analytics.com; report-uri https://unic.report-uri.com/r/d/csp/reportOnly; report-to cspro; manifest-src 'self'; base-uri 'self' 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'none'; base-uri https: data:; object-src; font-src https: data:; script-src 'nonce-31ca1b61-c511-4a51-852f-15c9dff82471' https: 'unsafe-inline' 'nonce-uQZXaJFashoW5C4zXgqHfEIz' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
object-src 'self';frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://maps.google.com ;script-src 'self' https://fonts.googleapis.com https://www.youtube.com https://ajax.googleapis.com https://ssl.google-analytics.com https: http: 'nonce-4142259fe4aa4041a40e248a0d9c4cb3' 'strict-dynamic' 'unsafe-inline' ;base-uri 'self';font-src 'self' data: https://fonts.gstatic.com ;form-action 'self' ;manifest-src 'self';block-all-mixed-content;img-src 'self' https://netsential.com https://twitter-badges.s3.amazonaws.com https://ssl.google-analytics.com https://i2.ytimg.com https://www.google-analytics.com https://www.gstatic.com data: https://www.facebook.com https://www.rmhidta.org;report-uri /Content_Security_Policy.aspx 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.100partnerprogramme.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.pinterest.com https://at.iocnt.net https://cdn.onthe.io https://cdn.syndication.twimg.com https://connect.facebook.net https://js.pusher.com https://pinpoll.com https://platform.instagram.com https://platform.twitter.com https://script-at.iocnt.net https://secure.widget.cloud.opta.net https://static.cleverpush.com https://tagmanager.google.com https://tools.pinpoll.com https://tt.onthe.io https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.riddle.com https://kurier.mediakey.at https://cdn.tinypass.com https://emeter-uat.mppapi.io https://6345355.fls.doubleclick.net https://a.teads.tv https://ad.360yield.com https://ad.doubleclick.net https://ad.yieldlab.net https://ad1.adfarm1.adition.com https://ad3.adfarm1.adition.com https://adservice.google.at https://adservice.google.com https://adservice.google.de https://asn.advolution.de https://at.f11-ads.com https://bs.serving-sys.com https://cdn.ampproject.org https://cdn.content-garden.com https://cdn.digitru.st https://ced-ns.sascdn.com https://ced.sascdn.com https://cm.g.doubleclick.net https://code.createjs.com https://code.jquery.com https://creatives-cached.yoc.com https://creatives.yoc.com https://dsp.adfarm1.adition.com https://dt.adsafeprotected.com https://ec-ns.sascdn.com https://geo.moatads.com https://googleads4.g.doubleclick.net https://image6.pubmatic.com https://imagesrv.adition.com https://imasdk.googleapis.com https://log.outbrainimg.com https://mb.moatads.com https://mv.outbrain.com https://odb.outbrain.com https://pagead2.googlesyndication.com https://pixel.adsafeprotected.com https://prg.smartadserver.com https://px.moatads.com https://s.vi-serve.com https://s.visx.net https://s0.2mdn.net https://s1.adform.net https://s248.meetrics.net https://s248.mxcdn.net https://s8t.teads.tv https://secure-ds.serving-sys.com https://securepubads.g.doubleclick.net https://simage4.pubmatic.com https://smart.styria-digital.com https://static.adsafeprotected.com https://static.kurier.at https://streaming.grm-pro.com https://studio-t.teads.tv https://sync.teads.tv https://t.teads.tv https://t.visx.net https://tpc.googlesyndication.com https://track.adform.net https://widgets.outbrain.com https://www.google.com https://www.googletagservices.com https://z.moatads.com; object-src 'none'; worker-src 'self' blob:; report-uri https://csp.telekurier.at/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: asset: cdn.funds.jp cosmic-s3.imgix.net cdnjs.cloudflare.com sentry.io fonts.googleapis.com www.google.com www.google.co.jp www.googletagmanager.com www.google-analytics.com www.googleadservices.com fonts.gstatic.com www.gstatic.com platform.twitter.com syndication.twitter.com connect.facebook.net www.facebook.com staticxx.facebook.com heapanalytics.com cdn.heapanalytics.com *.criteo.net *.criteo.com www.tcs-asp.net *.ebis.ne.jp *.accesstrade.net *.linksynergy.com *.trafficgate.net *.doubleclick.net s.yimg.jp *.yahoo.co.jp *.microad.jp *.a8.net *.dc-storm.com *.cribnotes.jp *.rlcdn.com *.rmtag.com; report-uri https://sentry.io/api/1312751/security/?sentry_key=905abc2358684b45b94d0af144209396&sentry_environment=production 1
default-src 'self'; img-src *; style-src 'self' www.warime.com 'unsafe-inline'; script-src 'self' www.warime.com 'unsafe-inline' 'unsafe-eval' 1
child-src 'self'; connect-src 'self' data: http://*.facebook.com http://*.fundthatflip.com http://*.lkqd.net http://*.s3.amazonaws.com https://*.algolia.net https://*.algolianet.com https://*.datapipe.prodperfect.com https://*.facebook.com https://*.fullstory.com https://*.fundamerica.com https://*.fundthatflip.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.bd https://*.google.com.ph https://*.google.es https://*.googleapis.com https://*.honeybadger.io https://*.hotjar.com https://*.hubapi.com https://*.hubspot.com https://*.jquery.com https://*.linkedin.com https://*.lkqd.net https://*.nr-data.net https://*.s3.amazonaws.com https://*.verygoodproxy.com https://*.verygoodvault.com wss://*.fundthatflip.com wss://*.hotjar.com; default-src 'self' cnd.tryretool.com http://*.tryretool.com https://*.tryretool.com; font-src 'self' data: http://*.fundthatflip.com http://*.gstatic.com https://*.amazonaws.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.fundamerica.com https://*.fundthatflip.com https://*.googleapis.com https://*.gstatic.com https://*.s3-accelerate.amazonaws.com wss://*.fundthatflip.com; frame-src 'self' data: http://*.facebook.com http://*.tryretool.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hellosign.com https://*.hotjar.com https://*.hsforms.com https://*.hubspot.com https://*.recruiterbox.com https://*.tryretool.com https://*.twitter.com https://*.verygoodproxy.com https://*.verygoodvault.com https://*.youtube.com wss://*.hotjar.com; img-src 'self' blob: data: http://*.facebook.com http://*.fundthatflip.com http://*.gstatic.com http://*.lkqd.net http://*.s3.amazonaws.com https://*.adnxs.com https://*.amazonaws.com https://*.bing.com https://*.cloudflare.com https://*.datapipe.prodperfect.com https://*.facebook.com https://*.fullstory.com https://*.fundamerica.com https://*.fundthatflip.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.al https://*.google.be https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ma https://*.google.co.th https://*.google.co.uk https://*.google.co.ve https://*.google.co.za https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.mx https://*.google.com.na https://*.google.com.ng https://*.google.com.np https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.qa https://*.google.com.sa https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hr https://*.google.ie https://*.google.im https://*.google.it https://*.google.lt https://*.google.mn https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://*.google.sk https://*.google.sn https://*.google.tt https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.hsforms.com https://*.hubspot.com https://*.licdn.com https://*.lkqd.net https://*.nr-data.net https://*.recruiterbox.com https://*.s3.amazonaws.com https://*.ytimg.com wss://*.fundthatflip.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: http://*.fundthatflip.com http://*.lkqd.net http://*.tryretool.com https://*.ads.linkedin.com https://*.algolia.net https://*.algolianet.com https://*.bing.com https://*.cloudfront.net https://*.facebook.net https://*.fundamerica.com https://*.fundthatflip.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-growth-metrics.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.licdn.com https://*.linkedin.com https://*.lkqd.net https://*.newrelic.com https://*.nr-data.net https://*.recruiterbox.com https://*.trackinglibrary.prodperfect.com https://*.tryretool.com https://*.twitter.com https://*.usemessages.com https://*.verygoodproxy.com https://*.verygoodvault.com https://*.youtube.com https://*.ytimg.com https://fullstory.com wss://*.fundthatflip.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' blob: http://*.fundthatflip.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.fundamerica.com https://*.fundthatflip.com https://*.google.com https://*.googleapis.com https://*.recruiterbox.com wss://*.fundthatflip.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_89b218a956594ce79c4b46cf1ca79623 1
default-src https: data: ; img-src https: data: javascript: ; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' ; child-src https: data: ; connect-src https: wss: ;report-uri https://q0e6huwgp0.execute-api.ap-northeast-1.amazonaws.com/Prod/csp_report 1
