Values for content-security-policy-report-only:
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 593
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 271
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 163
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 132
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport 73
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; report-uri https://hi.report-uri.io/r/default/csp/reportOnly 51
report-uri /_/csp-reports/ 51
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 49
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://firmsites.report-uri.com/r/t/csp/reportOnly 29
frame-ancestors 'self'; report-uri https://csp-report.airfrance.fr/ 29
default-src https 'self' *.publishing.service.gov.uk localhost; img-src data: 'self' *.publishing.service.gov.uk localhost www.google-analytics.com ssl.google-analytics.com assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk localhost www.google-analytics.com ssl.google-analytics.com www.signin.service.gov.uk *.ytimg.com www.youtube.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk localhost 'unsafe-inline'; font-src data: 'self' *.publishing.service.gov.uk localhost; connect-src 'self' *.publishing.service.gov.uk localhost www.google-analytics.com ssl.google-analytics.com www.tax.service.gov.uk www.signin.service.gov.uk; object-src 'none'; frame-src www.youtube.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 29
27
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://studio.digital.vistaprint.com/csp/report/published 23
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 23
default-src ms-appx-web: data: blob: webviewprogressproxy: ws: wss: https: 'unsafe-inline' 'unsafe-eval'; font-src data: https: blob:; img-src http: https: data: blob: android-webview-video-poster: android-webview:; script-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; media-src data: https: blob:; report-uri https://felix.data.tm-awx.com/cspReport 21
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 18
default-src 'self'; img-src *; font-src 'self' https://public-assets.envato-static.com; media-src 'self' https://preview.s3.envato.com https://previews.customer.envatousercontent.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public-assets.envato-static.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://js.intercomcdn.com https://widget.intercom.io https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://public-assets.envato-static.com; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://api-iam.intercom.io https://waveform.customer.envato.com; report-uri 18
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; report-uri https://csp.archant.co.uk/report 16
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 12
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 10
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; report-uri https://ls.getresponse.com/log/csp_report?source=www 10
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 9
default-src 'self' 9
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 9
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://www.sovendus.com/ https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://translate.googleapis.com; img-src 'self' data: http: https:; frame-src https:; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; connect-src 'self' https://*.pndsn.com https://www.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.sovendus.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io; object-src 'none';	 worker-src 'self';	 ;script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://*.custhelp.com https://*.ioam.de;frame-ancestors 'self';report-uri /ls/?reportOnly=true 8
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 7
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 7
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://draft.blogger.com/cspreport 7
img-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /lytics/cspreport?api=1 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=anonweb 6
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 6
object-src *.kidsa-z.com *.content.kidsa-z.com *.writinga-z.com; script-src 'self' *.google-analytics.com https://www.googletagmanager.com bat.bing.com https://playerserver.walkme.com https://*.learnosity.com https://*.kidsa-z.com https://*.content.kidsa-z.com 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri /api/csp-report; 6
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 6
default-src * 'unsafe-eval' 'unsafe-inline'  data:;report-uri //pointman.alibaba.com/csp?app=ae_default 6
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report;  6
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 6
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://1yl2eds5mhyzuzjhwlcikwnp.httpschecker.net/report 5
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 5
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 5
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 5