default-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://bizzdesign.com 'nonce-SMsp9B4H6FMcrGwUDivT1nVmFMrxUpecUQPFGBj0KbMNGkhViYfnLNZtNqtwMLfvhtzZ9Ip5x1GoHIejAMhVHjeqRlgXO55OfWB9xAAIBdt7vbQdYf882JJWmEQWPoXd'; connect-src https://api.segment.io https://bizzdesign.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://settings.luckyorange.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; font-src data: https://bizzdesign.com https://fonts.gstatic.com https://use.typekit.net; frame-src https://bizzdesign.catsone.nl https://go.bizzdesign.com https://js.driftt.com https://platform.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; child-src https://bizzdesign.catsone.nl https://go.bizzdesign.com https://js.driftt.com https://platform.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; img-src data: https://bizzdesign.com https://cdn2.hubspot.net https://dc.ads.linkedin.com https://gateway.zscaler.net https://go.bizzdesign.com https://px.ads.linkedin.com https://secure.gravatar.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://storage.pardot.com https://tracking.leadlander.com https://www.bizzdesign-academy.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fi https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com; script-src 'unsafe-eval' 'unsafe-inline' https://bizzdesign.catsone.nl https://bizzdesign.com https://bpb.opendns.com https://cdn.segment.com https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net https://go.bizzdesign.com https://js.driftt.com https://pi.pardot.com https://platform.twitter.com https://px.ads.linkedin.com https://s.ytimg.com https://snap.licdn.com https://ssl.google-analytics.com https://t.sf14g.com https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; style-src 'unsafe-inline' https://ajax.googleapis.com https://bizzdesign.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; worker-src https://www.facebook.com 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-XABdjRxpqtBceDEwldVdGwMJwFA'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=a815def1672436fdaf703fad3eaa68a5 1
connect-src 'self' https://evt.klarna.com https://www.google-analytics.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://bam.nr-data.net https://www.facebook.com https://locationservice.posti.com; img-src 'self' data: *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net *.klarna.com https://www.google-analytics.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com images.contentful.com images.ctfassets.net https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com https://maps.googleapis.com https://bat.bing.com https://www.facebook.com https://img.youtube.com https://pixel.quantserve.com; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com; frame-src 'self' *.klarna.com *.doubleclick.net https://vars.hotjar.com *.youtube.com https://booking.brenderuprental.com https://utm.keskoanalytics.com/; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com https://keskoanalytics.s3.eu-central-1.amazonaws.com; script-src 'self' 'unsafe-inline' *.klarnacdn.net https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://t.myvisitors.se; default-src 'none'; media-src videos.contentful.com videos.ctfassets.net; child-src https://vars.hotjar.com; report-uri https://www.k-rauta.se/csp-report; 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: about: gsa://onpageload; report-uri /_csp_report_/ 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-nTfM5UZsvOAOwg==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src 'unsafe-inline'  'self' www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org *.tyredating.com scontent.webcollage.net *.twitter.com  https://cdn-prod-eu.yepgarage.com  ; script-src 'unsafe-inline' 'unsafe-eval'  'self' www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org *.tyredating.com scontent.webcollage.net *.twitter.com  https://cdn-prod-eu.yepgarage.com  ; frame-src 'self' www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org *.tyredating.com scontent.webcollage.net *.twitter.com  https://cdn-prod-eu.yepgarage.com  ; img-src * 'self' data:   ; report-uri /admin/public/api/health/report-uri 1
block-all-mixed-content; report-uri https://pangoly.report-uri.com/r/d/csp/reportOnly 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=1kkfos9eus3k3&partner=; 1
script-src 'nonce-V19dI0u9lgjOCPPbsbCj0g' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net ; connect-src 'self' *.typekit.net *.umbraco.org *.openstreetmap.org ws://www.portaal.nl ; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org ; frame-ancestors 'self' ;  1
default-src 'self' motosila.by data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' motosila.by bitrix.info mc.yandex.by mc.yandex.ru *.g.doubleclick.net *.google-analytics.com *.jivosite.com:*; child-src 'self' motosila.by blob: mc.yandex.ru mc.yandex.by mc.yandex.com mc.webvisor.com mc.webvisor.org yastatic.net; font-src 'self' motosila.by data: fonts.gstatic.com; frame-src 'self' motosila.by www.google.com www.youtube.com blob: mc.yandex.ru mc.yandex.by mc.yandex.com mc.webvisor.com mc.webvisor.org yastatic.net; img-src 'self' motosila.by *.google.by *.google.ru *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net mc.yandex.ru data: ; media-src 'self' motosila.by *.jivosite.com; script-src 'self' motosila.by 'unsafe-inline' 'unsafe-eval' bitrix.info *.jivosite.com *.googleapis.com *.gstatic.com *.google.com *.google.ru www.google-analytics.com mc.yandex.ru mc.yandex.by mc.yandex.com mc.webvisor.com mc.webvisor.org yastatic.net; style-src  'self' motosila.by 'unsafe-inline' fonts.googleapis.com; report-uri https://motosila.by/csp.php; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com; font-src 'self' fonts.gstatic.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com 'unsafe-inline' 'sha256-UVd1bfzbP7xrxtJSDHp//V/fO0IkNJkciQP0yeBrIPw=' 'sha256-sjHn4TEpK5Mg0DnixdVitXRrBEVkwGriDPnccbpj+Nw='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://application-logging.connectholland.nl/api/2/csp-report/?sentry_key=3a6a15101ed14a5b96645510c953fd5d 1
default-src 'self'; connect-src 'self' https://*.prismic.io https://*.segment.com https://*.segment.io https://calendly.com https://*.calendly.com https://*.mxpnl.com https://*.mixpanel.com https://*.livestorm.co https://*.googletagmanager.com https://*.crisp.chat wss://client.relay.crisp.chat https://appvizer.one https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://stats.g.doubleclick.net https://sentry.io https://*.sentry.io; frame-src 'self' https://*.prismic.io https://*.segment.com https://*.segment.io https://calendly.com https://*.calendly.com https://*.mxpnl.com https://*.mixpanel.com https://*.livestorm.co https://*.googletagmanager.com https://*.crisp.chat wss://client.relay.crisp.chat https://appvizer.one https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://stats.g.doubleclick.net https://sentry.io https://*.sentry.io; img-src * data:; script-src 'self' https://*.prismic.io https://*.segment.com https://*.segment.io https://calendly.com https://*.calendly.com https://*.mxpnl.com https://*.mixpanel.com https://*.livestorm.co https://*.googletagmanager.com https://*.crisp.chat wss://client.relay.crisp.chat https://appvizer.one https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://stats.g.doubleclick.net https://sentry.io https://*.sentry.io 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://*.crisp.chat 'unsafe-inline'; font-src 'self' https://*.crisp.chat https://fonts.gstatic.com; upgrade-insecure-requests; report-uri https://3b04275d05cf464c965608298735b2dc@sentry.io/1824647; report-to https://3b04275d05cf464c965608298735b2dc@sentry.io/1824647 1
default-src https://xref.com script-src https://sandbox.xref.com https://xref.com https://xref-wagtail.s3.amazonaws.com https://www.googletagmanager.com frame-src  https://fast.wistia.com style-src  https://fonts.googleapis.com img-src  https://xref-wagtail.s3.amazonaws.com/* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: dolgojit.net *.yandex.ru https://yandex.ru *.docdoc.ru docdoc.ru https://docdoc.ru https://cdn.docdoc.ru https://w.docdoc.ru https://adservice.google.md http://docdoc.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yandex.st *.yandex.st https://yandex.st https://*.yandex.st https://*.yandex.ua yastatic.net https://yastatic.net yandexadexchange.net *.yandexadexchange.net *.google.com https://*.google.ru https://*.google.com https://*.google.com.ua https://*.google.kz https://*.google.az *.liveinternet.ru *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googlezip.net *.yadro.ru https://*.yadro.ru *.youtube.com https://*.youtube.com http://*.mail.ru http://img.imgsmail.ru http://*.cloudflare.com http://r.mradx.net http://*.adriver.ru http://*.adfox.ru *.facebook.net vk.com *.vk.com https://vk.com http://*.buzzoola.com https://*.buzzoola.com http://*.weborama.fr http://*.facetz.net http://*.exe.bid http://*.tns-counter.ru mc.yandex.by google-analytics.com *.facebook.com *.google.fr mc.yandex.kz *.googletagservices.com https://adservice.google.kg/ https://adservice.google.com.lb; report-uri https://dolgojit.net/csp-manager/tracker.php 1
default-src 'self'; img-src 'self' www.google-analytics.com; script-src 'self' https://apis.google.com www.google-analytics.com 'sha256-dtF9qc55MHMF6eXfpA91ZcYzkOr53YdeXgBHy+LNSwQ=' 'sha256-PM/nFKEkFv/VbltAmHZYkbmXCoh7yT0qFJGfO5s72CQ=' 'sha256-nhA03Pim5IFIRIOgeNDNimcnIPNu54u9p+/A76XEqD0=' 'sha256-hc+ViLBeNx3x4u2eOm+9fUGqrhJxM07NkWw7SKyVEEE='; style-src 'self' 'sha256-T/t23KaSMjwdZ9dUMWu/CEbh4/kqKYf//T8emJLWNRI=' 'sha256-H/s/dWGkGDaCkKqmo0VNeHrTgvJjinI5uvu7UmY6EB8=' 'sha256-RVUzT5WQgKUiRfwfZ5/d8nxqNBcGWoYqAQp72N/cCqE=' 'sha256-i98i2s6ZzO900wk1LiQ57jRfhYjGhps4E+uDGCQu9as=' 'sha256-l9SqOBauzmSElsuaB8NoqVebADiK62hOjeaNMitZmYU=' 'sha256-YuSGiqvnMotm7wr33mhuDSsdbsCgUrGd/bGGYrfY9UA=' 'sha256-yBwiUUrUI5F6r5jNXHw8tcKnRhGLtR7JUbpF/zcjXfw=' 'sha256-lIO1ad2KcYQOfwEf7MzWzmnC5QL2Ca3x9ywmQLIDGQQ=' 'sha256-K7kC2fBUVt54T2sYE65oAxUz+I2PnxgOd9vy/eC1fqs=' 'sha256-lLbK/9VSX8spw3W1ij9rR+3LwZU/SvMyeaBxc1aFgx8=' 'sha256-azWEKeU9hcK4E63vHM/LQIo79an14hbIFsMxHdEJUXQ='; child-src 'self' https://w.soundcloud.com https://accounts.google.com https://apis.google.com; 1
script-src 'nonce-G9yPGiWeKLB1BlAxulXQEA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.versicherungspartnerprogramm.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=4qc3k3heus65a&partner=; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' * *.dropboxusercontent.com *.google-analytics.com *.facebook.net *.facebook.com *.twitter.com *.hatena.ne.jp *.st-hatena.com *.google.com *.slidesharecdn.com *.slideshare.net *.wufoo.com *.mathjax.org *.wistia.com *.wistia.net *.mailchimp.com speakerd.herokuapp.com speakerdeck.com; font-src 'self' https: data: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; report-uri https://idobata.io/hook/custom/81016439-cd32-48b3-9d3b-990beb56a868 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5xzprvak1tlanwejfsrfgkq1.httpschecker.net/report 1
default-src 'self' 'unsafe-inline' *.criteo.net *.godaddy.com *.googleadservices.com *.google-analytics.com *.yahoo.com *.optnmstr.com *.adroll.com s3-us-west-2.amazonaws.com; font-src  'self' *.gstatic.com *.googleapis.com; img-src 'self' 'data' *.mechanicstoolswarehouse.com images.mcafeesecure.com; script-src 'self' 'unsafe-inline' http://static.criteo.net https://seal.godaddy.com http://www.googleadservices.com http://www.google-analytics.com https://www.google-analytics.com http://sp.analytics.yahoo.com http://a.optnmstr.com http://a.adroll.com https://cdn.yqxi.net s3.amazonaws.com *.cloudfront.net *.ying.com *.klaviyo.com; 1
default-src 'self' mediabank.valkenhorst.nl; child-src 'self' js.stripe.com p.travelsmarter.net valkexclusief-virtueletours.nl www.googletagmanager.com www.google.com www.youtube.com zien360.nl *.facebook.com; connect-src 'self' api.pushbird.com api.widget.trengo.eu api01.shoppingminds.net trkr.shoppingminds.net www.google-analytics.com *.g.doubleclick.net *.facebook.com *.facebook.net *.hotjar.com *.hotjar.io mediabank.valkenhorst.nl; img-src 'self' data: ads.creative-serving.com cdn.feedbackify.com gravatar.com onlinedialogue.s3-eu-west-1.amazonaws.com/valk portal.payconiq.com script.shoppingminds.com s3.amazonaws.com/fby-form/ trkr.shoppingminds.net www.google-analytics.com www.googletagmanager.com www.google.com www.tripadvisor.com www.tripadvisor.de www.tripadvisor.nl *.g.doubleclick.net *.facebook.com *.gstatic.com *.google.at *.google.be *.google.ch *.google.com *.google.co.in *.google.co.kr *.google.co.ma *.google.co.uk *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.it *.google.lu *.google.lt *.google.nl *.google.tn *.googleapis.com *.googletraveladservices.com mediabank.valkenhorst.nl; frame-src 'self' js.stripe.com p.travelsmarter.net valkexclusief-virtueletours.nl web-widget.mobility.here.com www.googletagmanager.com www.omnivr.nl www.youtube.com zien360.nl *.g.doubleclick.net *.facebook.com *.hotjar.com *.googlesyndication.com *.google.com *.vimeo.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com static.tacdn.com mediabank.valkenhorst.nl; media-src 'self' static.widget.trengo.eu mediabank.valkenhorst.nl; style-src 'self' 'unsafe-inline' static.tacdn.com fonts.googleapis.com mediabank.valkenhorst.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.pushbird.com cdn.widget.trengo.eu js.stripe.com marketplace.mobility.here.com player.vimeo.com script.shoppingminds.com static.tacdn.com s3.amazonaws.com/fby-form/ www.googletagmanager.com www.google-analytics.com www.tripadvisor.nl www.youtube.com *.facebook.net *.feedbackify.com *.g.doubleclick.net *.googleapis.com *.google.com *.googleadservices.com *.googlesyndication.com *.gstatic.com *.hotjar.com mediabank.valkenhorst.nl; block-all-mixed-content; report-uri https://valkexclusief.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://maps.google.com https://m.addthis.com https://www.youtube.com/iframe_api https://www.youtube.com http://www.youtube.com http://dev.openlayers.org https://dev.openlayers.org https://m.addthisedge.com https://s7.addthis.com https://apis.google.com https://googleads.g.doubleclick.net https://unpkg.com  https://use.fontawesome.com https://pro.fontawesome.com http://www.amcharts.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://www.google-analytics.com https://records-ws.nbnatlas.org https://use.typekit.net https://www.googleadservices.com https://mc.us16.list-manage.com https://www.googletagmanager.com https://tagmanager.google.com https://downloads.mailchimp.com https://code.jquery.com https://maps.googleapis.com https://connect.facebook.net   https://downloads.mailchimp.com https://csi.gstatic.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' http://dev.openlayers.org https://tagmanager.google.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://use.fontawesome.com https://p.typekit.net https://use.typekit.net https://pro.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://pro.fontawesome.com  https://maxcdn.bootstrapcdn.com; frame-src 'self'  https://www.google.com https://s7.addthis.com https://e.issuu.com https://apis.google.com/ https://www.youtube.com/ https://staticxx.facebook.com/ https://accounts.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://web.facebook.com/; object-src 'self'; connect-src 'self' https://m.addthis.com https://syndication.twitter.com  https://performance.typekit.net/ ; media-src 'self' blob: https://e5c5a7c5.ssl.hwcdn.net; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://zephyrintl.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1569003803 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' safari-ukraina.com www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.yandex.ru metrika.yandex.ua mc.yandex.ru yastatic.net www.googleadservices.com googleads.g.doubleclick.net d31j93rd8oukbv.cloudfront.net mc.webvisor.org maps.googleapis.com *.jivosite.com *.privatbank.ua www.youtube.com s.ytimg.com *.ampproject.org https://static.mailerlite.com cdn.jsdelivr.net; default-src 'self' *.jivosite.com; frame-src *.safari-ukraina.com vkontakte.ru yastatic.net www.facebook.com vk.com api-maps.yandex.ru bid.g.doubleclick.net www.youtube.com *.google.com cdn.jivosite.com cdn-cis.jivosite.com https://static.mailerlite.com; img-src *.safari-ukraina.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 informer.yandex.ru www.google.com mc.yandex.ru www.google.com.ua googleads.g.doubleclick.net mc.webvisor.org csi.gstatic.com maps.googleapis.com maps.gstatic.com twemoji.maxcdn.com s3-eu-west-1.amazonaws.com ymetrica.com i.ytimg.com; style-src 'unsafe-inline' 'self' safari-ukraina.com fonts.googleapis.com https://static.mailerlite.com; report-uri http://csp.safari-ukraina.com; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 api.maps.yandex.ru mc.webvisor.org *.jivosite.com ymetrica.com wss://chat.jivosite.com wss://chat4-1.jivosite.com *.ampproject.org stats.g.doubleclick.net www.google.com www.google.com.ua; object-src 'self' www.youtube.com; font-src 'self' fonts.gstatic.com; 1
default-src 'self';
        img-src 'self'
            data: *
            blob: *
            https://insights.hotjar.com https://static.hotjar.com
            https://www.googletagmanager.com
            https://*.odigeoconnect.com
            https://www.google-analytics.com;
        font-src 'self'
            data: *
            https://static.hotjar.com
            https://www.google-analytics.com
            https://maxcdn.bootstrapcdn.com/
            https://fonts.gstatic.com;
        style-src 'self' 'unsafe-inline'
            https://cdnjs.cloudflare.com
            https://opensource.keycdn.com
            https://maxcdn.bootstrapcdn.com
            https://fonts.googleapis.com;
        frame-src 'self'
            https://www.googletagmanager.com
            https://vars.hotjar.com;
        script-src 'self' 'unsafe-inline' 'unsafe-eval'
            https://static.hotjar.com
            https://script.hotjar.com
            https://cdnjs.cloudflare.com
            https://maxcdn.bootstrapcdn.com
            https://www.google-analytics.com/
            https://tagmanager.google.com/
            https://www.googletagmanager.com/;
        connect-src 'self'
            https://*.hotjar.com:*
            https://vc.hotjar.io:*
            wss://*.hotjar.com
            https://www.google-analytics.com
            https://*.odigeoconnect.com;
        report-uri https://csp.odigeoconnect.com/csp; 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:; report-uri https://alfa.reality.cz/info/csp/ 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.pl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.pl *.spreadshirt.pl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.pl ; font-src 'self' https: data: *.spreadshirt.pl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.pl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.pl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
report-uri https://wwwhellobankat.report-uri.com/r/d/csp/reportOnly; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.be ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.be *.spreadshirt.be ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.be ; font-src 'self' https: data: *.spreadshirt.be ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.be ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.be ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/occunomix.com; 1
img-src 'self' *.etnetera.cz 'unsafe-inline' data: *; script-src 'unsafe-inline' 'strict-dynamic' 'nonce-NpGPe2hPwnClzFF1O02Nt9lMeQoSygU8'; style-src 'self' *.etnetera.cz fonts.googleapis.com 'unsafe-inline'; report-uri https://sentry-csp.etnetera.cz/api/2/csp-report/?sentry_key=6a19ac8d3fd2460781f226b489931769 1
script-src 'self' 'nonce-OkvPoxy3p/TXzT27mHj9uQ=='; report-uri /norsirkportalenb2c.onmicrosoft.com/B2C_1A_signin/client/cspreport?p=B2C_1A_signin 1