default-src 'self'; script-src blob: https://*.ytimg.com https://*.youtube.com https://*.wargaming.net https://*.gcdn.co https://u360.d-bi.fr https://*.adroll.com https://pixel-geo.prfct.co https://s.adroll.com *.wgcdn.co https://tag.marinsm.com https://*.hypercomments.com https://*.cedexis-test.com https://bat.bing.com https://bam.nr-data.net https://*.addthisedge.com https://*.addthis.com https://*.cedexis.com https://*.facebook.net https://*.fastlylb.net https://*.adform.net https://js-agent.newrelic.com http://*.wargaming.net *.google-analytics.com www.google-analytics.com ajax.googleapis.com https://*.google.ru https://*.google.com https://*.criteo.com https://dl.metabar.ru https://*.doubleclick.net https://embedr.flickr.com https://*.fbcdn.net https://*.cloudfront.net *.googleadservices.com *.googletagmanager.com cdn-cm.gcdn.co *.worldoftanks.com https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.gcdn.co http://*.wgcdn.co https://*.wgcdn.co https://static.hypercomments.com https://*.wargaming.net http://*.wargaming.net https://*.fastlylb.net *.worldofwarships.ru *.googleapis.com 'unsafe-inline'; img-src data: * 'self';font-src data: https://*.gcdn.co http://*.wgcdn.co https://*.wgcdn.co https://*.wargaming.net http://*.wargaming.net fonts.gstatic.com https://*.adform.net https://*.fastlylb.net; frame-src https://*.wargaming.net https://static.hypercomments.com https://*.youtube.com https://*.linkedin.com https://*.cedexis.com https://*.cloudfront.net https://*.cedexis-test.com http://*.wargaming.net https://*.doubleclick.net https://*.criteo.com https://*.fbcdn.net https://player.twitch.tv https://embedr.flickr.com https://*.facebook.com https://*.addthis.com https://dl.metabar.ru https://*.hypercomments.com https://*.fastlylb.net *.googletagmanager.com https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.google.com; report-uri https://cspreport.wargaming.net/cspreport; connect-src *.criteo.com *.google-analytics.com https://*.worldofwarships.ru https://*.worldofwarships.asia wss://*.hypercomments.com https://*.hypercomments.com https://*.worldofwarships.com https://*.worldofwarships.eu www.google-analytics.com https://*.cedexis.com https://*.cloudfront.net https://embedr.flickr.com https://*.facebook.com https://*.cedexis-radar.net https://*.addthis.com https://*.fastlylb.net https://*.wargaming.net http://*.wargaming.net https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.googleapis.com 'self'; media-src https://*.wgcdn.co https://*.gcdn.co https://*.adform.net https://worldofwarships.com; object-src https://*.worldofwarships.ru 4
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 4
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://csp.ffx.io/ 4
frame-ancestors 'self'; report-uri /stf/reportiframe 4
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.pinterest.com https://at.iocnt.net https://cdn.onthe.io https://cdn.syndication.twimg.com https://connect.facebook.net https://js.pusher.com https://pinpoll.com https://platform.instagram.com https://platform.twitter.com https://script-at.iocnt.net https://secure.widget.cloud.opta.net https://static.cleverpush.com https://tagmanager.google.com https://tools.pinpoll.com https://tt.onthe.io https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.riddle.com https://kurier.mediakey.at https://emeter-uat.mppapi.io https://6345355.fls.doubleclick.net https://a.teads.tv https://ad.360yield.com https://ad.doubleclick.net https://ad1.adfarm1.adition.com https://ad3.adfarm1.adition.com https://adservice.google.at https://adservice.google.com https://adservice.google.de https://asn.advolution.de https://at.f11-ads.com https://bs.serving-sys.com https://cdn.ampproject.org https://cdn.content-garden.com https://cdn.digitru.st https://ced-ns.sascdn.com https://ced.sascdn.com https://cm.g.doubleclick.net https://code.createjs.com https://code.jquery.com https://creatives-cached.yoc.com https://creatives.yoc.com https://dsp.adfarm1.adition.com https://dt.adsafeprotected.com https://ec-ns.sascdn.com https://geo.moatads.com https://googleads4.g.doubleclick.net https://image6.pubmatic.com https://imagesrv.adition.com https://imasdk.googleapis.com https://log.outbrainimg.com https://mb.moatads.com https://mv.outbrain.com https://odb.outbrain.com https://pagead2.googlesyndication.com https://pixel.adsafeprotected.com https://prg.smartadserver.com https://px.moatads.com https://s.vi-serve.com https://s.visx.net https://s0.2mdn.net https://s1.adform.net https://s248.meetrics.net https://s248.mxcdn.net https://s8t.teads.tv https://secure-ds.serving-sys.com https://securepubads.g.doubleclick.net https://simage4.pubmatic.com https://smart.styria-digital.com https://static.adsafeprotected.com https://static.kurier.at https://streaming.grm-pro.com https://studio-t.teads.tv https://sync.teads.tv https://t.teads.tv https://t.visx.net https://tpc.googlesyndication.com https://track.adform.net https://widgets.outbrain.com https://www.google.com https://www.googletagservices.com https://z.moatads.com; object-src 'none'; worker-src 'self' blob:; report-uri https://csp.telekurier.at/reportOnly 4
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.eu.mywebsite-editor.com/app/reporting/policyviolation/submit 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 4
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 4
frame-ancestors 'self'; report-uri https://report.csp.api.brightspace.com/report; 4
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.intele.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.intele.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se data:;media-src https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.intele.com https://fonts.googleapis.com 4
block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 4
default-src https: data: 'unsafe-inline' 'unsafe-eval' 4
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 3
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://xwelwwpuuvpczsupwp77cb6n.httpschecker.net/report 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://n58to1i9pk.execute-api.eu-west-1.amazonaws.com/prod/sitemailalerts 3
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 3
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 3