default-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk www.youtube-nocookie.com; script-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk cdn.ravenjs.com ssl.google-analytics.com www.google-analytics.com static.addtoany.com dfsrovckda8bt.cloudfront.net hitcounter.servmetric.com www.google.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com *.googleapis.com www.googletagmanager.com platform.twitter.com babm.texthelp.com plus.browsealoud.com *.tawk.to cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ websurveys2.servmetric.com websurveys2.govmetric.com hitcounter.govmetric.com content.govdelivery.com cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.nwleics.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.google.com maps.google.co.uk *.googleapis.com plus.browsealoud.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com websurveys2.govmetric.com websurveys2.servmetric.com 'unsafe-inline'; img-src 'self' data: www.nwleics.gov.uk secure.cuttlefish.com static.cuttlefish.com ssl.google-analytics.com www.google-analytics.com dfsrovckda8bt.cloudfront.net www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com maps-api-ssl.google.com babm.texthelp.com plus.browsealoud.com syndication.twitter.com platform.twitter.com stats.g.doubleclick.net cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com abs.twimg.com https://*.ggpht.com static-v.tawk.to websurveys2.govmetric.com websurveys2.servmetric.com content.govdelivery.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com static-v.tawk.to; connect-src 'self' www.nwleics.gov.uk ssl.google-analytics.com www.google-analytics.com translate.googleapis.com babm.texthelp.com plus.browsealoud.com baspeech.speechstream.net sentry.cuttlefish.com https://stats.g.doubleclick.net *.tawk.to wss://*.tawk.to https://api.mixpanel.com; frame-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk static.addtoany.com platform.twitter.com syndication.twitter.com www.facebook.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ va.tawk.to websurveys2.govmetric.com; media-src 'self' www.nwleics.gov.uk my.nwleics.gov.uk baspeech.speechstream.net; frame-ancestors 'self' www.nwleics.gov.uk my.nwleics.gov.uk; child-src 'self' va.tawk.to; form-action 'self' www.nwleics.gov.uk my.nwleics.gov.uk pa.nwleics.gov.uk va.tawk.to https://public.govdelivery.com/accounts/UKCHARNWOOD/subscribers/qualify; report-uri https://us-central1-domains-174713.cloudfunctions.net/csp?report_only; 1
default-src 'self'; style-src 'self'; connect-src 'self'; script-src 'self' google-analytics.com youtube.com twitter.com google.com; img-src *; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 1
default-src 'self' www.youtube.com *.hotjar.com; script-src 'self' 'nonce-L2911ug46Vk6T0aAXKdztQ==' report-sample *.google-analytics.com *.googletagmanager.com *.hotjar.com 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://*.googletagmanager.com/; frame-src 'self' vars.hotjar.com www.youtube.com; connect-src 'self' *.pusher.com *.hotjar.io https://sentry.io google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.google-analytics.com res.cloudinary.com stats.g.doubleclick.net google.com *.google.com google.no *.google.no; worker-src 'none'; media-src 'self' https://res.cloudinary.com/obos/; block-all-mixed-content; report-uri /csp-error/; 1
upgrade-insecure-requests; default-src 'self'; object-src 'self'; connect-src 'self' https://hella.containers.piwik.pro https://hella.piwikpro.com; font-src 'self' https://e.video-cdn.net; frame-src 'self' http://irpages2.equitystory.com https://charts3.equitystory.com https://irpages2.equitystory.com https://www.edge-cdn.net; img-src data: 'self' https://hella.containers.piwik.pro https://hella.piwik.pro https://hella.piwikpro.com https://wwc.hella.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://e.video-cdn.net/v2/embed.js https://hella.piwik.pro https://hella.containers.piwik.pro https://hella.piwikpro.com/piwik.js; style-src 'self' 'unsafe-inline' 1
default-src 'self'; connect-src 'self' https://api.rollbar.com https://performance.typekit.net https://www.google-analytics.com https://*.freshworks.com https://carenzorgt.freshdesk.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' about: data: https://p.typekit.net https://www.google-analytics.com blob: d1yim1i5ghw5xv.cloudfront.net caren.s3.eu-west-1.amazonaws.com https://d1yim1i5ghw5xv.cloudfront.net https://*.mijnio.nl https://iome.s3.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.freshworks.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://euc-widget.freshworks.com/widgets/75000000029.json https://*.freshworks.com https://use.typekit.net https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/granim/1.1.0/granim.min.js https://cdn.polyfill.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://s3.amazonaws.com/assets.freshdesk.com/widget/ https://*.freshworks.com; report-uri /csp_reports 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=newspaper_PETPLUSDVA 1
default-src 'self' www.marshallsterling.com; script-src 'self' www.marshallsterling.com 'unsafe-eval' *.googleapis.com 'unsafe-inline' svc.webspellchecker.net www.google-analytics.com *.providesupport.com; object-src 'self' www.marshallsterling.com; style-src 'self' www.marshallsterling.com 'unsafe-eval' *.googleapis.com 'unsafe-inline' ; img-src 'self' www.marshallsterling.com *.gstatic.com *.googleapis.com *.google-analytics.com *.mollom.com *.providesupport.com; media-src 'self' www.marshallsterling.com; frame-src 'self' www.marshallsterling.com *.youtube.com *.vimeo.com; font-src 'self' www.marshallsterling.com *.gstatic.com; connect-src 'self' www.marshallsterling.com; report-uri /report-csp-violation 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://qgqdrzuefekogxtp0vsacl3x.httpschecker.net/report 1
EA.ca frame-ancestors 'self' ;font-src 'self' https://fonts.gstatic.com  https://webfonts.zohostatic.com  https://static.ecorebates.com https://ajax.googleapis.com data:  ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com https://media.electroluxappliances.com; report-uri /CSP-report; 1
script-src 'nonce--37fA-FZecK-A25ikergKg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.google.com *.vimeo.com *.authorize.net *.gstatic.com *.labelwriter.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.authorize.net 1
connect-src 'self' app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com; default-src 'self' media.newmindmedia.com beta.pitea.se data:; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com netdna.bootstrapcdn.com www.stratsys.se; form-action 'self' app-eu.readspeaker.com web103.reachmee.com; img-src 'self' data: beta.pitea.se app-eu.readspeaker.com image.providesupport.com media.newmindmedia.com media.readspeaker.com js.arcgis.com jamforelse.stratsys.se webgis.it.pitea.se about:; script-src beta.pitea.se 'self' web103.reachmee.com image.providesupport.com code.jquery.com pitea.mynewsdesk.com 'sha256-Hnhe4R0P6wwATJSY3ifua+lDsSOOHIE/rI+ZRzOZGVk=' 'sha256-1o2A60+/OGPBNg+labGVrJPqbLVGijeWnFRH+VlKT9c=' 'sha256-GMVQdhnizKqXD0cuutPtyd6gO2Qs87cMkK0F5k8hAww=' 'sha256-6Pk95aFTSNedgvHBIgl/vKGXo5p/MkasbBKrPJXiPl8='; script-src-elem beta.pitea.se 'self' web103.reachmee.com image.providesupport.com pitea.mynewsdesk.com app-eu.readspeaker.com code.jquery.com jamforelse.stratsys.se www.stratsys.se 'sha256-Hnhe4R0P6wwATJSY3ifua+lDsSOOHIE/rI+ZRzOZGVk=' 'sha256-1o2A60+/OGPBNg+labGVrJPqbLVGijeWnFRH+VlKT9c=' 'sha256-GMVQdhnizKqXD0cuutPtyd6gO2Qs87cMkK0F5k8hAww=' 'sha256-6Pk95aFTSNedgvHBIgl/vKGXo5p/MkasbBKrPJXiPl8='; object-src 'self'; frame-src 'self' pitea.se web103.reachmee.com www.dedu.se webgis.it.pitea.se a.entergate.se app-eu.readspeaker.com pitea.uc.standout.se rstts-eu.readspeaker.com extweb5.pitea.se lifecare.pitea.se www.novasoftware.se pitea.tromanpublik.se www.esmaker.net www.kommersannons.se pitea.mynewsdesk.com recruit.visma.com www.hrmab.se player.vimeo.com www.youtube-nocookie.com; media-src app-eu.readspeaker.com rstts-eu.readspeaker.com; style-src-elem 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'self' netdna.bootstrapcdn.com www.stratsys.se; style-src 'self' netdna.bootstrapcdn.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-CLC1c4VNJL2uHK1VjQZNRXp2weHQdHTmDXMOlGGxhas=' 'sha256-K1bgZVOFN7wLgJX1uVzwjXHOGctG+HNu2HEORw6wJkY=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; report-uri https://pitea.report-uri.com/r/d/csp/wizard 1
script-src 'nonce-Y4JNJt5c1IYgLqj9tc6AmIjiEvxq+VTiCSDWEMTRuoI=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample';object-src 'self' https://*.kc-usercontent.com;base-uri 'self';report-uri https://kenticocloud.report-uri.io/r/default/csp/reportOnly 1
base-uri 'none'; default-src 'none'; script-src 'self' 'nonce-+AfgCGcNN/gp+I/arDeIVw==' 'strict-dynamic' https://www.youtube.com https://widget.cloudpayments.ru 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/ng-dialog/; img-src 'self' https://*.partiyaedi.ru https://partiyaedi.ru *.yandex *.yandex.ru *.yandex.net https://*.usedesk.ru data: https://*.maps.yandex.net api-maps.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.vk.com https://vk.com; font-src 'self' https://*.partiyaedi.ru https://partiyaedi.ru *.yandex *.yandex.ru https://fonts.gstatic.com; connect-src 'self' https://*.partiyaedi.ru https://partiyaedi.ru https://*.yandex https://*.yandex.ru wss://*.yandex.ru wss://*.yandex https://*.usedesk.ru https://*.yandex.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://api.mixpanel.com https://api.mindbox.ru; frame-src https://www.youtube.com https://api-maps.yandex.ru https://yandex.ru; child-src https://www.youtube.com https://api-maps.yandex.ru; media-src https://*.partiyaedi.ru https://partiyaedi.ru https://chef.yandex https://chef.yandex.ru; report-uri https://csp.yandex.net/csp?from=chef; 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googletagservices.com https://adservice.google.com https://adservice.google.es; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com; base-uri 'self'; report-uri https://selectra.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' *.google.cz *.google.com *.googletagmanager.com *.google-analytics.com; report-uri https://bellarose.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' *.gravatar.com discordapp.com www.gstatic.com www.google.com *.wp.com cdn.polyfill.io; script-src 'self' 'unsafe-inline' *.gravatar.com discordapp.com www.gstatic.com www.google.com *.wp.com cdn.polyfill.io; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com secure.gravatar.com fonts.googleapis.com discordapp.com www.gstatic.com; img-src 'self' i.imgur.com https://secure.gravatar.com; connect-src 'self' https://www.goodjobmedia.com https://discordapp.com https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://wordpress.com; report-uri https://chrolo.report-uri.com/r/d/csp/reportonly; frame-ancestors 'none'; object-src 'none'; frame-src 'self' https://discordapp.com https://www.google.com https://widgets.wp.com/; worker-src 'self'; report-to default; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://www.taftine.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1568647535  1
default-src  https://*.kucoin.com  https://*.kcs.top  https://*.kumex.com  https://*.kumex.top  https://*.pool-x.io  https://*.googleapis.com  https://*.kcsfile.com  https://*.recaptcha.net  https://*.alicdn.com  https://*.google-analytics.com  https://*.gstatic.cn  https://*.gstatic.com  https://*.doubleclick.net  https://*.kcs.top:4443  https://*.growingio.com  https://*.giocdn.com  data:  ws:  wss:  eval:  inline:  'unsafe-eval'  'unsafe-inline'  https://hm.baidu.com  https://*.leancloud.cn  https://*.lncld.net  https://*.geetest.com  https://*.youtube.com  https://*.tradingview.com;  font-src  http:  https:  data:;  img-src  http:  https:  data:  blob:;  frame-ancestors  'self'  https://www.growingio.com;  report-uri  https://sentry.kucoin.com/api/5/security/?sentry_key=12d337e20639486988b0211b0e7b8441 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://cdn.ampproject.org https://adservice.google.fr https://googleads.g.doubleclick.net https://www.googleapis.com https://cse.google.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://translate.googleapis.com https://ajax.googleapis.com https://pagead2.googlesyndication.com https://translate.google.com https://connect.facebook.net https://ajax.googleapis.com https://graph.facebook.com https://static.addtoany.com https://adservice.google.com.tw https://adservice.google.es https://adservice.google.nl https://adservice.google.co.in https://adservice.google.co.il https://adservice.google.co.nz https://adservice.google.pl https://adservice.google.com https://adservice.google.com.hk https://adservice.google.co.jp https://adservice.google.ca https://adservice.google.com.my https://adservice.google.com.sg https://adservice.google.co.kr https://adservice.google.com.vn https://adservice.google.de https://adservice.google.co.uk https://adservice.google.com.au https://adservice.google.co.th https://adservice.google.co.id; child-src 'self' https://googleads.g.doubleclick.net blob: data:; img-src 'self' data: https://www.google.com https://www.google.com.sg https://www.google.com.tw https://www.google.com.hk https://www.google.co.jp https://www.google.com.ph https://www.google.com.my https://web.facebook.com https://www.pcsetting.com https://www.kjnotes.com https://translate.google.com https://translate.googleapis.com https://encrypted-tbn3.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://ssl.gstatic.com https://clients1.google.com https://www.google.com https://www.googleapis.com https://pagead2.googlesyndication.com https://static.xx.fbcdn.net https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://chart.googleapis.com https://www.gstatic.com https://stats.g.doubleclick.net https://cm.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/releases/v5.7.2/css/all.css https://use.fontawesome.com/releases/v5.7.2/css/v4-shims.css https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://translate.googleapis.com; frame-src 'self' https://www.a2a.me https://web.facebook.com https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://cse.google.com https://googleads.g.doubleclick.net https://m.facebook.com https://www.facebook.com https://staticxx.facebook.com https://www.youtube.com https://www.google.com https://static.addtoany.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com; font-src 'self' https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.ttf https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-solid-900.woff2 https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-regular-400.ttf https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-regular-400.woff https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-regular-400.woff2 https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.ttf https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.woff https://use.fontawesome.com/releases/v5.7.2/webfonts/fa-brands-400.woff2 https://translate.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://stats.addtoany.com https://www.facebook.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com https://csi.gstatic.com https://translate.googleapis.com; object-src 'self'; report-uri https://kjnotes.report-uri.com/r/d/csp/enforce 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' allow-scripts; connect-src 'self' wss: www.facebook.com *.intercom.io; font-src 'self' data: maxcdn.bootstrapcdn.com fonts.gstatic.com js.intercomcdn.com; form-action 'self' www.facebook.com https://*.headbox.com; frame-ancestors *; frame-src allow-scripts assets.braintreegateway.com platform.twitter.com www.facebook.com bid.g.doubleclick.net; img-src 'self' https: data:; manifest-src 'self'; media-src 'self'; object-src 'self' allow-scripts; plugin-types application/x-shockwave-flash; script-src 'unsafe-inline' 'self' 'unsafe-eval' allow-scripts addthisevent.com track.addevent.com www.addevent.com origin-analytics-sand.sandbox.braintree-api.com api.sandbox.braintreegateway.com api.braintreegateway.com js.braintreegateway.com js.hs-scripts.com forms.hsforms.com js.hs-analytics.net maps.gstatic.com js.hsforms.net maps.googleapis.com m.addthisedge.com cdn.ravenjs.com platform.twitter.com static.ads-twitter.com analytics.twitter.com bam.eu01.nr-data.net widget.intercom.io js.intercomcdn.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com; style-src 'unsafe-inline' 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com; report-uri https://extendi.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1
script-src 'self' 'unsafe-inline' https://stats.liqd.net; block-all-mixed-content; upgrade-insecure-requests; default-src 'self' https://stats.liqd.net https://w.soundcloud.com; style-src 'self' 'unsafe-inline' 1
default-src https:; style-src 'self' 'unsafe-inline' *.liveperson.net *.addressy.com *.freshchat.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleconnerce.com *.liveperson.net *.googletagmanager.com *.yahoo.com *.facebook.net *.googleapis.com bat.bing.com *.google.com connect.facebook.com *.freshchat.com *.google-analytics.com *.googleadservices.com schwaab.oro-cloud.com *.doubleclick.net *.bootstrapcdn.com *.googlecommerce.com *.addressy.com *.lpsnmedia.net;  font-src 'self' fonts.gstatic.com data; img-src 'self' data; report-uri https://www.stampxpress.com/report.aspx 1
default-src 'self' 'report-sample'; connect-src 'self' 'report-sample' bam.nr-data.net js-agent.newrelic.com api.mixpanel.com *.pendo.io *.pendo.ouropal.com eum.instana.io user-assets.ouropal.com pendo-io-extensions.storage.googleapis.com sdr.totango.com *.typeform.com opallabs.zendesk.com fullstory.com rs.fullstory.com '' *.app.box.com *.cloudinary.com s3.amazonaws.com app.zencoder.com cloudinary-cdn.workwithopal.com i.embed.ly d3iqftjt1wcsda.cloudfront.net login.ouropal.com wss://login.ouropal.com ws://localhost:8081 localhost:8081 ws://login.ouropal.com; font-src 'self' 'report-sample' data: *.gstatic.com; frame-src 'self' 'report-sample' workwithopal.app.box.com; img-src 'self' 'report-sample' data: //login.ouropal.com/api/v1 user-assets.ouropal.com/api/v1/image_proxy bam.nr-data.net js-agent.newrelic.com api.mixpanel.com *.pendo.io *.pendo.ouropal.com eum.instana.io user-assets.ouropal.com sdr.totango.com *.typeform.com opallabs.zendesk.com fullstory.com rs.fullstory.com '' www.opalstaticassets.com static-assets.ouropal.com d3kqos85so40zc.cloudfront.net login.ouropal.com *.gstatic.com translate.google.com *.googleapis.com *.app.box.com *.cloudinary.com s3.amazonaws.com app.zencoder.com cloudinary-cdn.workwithopal.com i.embed.ly d3iqftjt1wcsda.cloudfront.net opal-elixir.herokuapp.com; media-src 'self' 'report-sample' *.app.box.com *.cloudinary.com s3.amazonaws.com app.zencoder.com cloudinary-cdn.workwithopal.com i.embed.ly d3iqftjt1wcsda.cloudfront.net opal.s3.amazonaws.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' login.ouropal.com bam.nr-data.net js-agent.newrelic.com api.mixpanel.com *.pendo.io *.pendo.ouropal.com eum.instana.io user-assets.ouropal.com sdr.totango.com *.typeform.com opallabs.zendesk.com fullstory.com rs.fullstory.com '' www.opalstaticassets.com static-assets.ouropal.com d3kqos85so40zc.cloudfront.net translate.google.com *.googleapis.com; style-src 'self' 'report-sample' 'unsafe-inline' bam.nr-data.net js-agent.newrelic.com api.mixpanel.com *.pendo.io *.pendo.ouropal.com eum.instana.io user-assets.ouropal.com sdr.totango.com *.typeform.com opallabs.zendesk.com fullstory.com rs.fullstory.com '' www.opalstaticassets.com static-assets.ouropal.com d3kqos85so40zc.cloudfront.net login.ouropal.com *.gstatic.com translate.google.com *.googleapis.com opal-elixir.herokuapp.com; report-uri /log/csp_violation 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; report-to https://mercedesforum.report-uri.com/r/d/csp/enforce 1