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: about:;connect-src 'self' https://www.deviantart.com wss://hub.deviantart.net/connection/websocket https://frog.wix.com https://pay.wix.com https://orderpage.wix.com;report-uri https://www.deviantart.com/backend/csp/report 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 3
block-all-mixed-content; report-uri https://www.wp.pl/v1/csplog 3
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 3
report-uri /report-csp-violation 3
default-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www.webmd.com/cspreporting/csp-violation-rpt 3
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 3
default-src https: 3
block-all-mixed-content; report-uri https://us4.nimblecommerce.com/csp-violation.action 3
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 3
default-src https: blob:; connect-src https: wss:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; report-uri /csp-violation-endpoint/ 3
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 2
default-src https: 'self' data: blob:;connect-src https: wss:;worker-src blob:;style-src 'self' 'unsafe-inline' https:;img-src blob: https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;report-uri https://14476b3c1fbefa82d88a223619761092.report-uri.com/r/d/csp/reportOnly; 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://fivethirtyeight.report-uri.io/r/default/csp/reportOnly 2
connect-src cgchat.callguide.telia.com 'self' pwe.callguide.telia.com www.google.com telia.humany.net www.google-analytics.com stats.g.doubleclick.net www.google.se; default-src 'none'; font-src 'self' data:; frame-src www.telia.se 'self' *.doubleclick.net go.pardot.com; img-src 'self' www.google.com data: www.google-analytics.com stats.g.doubleclick.net www.google.se; script-src 'unsafe-inline' 'self' www.googletagmanager.com core.dch.got.telia.se www.google-analytics.com; style-src 'unsafe-inline' 'self' core.dch.got.telia.se 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
frame-ancestors 'none'; report-uri /csp_logger/; 2
default-src 'self'; upgrade-insecure-requests; report-uri https://sentry.io/api/1315887/security/?sentry_key=1983e1d566b64ce2a5e58cff9a2e859d&sentry_environment=staging; report-to https://sentry.io/api/1315887/security/?sentry_key=1983e1d566b64ce2a5e58cff9a2e859d&sentry_environment=staging; script-src 'self' https://assets1.cleartax-cdn.com https://www.google-analytics.com https://ssl.google-analytics.com ; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://assets1.cleartax-cdn.com https://fonts.googleapis.com; img-src 'self' https://assets1.cleartax-cdn.com; 2
default-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-inline' data: https: wss:;font-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com akamai.com cloudinary.com res.cloudinary.com data: https:;img-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com akamai.com cloudinary.com res.cloudinary.com data: https:;media-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com vimeo.com data: https:;script-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https:;style-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-inline' https:; report-uri /csp-violations; 2
connect-src 'self' logx.optimizely.com *.optimizely.com *.maginfrastructure.com www.google-analytics.com capture.trackjs.com www.facebook.com stats.g.doubleclick.net *.holidayextras.co.uk serve.vdopia.com/adserver/html5/inwapads https://*.hotjar.com:* wss://*.hotjar.com performance.typekit.net https://ssp.lkqd.net/ad *.springserve.com vid.pubmatic.com adservice.google.com google.com/csi https://evtvpaid.bfmio.com reachms.bfmio.com/getmu ads.contextweb.com/TagPublish/getvideo.aspx s3-eu-west-1.amazonaws.com/live-climate;frame-src *.optimizely.com *.fls.doubleclick.net vars.hotjar.com www.googletagmanager.com www.facebook.com www.thetrainline.com www.google.com servedby.flashtalking.com airporttransfers.eastmidlandsairport.com ebooker.arrowprivatehire.co.uk www.rentalcars.com airporttransfers.manchesterairport.co.uk travelmoney.travelex.co.uk imasdk.googleapis.com/js/core/bridge3.274.0_en.html vcc-eu2.8x8.com;img-src 'self' cdn.optimizely.com assets.live.web.maginfrastructure.com live-webadmin-media.s3.amazonaws.com live-mag-web-assets.s3.eu-west-1.amazonaws.com test-webadmin-media.s3.amazonaws.com s3-eu-west-1.amazonaws.com www.google-analytics.com nova.collect.igodigital.com www.facebook.com usage.trackjs.com p.typekit.net mag-retail-media-live.s3.amazonaws.com bat.bing.com pixel.quantserve.com *.g.doubleclick.net t.co www.google.com www.google.co.uk *.cpx.to *.adnxs.com *.avocet.io p.travelsmarter.net image2.pubmatic.com scontent.cdinstagram.com tag.yieldoptimizer.com idsync.rlcdc.com pixel.rubiconproject.com ad.yieldlab.net/m tag.adaraanalytics.com rtb.gumgum.com/usersync ik.imagekit.io i.ytimg.com www.google.ie www.googletagmanager.com about: data: vcc-eu2.8x8.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.optimizely.com https://www.googletagmanager.com www.googletagservices.com www.google-analytics.com www.google.com cdn.trackjs.com static.hotjar.com script.hotjar.com 10959453.collect.igodigital.com/collect.js cdn3.optimizely.com connect.facebook.net tag.yieldoptimizer.com use.typekit.net inpref.s3.amazonaws.com securepubads.g.doubleclick.net platform.twitter.com *.cpx.to rules.quantcount.com static.ads-twitter.com analytics.twitter.com www.gstatic.com adservice.google.co.uk adservice.google.com secure.quantserve.com bat.bing.com *.doubleclick.net www.googleadservices.com vcc-eu2.8x8.com;style-src 'self' 'unsafe-inline' static.tacdn.com www.surveygizmo.eu fonts.googleapis.com data:; report-uri https://webevo.report-uri.com/r/d/csp/reportOnly 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src 'none'; connect-src * data:; media-src 'self' https: blob:; font-src 'self' data:; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; base-uri 'self'; manifest-src 'self'; frame-src 'self'; worker-src 'self'; upgrade-insecure-requests 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com; 2