script-src 'nonce-tGuKANDGIaZbn3oan_FOEA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/wholesalesalonequipment.com; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://cdn.vsadu.ru/csp_report 1
script-src 'nonce-gtxFL75jHGf690YJ-33s6Q' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://use.typekit.net https://performance.typekit.net https://platform.twitter.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com;img-src 'self' data: data https://cdn.reliant.org https://reliantorg.blob.core.windows.net https://p.typekit.net https://www.google-analytics.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://ajax.googleapis.com https://syndication.twitter.com https://www.facebook.com https://da7xgjtj801h2.cloudfront.net/2016.1.112/styles/Silver/sprite.png;media-src 'self' https://player.vimeo.com;font-src 'self' data: data https://use.typekit.net https://fonts.typekit.net https://fonts.gstatic.com;connect-src 'self' https://api.reliant.org https://reliant.org https://www.reliant.org https://reliantorg.blob.core.windows.net https://performance.typekit.net;child-src 'self' https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com;frame-ancestors 'self' https://gcmapp.net https://www.gcmapp.net;report-uri /Handlers/CSP_handler.ashx 1
child-src maps.google.com vars.hotjar.com www.google.com 8970761.fls.doubleclick.net; connect-src 'self' cvcheck.supporthero.io dev.visualwebsiteoptimizer.com in.hotjar.com stats.g.doubleclick.net vc.hotjar.io www.facebook.com www.google-analytics.com; style-src 'unsafe-inline' 'unsafe-eval' 'self'; default-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdn.heapanalytics.com connect.facebook.net cvcheck.supporthero.io d14jnfavjicsbe.cloudfront.net d29l98y0pmei9d.cloudfront.net dev.visualwebsiteoptimizer.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.hotjar.com stats.g.doubleclick.net tag.getdrip.com www.facebook.com www.google-analytics.com www.googletagmanager.com vars.hotjar.com heapanalytics.com api.getdrip.com www.google.com vc.hotjar.io www.google.com.au p.adsymptotic.com; font-src 'self' data; form-action 'self' dev.visualwebsiteoptimizer.com www.facebook.com; frame-src dev.visualwebsiteoptimizer.com vars.hotjar.com www.facebook.com cvcheck.supporthero.io 8970761.fls.doubleclick.net; img-src 'self' bat.bing.com data dev.visualwebsiteoptimizer.com heapanalytics.com p.adsymptotic.com px.ads.linkedin.com stats.g.doubleclick.net useruploads.visualwebsiteoptimizer.com www.facebook.com www.google-analytics.com www.google.co.nz www.google.com www.google.com.au www.linkedin.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' api.getdrip.com bat.bing.com cdn.heapanalytics.com connect.facebook.net dev.visualwebsiteoptimizer.com script.hotjar.com snap.licdn.com static.hotjar.com tag.getdrip.com www.google-analytics.com www.googletagmanager.com d14jnfavjicsbe.cloudfront.net d29l98y0pmei9d.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.getdrip.com bat.bing.com cdn.heapanalytics.com connect.facebook.net dev.visualwebsiteoptimizer.com script.hotjar.com static.hotjar.com tag.getdrip.com www.google-analytics.com www.googletagmanager.com snap.licdn.com d14jnfavjicsbe.cloudfront.net d29l98y0pmei9d.cloudfront.net; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline';  report-uri https://cvcheck.report-uri.com/r/d/csp/wizard 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fpartners&source%5Buuid%5D=832c4ec92de1498e5ca120b6751d15b5 1
require-sri-for script style; default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://adhive.com/account/fwk/csp/report 1
script-src 'nonce-ZvqWDTwluUXZOXREUGt0Xw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'none'; connect-src * data:; media-src 'self' https: blob:; font-src 'self' data:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; base-uri 'self'; manifest-src 'self'; frame-src 'self'; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s.ytimg.com https://cdn-images.mailchimp.com https://s3.amazonaws.com; script-src-elem 'self' https://visionkino.de/piwik/piwik.js; script-src 'self' 'unsafe-inline' https://visionkino.de/piwik/piwik.js https://www.visionkino.de/ https://s.ytimg.com https://www.google.com; font-src 'self' https://fonts.gstatic.com/ https://www.google.com; connect-src 'self' https://www.visionkino.de/filmtipps/ https://www.visionkino.de/piwik/piwik.php; report-uri https://www.visionkino.de/report/report.php; frame-src https://www.google.com https://www.youtube.com https://player.vimeo.com https://www.youtube-nocookie.com https://player.theplatform.com; img-src 'self' data https://*.vimeocdn.com/ https://i.ytimg.com https://visionkino.de/piwik/piwik.php; media-src https://www.youtube-nocookie.com https://*.googlevideo.com; 1
default-src 'self';script-src 'self' 'nonce-IlAkxAnVwLKwhoZ90QR/' *.jquery.com *.google.com *.youtube.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cloudflare.com unpkg.com *.sharethis.com *.ytimg.com;style-src 'self' 'unsafe-inline' 'nonce-HfFTOiCBPVmYlRdoBT/W' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net via.placeholder.com *.sharethis.com data: waspshubmedia.blob.core.windows.net;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com;font-src 'self' *.gstatic.com data:;connect-src 'self' query.yahooapis.com *.sharethis.mgr.consensu.org *.pingdom.net *.sharethis.com 1
script-src 'nonce-Pli8-Nn29ac6We8f2V2Pmw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.maps.google.com/ *.sharethis.com/ *.twitter.com/ *.twimg.com/ *.googleapis.com/ *.gravatar.com/ *.wpengine.com/ *.netdna-ssl.com/ *.lenderlawwatch.com/ *.enforcementwatch.com/ *.siteimprove.com/ *.addthis.com/ *.google-analytics.com/ *.simplecast.com  *.brightcove.net/ data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.com/ *.google.com/ *.sharethis.com/ *.twitter.com/ *.twimg.com/ *.googleapis.com/ *.twitter.com/ *.gravatar.com/ *.staging.wpengine.com/ *.googletagmanager.com/ *.cloudflare.com/ *.addthis.com/ *.gstatic.com/ *.google-analytics.com/ *.googletagmanager.com/ *.addthisedge.com/; style-src 'self' 'unsafe-inline' *.google.com/ *.sharethis.com/ *.twitter.com/ *.twimg.com/ *.googleapis.com/ *.gravatar.com/ *.wpengine.com/; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly; frame-src 'self' *.goodwinlaw.com/ *.goodwinfoundersworkbench.com/ *.google.com/ *.sharethis.com/ *.twitter.com/ *.sharethis.com/ *.twimg.com/ *.googleapis.com/ *.gravatar.com/ *.staging.wpengine.com *.addthis.com/ *.simplecast.com  *.brightcove.net/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ng&source%5Bsection%5D=brochure&source%5Buuid%5D=9296efaa9f67b5fe6aaae2a7a51f03bc 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.gstatic.com *.googleapis.com www.googletagmanager.com smartlock.google.com www.google-analytics.com accounts.google.com cdnjs.cloudflare.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: mtd.org *.medium.com *.gstatic.com *.ggpht.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.googleusercontent.com www.google.com www.gravatar.com *.umbraco.org; font-src 'self' data: *.gstatic.com; connect-src 'self' *.mtd.org cdnjs.cloudflare.com *.gstatic.com www.google-analytics.com *.googleapis.com www.googletagmanager.com smartlock.google.com maps.googleapis.com stats.g.doubleclick.net; media-src 'self' ; frame-src 'self' www.google.com www.youtube.com smartlock.google.com; worker-src 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-scripts allow-same-origin allow-scripts allow-top-navigation allow-presentation; base-uri https://mtd.org; manifest-src 'self'; report-uri https://ridemtd.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.dk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.dk *.spreadshirt.dk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.dk ; font-src 'self' https: data: *.spreadshirt.dk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.dk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.dk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net ; connect-src 'self' *.typekit.net *.umbraco.org *.openstreetmap.org ws://lefier.nl ; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org ; frame-ancestors 'self' ;  1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.affiliate-deals.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src 'self' fonts.googleapis.com/ fonts.gstatic.com/ maps.googleapis.com maps.gstatic.com; script-src-elem 'self' 'sha256-SUMoQXADPHhC/VqdTBPxdoFKM/7ldYBKB9bu6cs1Ghc=' 'sha256-63tQK8u58788zIKh9HJKbPZ+6upLHSTYoD5BCI2C0rM=' 'sha256-/wVhDXT/aX1aZihdw4yXsUwlTQJ7edi1pLRxsdgMkLE=' 'sha256-uO06lhe1Rmfuf3JaUe3Pi/K86JaQP/SFc2gbXMNQwNk=' 'sha256-Caz0pfd5N8tfNllldOTj071pNpIkLedgSBfFLhl1YFU=' d1gwclp1pmzk26.cloudfront.net my.clickdesk.com https://www.googletagmanager.com cdn.pubnub.com maps.googleapis.com cdnjs.cloudflare.com www.google-analytics.com *.newvehicle.info newvehicle.info; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com my.clickdesk.com d1gwclp1pmzk26.cloudfront.net newvehicle.info cdn.pubnub.com my.newvehicle.com js.logentries.com maps.googleapis.com mts.googleapis.com www.google-analytics.com *.newvehicle.info cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *.newvehicle.com fonts.googleapis.com; style-src-elem 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ewpJjVyHlGRD4wd5iDlCcgJrRnoD9w3aIKyjVVNTcQA=' 'sha256-odUdOVA4f6zj7jeDmiQdGKPsZC5r0b3aue8zOmKxwS4=' 'sha256-EhVgrLTLlIZA3xPYEcMIPlFSe2dWSNdGk4fje96TdfM=' 'sha256-IOu9ch4tHzwwO/sbuNcAjKlhwKWAyhqVvzCuuvd79+I=' 'sha256-Py0IyTj7JrX32cWcHRETuvraOlHeOdUJqw4DzCfKSMs=' d1gwclp1pmzk26.cloudfront.net fonts.googleapis.com; img-src 'self' d1gwclp1pmzk26.cloudfront.net www.gstatic.com stats.g.doubleclick.net d2bkdfyoj2xgsx.cloudfront.net/ data: *.newvehicle.com d2bkdfyoj2xgsx.cloudfront.net csi.gstatic.com fast.wistia.com embedwistia-a.akamaihd.net *.googleapis.com *.ggpht.com maps.gstatic.com *.newvehicle.info www.google-analytics.com newvehicle.info; font-src 'self' my.clickdesk.com *.newvehicle.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com distillery.wistia.com pipedream.wistia.com *.pubnub.com *.pndsn.com js.logentries.com *.newvehicle.info stats.g.doubleclick.net newvehicle.info; media-src 'self' embedwistia-a.akamaihd.net; frame-src 'self' fast.wistia.net; worker-src 'self'; frame-ancestors 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; base-uri *.newvehicle.com; manifest-src 'self'; report-uri https://ivreport.report-uri.com/r/t/csp/enforce; 1