default-src https: data: webviewprogressproxy: gsa: 'unsafe-inline'; report-uri https://6lt9e3u0nd.execute-api.ap-northeast-1.amazonaws.com/prod/cspToSlack 2
default-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: webviewprogressproxy:; style-src 'self' https: 'unsafe-inline' data: webviewprogressproxy:; img-src 'self' https: data: webviewprogressproxy:; report-uri /api/csp-report 2
connect-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/ https://*.braintreegateway.com http://dpm.demdex.net https://www.facebook.com https://*.usabilla.com https://bam.nr-data.net https://*.trainline.eu/; font-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/ data: https://fonts.gstatic.com; img-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/ data: https://*.online-metrix.net http://dpm.demdex.net https://www.facebook.com https://*.paypal.com https://*.doubleclick.net https://*.googlesyndication.com http://www.google-analytics.com https://www.google-analytics.com http://cm.everesttech.net; style-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/ 'unsafe-inline'; media-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/; script-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/ 'unsafe-inline' 'unsafe-eval' https://*.online-metrix.net https://assets.adobedtm.com http://assets.adobedtm.com https://www.google-analytics.com https://ssl.google-analytics.com http://www.google-analytics.com https://*.googlesyndication.com https://connect.facebook.net https://*.paypal.com https://www.paypalobjects.com https://aff.bstatic.com https://js-agent.newrelic.com https://ad.doubleclick.net https://bam.nr-data.net https://static.ads-twitter.com https://analytics.twitter.com https://*.usabilla.com https://d2c7xlmseob604.cloudfront.net; object-src 'report-sample' 'self' https://static.trainlinecontent.com http://*.thetrainline.com/ https://*.thetrainline.com/ https://www.paypalobjects.com; report-uri https://csp.trainline.com?clientId=DesktopWeb; 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 2
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2
script-src https://www.probikekit.co.uk https://m.probikekit.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.probikekit.co.uk/cspReport.txt; 2
frame-ancestors 'self' ;font-src 'self' https://fonts.gstatic.com  https://webfonts.zohostatic.com  https://static.ecorebates.com https://ajax.googleapis.com data:  ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com; report-uri /CSP-report; 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; report-uri https://www.argos.co.uk/logging-api/2/security 2
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'none'; base-uri 'self'; connect-src 'self' ; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' ; img-src 'self' analytics.openpetition.de data: ; script-src 'self' 'unsafe-inline' analytics.openpetition.de ; style-src 'self' 'unsafe-inline' ; upgrade-insecure-requests; report-uri /report 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.db.no/csp 2
default-src 'self' https://www.google-analytics.com; child-src 'self';  object-src 'self' blob; style-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src 'self' 'blob' 'unsafe-eval' 'unsafe-inline' *; manifest-src 'self'; form-action 'self'; block-all-mixed-content; 2
default-src 'none';                     connect-src https: wss://nexus-websocket-a.intercom.io https: wss://nexus-websocket-b.intercom.io;                     font-src forms.ministryforms.net pbuat-fmsbridge-et-fmsweb.azurewebsites.net 'self' fonts.gstatic.com js.intercomcdn.com maxcdn.bootstrapcdn.com;                      form-action 'self' www.facebook.com;                     frame-src bid.g.doubleclick.net player.vimeo.com vars.hotjar.com www.facebook.com;                     frame-ancestors *;                      img-src https: data:;                      media-src 'self' www.snapengage.com;                     script-src forms.ministryforms.net pbuat-fmsbridge-et-fmsweb.azurewebsites.net 'self' 'unsafe-eval' 'unsafe-inline' analytics.clickdimensions.com bat.bing.com browser.sentry-cdn.com cdn.ckeditor.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net images.dmca.com js.intercomcdn.com munchkin.marketo.net rawgit.com sniff.visistat.com script.hotjar.com static.hotjar.com storage.googleapis.com widget.intercom.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.snapengage.com;                     style-src forms.ministryforms.net pbuat-fmsbridge-et-fmsweb.azurewebsites.net 'self' 'unsafe-inline' cdn.ckeditor.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com;                     report-uri https://tracker.report-uri.com/r/d/csp/wizard; 2
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
default-src https: 'unsafe-inline' 'unsafe-eval' 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443; img-src 'self' data: https://spotlight.radiopublic.com:443 https://www.google-analytics.com; frame-src https://embed.radiopublic.com; font-src *; connect-src https://draper.radiopublic.com:443 https://search.radiopublic.com:443 https://api.radiopublic.com:443; report-uri https://play.radiopublic.com/csp-report 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.verasafe.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 2