default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1
default-src 'self' *.oktacdn.com schumacher.okta.com; connect-src 'self' *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com *.authenticatorlocalprod.com:* *.authenticatorlocaldev.com:* schumacher.okta.com schumacher-admin.okta.com schumacher.kerberos.okta.com https://oinmanager.okta.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.oktacdn.com; style-src 'unsafe-inline' 'self' *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' login.okta.com; img-src 'self' *.oktacdn.com schumacher.okta.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data:; font-src data: 'self' *.oktacdn.com; report-uri https://okta.report-uri.com/r/d/csp/reportOnly; report-to csp-report 1
script-src 'nonce-02vYyFZNy2qdkoNA6VKw2Q' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src 'self' syndication.twitter.com; script-src js.tyrol.tl 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.tyrol.tl css.tyrol.tl www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.tyrol.tl js.tyrol.tl; font-src css.tyrol.tl; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
script-src 'nonce--pl1F2fjSlwund394uDOmw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-BeKDWootSzh48w==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src 'self'; connect-src 'self' m.addthis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com gstatic.com cse.google.com ajax.aspnetcdn.com www.google-analytics.com *.addthis.com *.addthisedge.com *.googleapis.com cdnjs.cloudflare.com *.facebook.com *.linkedin.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' hello.myfonts.net www.google.com; img-src *; frame-src 'self' *.addthis.com pages.exacttarget.com; font-src 'self'; report-uri /API/Contact/SecurityPolicyHeaderAPI/Report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com platform.twitter.com connect.facebook.net *.addthis.com *.doubleclick.net; img-src 'self' *.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' *.addthis.com *.doubleclick.net; media-src 'self' *.youtube.com; child-src 'self' *.youtube.com apis.google.com accounts.google.com *.googletagmanager.com platform.twitter.com *.addthis.com *.doubleclick.net *.facebook.com 1
default-src https:; child-src blob: https: ; report-uri /csp-report 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'none'; base-uri https: data:; object-src; font-src https: data:; script-src 'nonce-9350523d-574a-4abe-9143-b6bdaec9f511' https: 'unsafe-inline' 'nonce-xzQIPBBH5TiBA66wDja6+k/e' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
frame-ancestors 'self'; report-uri /csp/report/; 1
default-src 'self' 'unsafe-inline' data: static.medallia.com bugreport.medallia.com https://www.google-analytics.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ cdn.medallia.com https://*.cdn.survey.medallia.com/ https://col.eum-appdynamics.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-a85d57d238ba82c078c1849c18374204' static.medallia.com bugreport.medallia.com https://www.google-analytics.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://chart.googleapis.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ cdn.medallia.com https://*.cdn.survey.medallia.com/ https://col.eum-appdynamics.com/ https://s3.amazonaws.com/cdn.m8s.io/ https://s3.amazonaws.com/cdn.medallia.com/ https://nebula-cdn.kampyle.com/; report-uri /csp-report/; 1
default-src 'self'; base-uri 'self'; child-src 'self' www.google.com www.google.com/recaptcha/ secure.livechatinc.com *.hotjar.com pliki.drukomat.pl; connect-src 'self' ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net sentry.drukomat.co cdn.livechatinc.com secure.livechatinc.com *.hotjar.com wss://*.hotjar.com; font-src 'self' fonts.gstatic.com cdn.livechatinc.com themes.googleusercontent.com netdna.bootstrapcdn.com *.hotjar.com; frame-src www.google.com *.hotjar.com www.facebook.com pliki.drukomat.pl; img-src 'self' data: www.google-analytics.com google.com www.google.com www.google.pl www.googletagmanager.com stats.g.doubleclick.net doubleclick.net secure.livechatinc.com *.hotjar.com www.facebook.com; media-src 'self' cdn.livechatinc.com; object-src 'none'; script-src 'self' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com/ajax/libs/jquery/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googleadservices.com googleads.g.doubleclick.net doubleclick.net accounts.livechatinc.com secure.livechatinc.com cdn.livechatinc.com cdn.tinymce.com code.jquery.com netdna.bootstrapcdn.com *.hotjar.com connect.facebook.net 'unsafe-inline' 'sha256-Pkrk7EQUCze/+y2ieQcihkqf20ngyO1o8p0bLJqEUEg=' 'sha256-uMiZF3RZI97FvRgrlzwslsLxEGe29zZScS5xaaa7TUE=' 'sha256-pVB3lNfp0odVt0PJnQDql9YIuaaYWPnhkhPi83ixJVI=' 'sha256-W1l2HBr6oZTs8/ruQo3exVbDgpi1tLF5mFJCnMOlSG4='; style-src 'self' fonts.googleapis.com code.jquery.com cdn.livechatinc.com netdna.bootstrapcdn.com; report-uri https://sentry.drukomat.co/api/6/csp-report/?sentry_key=0a78d5cc04564c5d8a0ffffe654389bb 1
default-src 'self' *.mcl.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://chat.mcl.de https://ssl.livezilla.net/ https://d10lpsik1i8c69.cloudfront.net *.doofinder.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://static.dvinci-easy.com/files/job-widget-v1/dvinci-job-widget-full-1.0.0.min.js *.mcl.de/* https://*.pusher.com https://trackcmp.net/ https://prism.app-us1.com; style-src 'self' 'unsafe-inline' https://chat.mcl.de https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net https://static.dvinci-easy.com/files/job-widget-v1/dvinci-job-widget-1.0.0.min.css *.mcl.de/*; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net https://media-shop-stage.mcl.de https://media-shop-test.mcl.de https://media-shop-dev.mcl.de https://media.mcl-content.de https://www.facebook.com https://www.google.com https://www.google.de https://chat.mcl.de https://d10lpsik1i8c69.cloudfront.net *.doofinder.com *.mcl.de/* https://www.google.rs; connect-src 'self' https://www.google-analytics.com https://pubsub.googleapis.com wss://in.visitors.live wss://visitors.live https://settings.luckyorange.net *.doofinder.com *.mcl.de/* wss:; font-src 'self' https://fonts.gstatic.com; object-src 'self'; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://www.facebook.com; form-action 'self' https://www.facebook.com; report-uri /csp/report.php; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://rr1.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-4e6bce99-186f-410a-9cb6-8227ac75a912' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.disqus.com *.disquscdn.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.pinterest.com *.youtube.com disqus.com s.ytimg.com stephband.info https://thirdhour.org; connect-src https:; font-src data: https:; form-action https:; frame-src https:; child-src https:; img-src data: https:; manifest-src https:; media-src https:; object-src https:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://coinflex.com; connect-src https://coinflex.com https://stats.g.doubleclick.net; font-src 'self' *.fontawesome.com *.googleapis.com *.gstatic.com data: https://coinflex.com; form-action 'self' data: https://coinflex.com https://secure.gravatar.com https://stats.g.doubleclick.net https://www.coinflex.com https://www.google-analytics.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com https://ajax.googleapis.com https://coinflex.com https://secure.gravatar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com; child-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com https://ajax.googleapis.com https://coinflex.com https://secure.gravatar.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com; img-src 'self' *.coinflex.com *.google-analytics.com data: https://coinflex.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.googletagmanager.com https://coinflex.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.googleapis.com fontawesome.com https://ajax.googleapis.com https://cdn.jsdelivr.net/ https://coinflex.com; worker-src blob: https://coinflex.com/ 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com www.travelinescotland.com; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src http: https:; script-src data: 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https:; img-src data: http: https:; font-src data: http: https:; connect-src http: https: wss://ws3.hotjar.com; report-uri https://webstores.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/; report-uri //report-csp-violation 1