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; connect-src 'self' blob: https://*.video-cdn.net; font-src 'self' https://*.video-cdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.video-cdn.net https://www.youtube.com; img-src 'self' data: https://viegade01.wt-eu02.net https://viega01.webtrekk.net https://*.video-cdn.net https://maps.gstatic.com https://*.googleapis.com; media-src 'self' https://videocdn-blob-1.akamaized.net https://videocdnvod1-vh.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.video-cdn.net https://www.youtube.com https://s.ytimg.com https://maps.googleapis.com https://e.issuu.com https://responder.wt-safetag.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net; plugin-types application/pdf 2
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de streaming.talk42.de 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; report-uri /service/csp-report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src https: android-webview: 'unsafe-inline' 'unsafe-eval'; media-src data: https: 'unsafe-inline' 'unsafe-eval'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; font-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://netologygroup.report-uri.io/r/default/csp/reportOnly 2
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tpj.report-uri.io/r/default/csp/reportOnly 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bildungsspender.de; connect-src 'self' wss://foodsharing.de wss://beta.foodsharing.de https://sentry.io https://photon.komoot.de https://search.mapzen.com blob:; img-src 'self' data: https: blob:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://www.bildungsspender.de; frame-ancestors 'none'; report-uri https://sentry.io/api/1400919/security/?sentry_key=c8243b4a29d64d499707914916f3bb55; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' www.google-analytics.com verify.authorize.net www.googletagmanager.com js.hs-scripts.com www.googleadservices.com static.hotjar.com snap.licdn.com js.hs-analytics.net bat.bing.com connect.facebook.net static.ads-twitter.com www.googlecommerce.com px.ads.linkedin.com analytics.twitter.com www.google.com apis.google.com script.hotjar.com googleads.g.doubleclick.net jstest.authorize.net js.authorize.net dnn506yrbagrg.cloudfront.net www.linkedin.com js.hscta.net cta-service-cms2.hubspot.com www.youtube.com s.ytimg.com www.gstatic.com maps.googleapis.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ms-appx-web: static.hotjar.com; img-src 'self' data: blob: verify.authorize.net www.google-analytics.com track.hubspot.com t.co bat.bing.com www.facebook.com www.googletagmanager.com www.google.com stats.g.doubleclick.net www.statefoodsafety.com no-cache.hubspot.com www.googleadservices.com googleads.g.doubleclick.net *.statefoodsafety.com; frame-src 'self' vars.hotjar.com www.google.com www.facebook.com www.youtube.com bid.g.doubleclick.net flex.atdmt.com ms-appx-web:; connect-src 'self' jstest.authorize.net js.authorize.net apitest.authorize.net api.authorize.net in.hotjar.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self'; media-src 'self' *.statefoodsafety.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /JsonLog/contentSecurityPolicyViolation; 2
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; report-uri https://sentry.alboweb.nl/api/90/csp-report/?sentry_key=50677694228d4eb4befdcf33b750247d; 2
script-src 'self' 'unsafe-inline' https://cdn.truendo.com https://prod.truendo.com https://promo.awempire.com https://awempt.com https://chaturbate.com https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.5/mobile-detect.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap3-dialog/1.35.4/js/bootstrap-dialog.min.js; style-src 'self' https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css; img-src 'self' data: https://*.awemwh.com https://roomimg.stream.highwebmedia.com/ri/ https://spacergif.org/spacer.gif https://*.wlresources.com:* https://www.gstatic.com/images/branding/product/2x/translate_24dp.png; font-src 'self' 'unsafe-inline' data: https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-regular.woff https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-regular.woff2 https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-700.woff https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-700.woff2 https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.ttf https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2 https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot? https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.svg https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.woff?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.ttf?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.svg?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.eot?; connect-src 'self' https://prod.truendo.com https://cdn.truendo.com; object-src 'none'; base-uri 'none'; form-action 'self'; require-sri-for script style; frame-src https://chaturbate.com https://*.chaturbate.com https://awempt.com/embed https://www.xlovecam.com http://cradver.livejasmin.com http://pt.protoawe.com; frame-ancestors 'self'; manifest-src 'self'; report-uri http://favicongeneratoronline.com/csp-reports.php 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://connect.facebook.net https://api.instagram.com https://maps.googleapis.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://scontent.cdninstagram.com https://maps.gstatic.com https://csi.gstatic.com  https://maps.googleapis.com https://bat.bing.com data:; object-src https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net; frame-src https://www.google.com https://www.facebook.com https://disqus.com https://www.youtube.com  https://www.youtube-nocookie.com https://moneybird.clickwebinar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /i/csp-report 2
default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; report-uri //report-csp-violation 2
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 2
default-src *.cloud.mail.ru *.clob.mail.ru *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com ; script-src 'unsafe-inline' 'unsafe-eval' *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.yandex.ru *.odnoklassniki.ru odnoklassniki.ru *.ok.ru ok.ru *.scorecardresearch.com www.google-analytics.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; img-src data: *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; font-src data: cloud.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; frame-src *.mail.ru *.datacloudmail.ru *.cldmail.ru docs.mail.ru *.officeapps.live.com *.mradx.net; object-src data: blob: https://*; report-uri https://cspreport.mail.ru/cloud/; 2
block-all-mixed-content; frame-ancestors 'self'; report-uri https://sentry.exponea.com/api/11/csp-report/?sentry_key=7635aced4522486797170a2ad4502b33 2
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://pro2-view.myportfolio.com/v1/errors/csp 2
frame-ancestors 'self' *.fourseasons.com; report-uri https://vmkkmcabbh.execute-api.ca-central-1.amazonaws.com/CspReportsApi 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.homepointfinanical.com https://cdnjs.cloudflare.com https://*.mortgageloan.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://stats.g.doubleclick.net https://www.gravatar.com https://*.umbraco.org https://pixel-a.basis.net https://pixel.sitescout.com; report-uri https://hpfc.report-uri.com/r/d/csp/reportOnly 2
default-src 'unsafe-inline' * 'unsafe-eval' data: https:; img-src 'unsafe-inline' data: mediastream: blob: * android-webview-video-poster:; font-src 'unsafe-inline' * 'unsafe-eval' data:; form-action https:; report-uri https://sagvhts6ostb5kz5guxaxuzi.httpschecker.net/report 2
default-src https:;   connect-src https: ws://10.1.13.34;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;   font-src https: 'self' data:;   img-src 'self' data: https: https://zradio.org;   style-src 'self' https: 'unsafe-inline';   object-src 'none';   report-uri https://csp.zradio.org/ 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 2
default-src 'self';    form-action 'self';    frame-src 'self' https://live.sagepay.com https://test.sagepay.com https://cse.google.com gsa://onpageload https://www.google.com https://www.google.com/recaptcha/ https://s7.addthis.com https://edge.addthis.com https://www.youtube.com https://player.vimeo.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.canford.co.uk https://www.canford.fr https://www.canford.de https://ajax.aspnetcdn.com https://www.google.com https://www.googleapis.com https://cse.google.com https://ajax.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.addthis.com https://*.addthisedge.com https://*.facebook.com https://www.linkedin.com https://services.postcodeanywhere.co.uk https://canfo11114.pcapredict.com https://www.auctionnudge.com https://assets-auctionnudge.s3.amazonaws.com https://cdn.rawgit.com/google/ safari-extension:;    style-src 'self' 'unsafe-inline' https://www.canford.co.uk https://www.canford.fr https://www.canford.de https://www.google.com https://fonts.googleapis.com https://translate.googleapis.com https://services.postcodeanywhere.co.uk https://assets-auctionnudge.s3.amazonaws.com https://cdn.rawgit.com/google/;    font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;    img-src 'self' https: data:;    media-src 'self' https://ssl.gstatic.com;    connect-src 'self' wss://www.canford.co.uk wss://www.canford.fr wss://www.canford.de https://ajax.aspnetcdn.com https://google-analytics.com https://www.google-analytics.com https://ajax.googleapis.com https://stats.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.addthis.com https://services.postcodeanywhere.co.uk https://translate.googleapis.com https://www.bing.com https://www.howsmyssl.com;    report-uri /Utils/CSPNotification?CspType=Notification https://canford.report-uri.com/r/d/csp/reportOnly https://canford.report-uri.com/r/d/csp/wizard     2
policy-uri /http://www.ftse.com/* https://www.ftse.com/* 2
default-src 'https' style-src 'unsafe-inline' font-src 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://consent.cookiebot.com/uc.js https://consent.cookiebot.com/97d3b191-ad18-48f5-80ae-d62b3aea1449/cc.js https://consentcdn.cookiebot.com/consentconfig/97d3b191-ad18-48f5-80ae-d62b3aea1449/state.js https://consent.cookiebot.com/b5074936-b18e-4414-88f2-8de62ed0b7c9/cc.js https://consentcdn.cookiebot.com/consentconfig/b5074936-b18e-4414-88f2-8de62ed0b7c9/state.js https://consent.cookiebot.com/6354fd3d-924e-434a-955c-43d3db73e62d/cc.js https://consentcdn.cookiebot.com/consentconfig/6354fd3d-924e-434a-955c-43d3db73e62d/state.js http://w.usabilla.com/8f9054bf779b.js http://w.usabilla.com/cbf59fb24a0a.js http://w.usabilla.com/6feb7f1df1ac.js http://w.usabilla.com/99158a893ac6.js https://chat.vanlanschot.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://sjs.bizographics.com https://bat.bing.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.linkedin.com/px https://px.ads.linkedin.com https://www.googleadservices.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://chat.vanlanschot.nl;img-src 'self' https://www.google-analytics.com https://insights.hotjar.com https://static.hotjar.com http://static.hotjar.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://stats.g.doubleclick.net https://pixel.mathtag.com/event/ https://cx.atdmt.com https://www.facebook.com/tr https://bat.bing.com https://pixel.rubiconproject.com https://beleggingsinformatie.vanlanschot.nl https://*.cloudfront.net data: https://www.google.com;frame-src 'self' https://chat.vanlanschot.nl https://player.vimeo.com https://vars.hotjar.com https://www.google.com https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/' https://consentcdn.cookiebot.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com https://static.hotjar.com http://static.hotjar.com;connect-src 'self' https://chat.vanlanschot.nl http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com;child-src 'self' https://vars.hotjar.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/api2;report-uri /WebResource.axd?cspReport=true 2