report-uri https://purejs.report-uri.com/r/d/csp/reportOnly; default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://adservice.google.com https://adservice.google.co.nz https://securepubads.g.doubleclick.net https://ajax.googleapis.com https://*.addthis.com https://dashboard.presspatron.com https://www.googletagservices.com https://ssl.google-analytics.com https://m.addthisedge.com https://graph.facebook.com https://adservice.google.es https://adservice.google.co.uk https://adservice.google.com.au https://adservice.google.co.in; style-src 'self' 'unsafe-inline' https://www.theatreview.org.nz; img-src 'self' https://www.theatreview.org.nz http://twitter-badges.s3.amazonaws.com https://ssl.google-analytics.com https://www.google.com https://dashboard.presspatron.com https://m.addthis.com; connect-src 'self' https://m.addthis.com https://csi.gstatic.com https://www.google.com https://securepubads.g.doubleclick.net https://ssl.google-analytics.com; frame-src 'self' https://s7.addthis.com https://dashboard.presspatron.com https://tpc.googlesyndication.com; 1
default-src 'unsafe-inline' 'unsafe-eval' data: https:; report-uri https://shl.betfair.com/csp 1
default-src 'none'; child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-d2ae14f8-af73-4f2b-8432-b9017a985fa6' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:;font-src https: data:; report-uri /csp-report 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; font-src  'self'; img-src 'self'; script-src 'self'; style-src 'self'; report-uri 'https://esy2xkdt.uriports.com/reports/report'; report-to 'default' 1
block-all-mixed-content; report-uri https://coeteco.report-uri.com/r/t/csp/reportOnly 1
default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; style-src 'unsafe-inline'; upgrade-insecure-requests; report-uri /csp-violation-report-endpoint/ 1
default-src 'none'; img-src https://www.proefjes.nl/images/; script-src https://www.proefjes.nl/scripts/; style-src https://www.proefjes.nl/styles/; form-action 'none'; base-uri https://www.proefjes.nl/; frame-ancestors 'none'; 1
default-src 'none'; script-src 'self' twitter.com google.com; img-src *; 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://62.232.0.117 http://deriv.nls.uk http://maps.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/sp-live ; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://support.stnhost.com/csp/record-bad-https.php 1
script-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com *.gstatic.com seal-easttexas.bbb.org *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com cdnjs.cloudflare.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/content_policy_violation.php 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'self' https:; script-src 'self' https: 'nonce-35c77a5e' 'nonce-gtm-35c77a5e' 'strict-dynamic' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: wss://ebaymag.com/ wss://ebaymag.com:443/; font-src 'self' https: data:; object-src 'none'; base-uri 'none'; img-src 'self' https: data:; report-uri https://ebaymag.com/csp/report 1
default-src https: data: 'unsafe-eval' 'unsafe-inline';     	font-src data: 'self';     	report-uri https://gaa.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tpc.googlesyndication.com; font-src cdnjs.cloudflare.com fonts.gstatic.com tpc.googlesyndication.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.cloudflare.com *.googletagservices.com *.googlesyndication.com partner.googleadservices.com *.google-analytics.com js-agent.newrelic.com *.nr-data.net *.doubleclick.net js.gleam.io; frame-src *.doubleclick.net *.googlesyndication.com gleam.io; connect-src 'self' *.google.com csi.gstatic.com tpc.googlesyndication.com securepubads.g.doubleclick.net; report-uri https://8d2b428ee407306b4542daeaa267dcf8.report-uri.io/r/default/csp/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://platform.linkedin.com https://maps.googleapis.com https://www.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://code.jquery.com  https://ajax.googleapis.com  https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; img-src 'self' data: https://csi.gstatic.com https://www.googletagmanager.com  https://maps.gstatic.com https://*.googleapis.com https://code.jquery.com https://stats.g.doubleclick.net https://www.google-analytics.com; connect-src 'self' https://videoram.com https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; frame-src 'self' https://platform.twitter.com https://www.facebook.com https://pwm-image.trendmicro.com https://www.youtube.com https://*.google.com; report-uri https://hooks.zapier.com/hooks/catch/4514935/o2sjzhe/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri https://ht.kiev.ua/csp-report/; 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net http://m.addthis.com http://m.addthisedge.com http://s7.addthis.com https://www.google-analytics.com http://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' data: 'unsafe-inline' ; img-src * https://www.google-analytics.com https://www.google.co.uk https://www.google.com; connect-src 'self' http://s7.addthis.com http://m.addthis.com; frame-src http://s7.addthis.com; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-N793Ha1EyWgLqbYLFSfuPB0fUXs' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' https://cdn.transporters.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: https://maps.googleapis.com https://js.intercomcdn.com/ https://cdn.transporters.io; style-src * 'unsafe-inline' ; img-src * 'self' data: blob:; font-src * 'self' data: ; connect-src * 'self' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://www.youtube.com https://player.vimeo.com https://fast.wistia.net http://api.mixpanel.com wss://ws-eu.pusher.com wss://api.appcues.net wss://chunderw-vpc-gll.twilio.com wss://visitors.live wss://in.visitors.live settings.luckyorange.net api.appcues.net js.intercomcdn.com; media-src * ; child-src 'self' https://share.intercom.io https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' https://syndication.twitter.com https://staticxx.facebook.com https://apis.google.com https://platform.twitter.com https://accounts.google.com headway-widget.net https://my.appcues.com https://www.facebook.com https://www.youtube.com https://js.stripe.com https://transporters.io; report-uri https://transportersio.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fi ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.fi *.spreadshirt.fi ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.fi ; font-src 'self' https: data: *.spreadshirt.fi ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fi ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fi ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
frame-ancestors 'none';      base-uri 'self';      default-src 'self' https://static.wolt.com/;      connect-src 'self' https://sentry.io *.intercom.io wss://nexus-websocket-a.intercom.io https://restaurant-api.wolt.com sessions.bugsnag.com notify.bugsnag.com https://authentication.wolt.com prod-videos.wolt.com https://courier-api.wolt.com wa.appsflyer.com wa.onelink.me https://static.wolt.com/ *.google-analytics.com uploads.intercomcdn.com js.intercomcdn.com      stats.g.doubleclick.net www.facebook.com web.facebook.com graph.facebook.com      z-p3-graph.facebook.com api2.branch.io api.lever.co https://auth.wolt.com;      font-src 'self' data: js.intercomcdn.com fonts.gstatic.com uploads-ssl.webflow.com https://static.wolt.com/;      style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com tagmanager.google.com      uploads-ssl.webflow.com https://static.wolt.com/;      img-src data: https:;      script-src 'self' 'nonce-1jE6ozglISV0gyGdYjr70aNXqAvwL3FFgtxKOZovgWI=' js.intercomcdn.com cdn.branch.io connect.facebook.net https://static.wolt.com/ *.google-analytics.com tagmanager.google.com www.googletagmanager.com uploads-ssl.webflow.com      widget.intercom.io cdn.appsflyer.com *.googleapis.com bam.nr-data.net js-agent.newrelic.com      d1tdp7z6w94jbb.cloudfront.net cdn.wolt.com d3e54v103j8qbb.cloudfront.net      core.spreedly.com;      object-src 'none';      media-src blob: cdn.wolt.com js.intercomcdn.com prod-videos.wolt.com;      worker-src blob:;      frame-src https:;      child-src https:;      report-uri https://sentry.io/api/1433537/security/?sentry_key=6e2826809a1a476ab2c9aa8f03059910&sentry_environment=production 1
default-src 'self'; script-src https://www.meta.org 'self' https://cdn.split.io https://cdn.segment.com https://static.zdassets.com https://cdn.tt.omtrdc.net https://chanzuckerberginitia.tt.omtrdc.net https://www.google-analytics.com https://connect.facebook.net https://sczimetaprod.112.2o7.net https://g.3gl.net https://*.appcues.com 'sha256-paq8+WqUzSOxxoNbBRGI1F4/BFCYHTJ5UzwJBhUJz7E=' 'sha256-eidyCkg2danG17C9fZzhZldEmrvc2mvl4VTLqUQ6iTA=' 'sha256-JFaR/qkbjWPZg08Af+AbnNmSCKjhm+iiXW9KIhkF0Hk=' 'sha256-m5ynRuriW968nCaqAHEVZh5n23gbkA8SWJce5pg3Hjk=' 'sha256-4+qHbxclDjKeAycaFhkyOZXjWsftG19w8li//AT4rJw='; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.appcues.com https://assets.beta.meta.org/; font-src 'self' data: https://assets.beta.meta.org/; img-src 'self' https://sci-assets-prod.s3.amazonaws.com https://assets.beta.meta.org/; media-src 'self' https://metascience.wistia.com; frame-src 'self' https://czi.demdex.net login.meta.org https://*.appcues.com https://fast.wistia.net/; report-uri https://aps-csp-report.prod.meta-infra.org/v1/csp-violation-report; object-src 'none'; connect-src member-http.prod.meta-infra.org search-http.prod.meta-infra.org feed-http.prod.meta-infra.org assets.beta.meta.org library-http.prod.meta-infra.org login.meta.org 'self' https://api.segment.io https://sdk.split.io https://ekr.zdassets.com https://metaorg.zendesk.com https://sczimetaprod.112.2o7.net https://events.split.io https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://api.airbrake.io https://r.3gl.net/hawklogserver/r.p https://*.appcues.com wss://api.appcues.net 1