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/ta/prod 2
frame-ancestors 'self'; report-uri /csp/report/; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.nestdesign.com/report-insecure-requests/ 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp_report.php 2
default-src 'none' 2
default-src 'self';font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src vontobel-cloudbased-streaming.s3.amazonaws.com 'self' data: ssl.siteimprove.com ad.doubleclick.net statse.webtrendslive.com www.google-analytics.com analytics.twitter.com www.facebook.com t.co;script-src 'self' 'unsafe-inline' *.linkedin.com analytics.twitter.com www.facebook.com snap.licdn.com www.google-analytics.com s.webtrends.com tags.tiqcdn.com static.ads-twitter.com connect.facebook.net 'unsafe-inline' siteimproveanalytics.com static.ads-twitter.com t.co snap.licdn.com google-analytics.com s.webtrends.com tags.tiqcdn.com;frame-ancestors 'self';frame-src 'self';media-src vontobel-cloudbased-streaming.s3.amazonaws.com;report-uri /csp/report/; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 1
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 1
default-src data: https: 'unsafe-inline' 'unsafe-eval';report-uri https://asia-northeast1-kakaku-csp-report.cloudfunctions.net/CSPReportFunc; 1
default-src 'none'; connect-src 'self' *.kinopoisk.ru *.yandex.net *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.ru yandex.net yastatic.net yandex.st *.facebook.net *.facebook.com google.com ads.adfox.ru; font-src 'self' *.kinopoisk.ru *.yandex.net *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.ru yandex.net yastatic.net yandex.st; form-action 'self'; frame-src 'self' *.yandex.net *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz *.kinopoisk.ru yandex.ru yandex.net yastatic.net google.com vk.com *.facebook.com *.facebook.net facebook.com syndication.twitter.com platform.twitter.com st.yandexadexchange.net www.youtube.com; img-src 'self' data: *.kinopoisk.ru *.yandex.net *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.ru yandex.net yastatic.net yandex.st vk.com vkontakte.ru pbs.twimg.com *.facebook.net *.facebook.com platform.twitter.com syndication.twitter.com google.com imeem.com samsung.com www.tns-counter.ru ar.tns-counter.ru ads.adfox.ru *.twimg.com; manifest-src 'self' *.kinopoisk.ru *.yandex.net *.yastatic.net yandex.net yastatic.net; media-src 'self'; object-src 'self' *.kinopoisk.ru *.yandex.net vimeo.com vesti.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinopoisk.ru *.yandex.net *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.ru yandex.net yastatic.net *.yastatic.net yandex.st ajax.googleapis.com *.facebook.net *.facebook.com vk.com vkontakte.ru platform.twitter.com ads.adfox.ru cdn.syndication.twimg.com maps.googleapis.com; style-src 'self' 'unsafe-inline' *.kinopoisk.ru *.yandex.net *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.ru yandex.net yastatic.net yandex.st platform.twitter.com *.twimg.com; report-uri https://csp.yandex.net/csp?from=kinopoisk-old&yandex_login=&yandexuid=1000000001010011010 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=64c7fa5bd709de691c7978a6b462fc90 1
style-src 'unsafe-inline' https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://radar.cedexis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; default-src https://*.flickr.com https://*.staticflickr.com; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://s.yimg.com https://de.adserver.yahoo.com https://sb.scorecardresearch.com https://image.maps.api.here.com http://*.static-alpha.flickr.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net; media-src https://*.flickr.com https://*.staticflickr.com https://s.yimg.com https://*.http.atlas.cdn.yimg.com http://*.static-alpha.flickr.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-065c8cd4d6f47e55ea9ac45c011fb4b0' 'strict-dynamic' https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://radar.cedexis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; connect-src https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://api.flickr.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net; frame-src https://*.flickr.com https://s.yimg.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net; child-src https://*.flickr.com https://s.yimg.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net; font-src https://s.yimg.com https://*.flickr.com data:; worker-src blob:; report-uri https://www.flickr.com/csp_report.gne?src=adsecflickrreport; 1
img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_13 1
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; report-uri https://stackoverflow.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'nonce-a5c47ff7-4724-46d7-93ba-8d2d3f8d2b25' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
connect-src https:; report-uri https://www.yodobashi.com/ws/api/ap/csp/report 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://abccsp.report-uri.com/r/t/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=145-6900809-5184224:rid=HPR6P6ZDA303300ZPC3M:sn=www.audible.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 1
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 1
block-all-mixed-content; report-uri /csp-report?p=; connect-src 'self' https://runkit.com https://www.facebook.com/tr/ https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com https://errors.stripe.com; frame-src 'self' https://runkit.com https://platform.twitter.com https://syndication.twitter.com https://connect.facebook.net/ https://js.stripe.com; media-src 'self' https://d37ugbyn3rpeym.cloudfront.net; script-src 'self' 'nonce-iJGbgydz5z2lnoNKLKuJIQ==' https://embed.runkit.com https://platform.twitter.com/widgets.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://ga.clearbit.com/v1/ga.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js 'sha256-imsFFurH1ga4dD0qKUrFgho9H3IWz4uSv9zqGPhDauo=' 'sha256-hOAiTeVRh1G6sL37DRPcchapAacG4IsPVHh/NWUtqzY=' 'sha256-xCVAFjvclbG6Z0PLN11uLptfgK7kytY1ciHdDJwZhrQ=' 'sha256-0cbzpPToyinPtZRkh8nit24VtCOx9DV0QrXA0aSbexs=' 'unsafe-eval' https://js.stripe.com 'report-sample'; img-src 'self' data: https://www.facebook.com/tr/ https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ga-audiences https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://dc.ads.linkedin.com/collect/ https://www.linkedin.com/px/ https://px.ads.linkedin.com https://q.stripe.com https://*.stripecdn.com/site-srv/assets; style-src 'self' 'unsafe-inline' https://fast.fonts.net/t/1.css; font-src 'self' data:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://syndication.twitter.com/i/jot https://connect.facebook.net/log/fbevents_telemetry/ 1
block-all-mixed-content; report-uri /PreserveCspReport/ 1
default-src https: https:* data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://api.medscape.com/contentpolicyservice/notify 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri https://csp.tmcdn.co.nz/report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https: easy-js:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:;report-uri https://collector.schibsted.io/api/v1/csp/aftonbladet/publishing/pro 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp.sites.unc.edu 1
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 1
default-src 'none'; connect-src 'self' https://*.memrise.com https://api.segment.io https://app.splitmetrics.com https://fonts.googleapis.com https://mempa.fra-01.braze.eu https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; form-action 'self' https://www.facebook.com; font-src data: *.memrise.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://*.facebook.com https://js.stripe.com https://www.google.com; img-src 'self' data: https://*.memrise.com https://s3.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.amcharts.com; media-src 'self' https://*.memrise.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.memrise.com https://cdn.segment.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dalusewymm5m7.cloudfront.net https://js.appboycdn.com https://js.stripe.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.memrise.com https://fonts.googleapis.com https://use.fontawesome.com; report-uri https://errors.memrise.com/api/6/security/?sentry_key=b0576330dd774fc7a6ab4ecee3492fe0&sentry_environment=production; 1
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-WJV/gM/3acy2wA==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://irishtimes.report-uri.io/r/default/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss:; connect-src wss://*.ravelry.com https://www.ravelry.com https://*.hotjar.com; img-src https: data:; report-uri https://csp-reports.ravelry.com/; 1
script-src 'self' d2ue93q3u507c2.cloudfront.net www.google-analytics.com www.gstatic.com boards.greenhouse.io bnc.lt app.link 'sha256-zS9ghHX2N121ZHC6c7LMmgKRw0ncpwwduvC/XaRPZFM='; style-src 'self' 'unsafe-inline' d2ue93q3u507c2.cloudfront.net; report-uri https://report-uri.robinhood.com/_csp?type=trader&version=ab2b7d669; manifest-src 'self'; default-src 'self'; frame-src google.com boards.greenhouse.io; upgrade-insecure-requests; img-src 'self' data: d2ue93q3u507c2.cloudfront.net images.robinhood.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com syndication.twitter.com; media-src 'self' d2ue93q3u507c2.cloudfront.net; object-src 'none'; connect-src 'self' *.robinhood.com www.google-analytics.com stats.g.doubleclick.net api.branch.io api2.branch.io boards-api.greenhouse.io d2ue93q3u507c2.cloudfront.net; font-src 'self' d2ue93q3u507c2.cloudfront.net; block-all-mixed-content; base-uri 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; object-src 'none'; report-uri https://wwwaarp.report-uri.com/r/d/csp/reportOnly 1
report-uri https://j5qjalwk0b.execute-api.us-east-2.amazonaws.com/security/csp-reports; default-src 'self'; frame-ancestors 'self' *.smartsheet.com; connect-src 2y0abj6vp2.execute-api.us-west-2.amazonaws.com 464-onm-149.mktoresp.com bam.nr-data.net c.6sc.co errors.client.optimizely.com hn.inspectlet.com logx.optimizely.com; font-src fonts.gstatic.com; frame-src 5022535.fls.doubleclick.net a752092193.cdn.optimizely.com consentcdn.cookiebot.com dnt.qualaroo.com www.facebook.com www.google.com www.youtube.com; img-src b.6sc.co d2myx53yhj7u4b.cloudfront.net stats.g.doubleclick.net www.google-analytics.com www.google.com  https://cdn.optimizely.com https://app.optimizely.com; manifest-src cco-wc-u-12:8443 gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net https://*.optimizely.com cdn.inspectlet.com connect.facebook.net j.6sc.co js-agent.newrelic.com munchkin.marketo.net px.ads.linkedin.com www.google-analytics.com www.google.com www.googletagmanager.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; script-src-elem cdn3.optimizely.com cdn.inspectlet.com connect.facebook.net js-agent.newrelic.com munchkin.marketo.net www.google-analytics.com www.googletagmanager.com; style-src 'unsafe-inline' fonts.googleapis.com translate.googleapis.com style-src-elem fonts.googleapis.com translate.googleapis.com; prefetch-src https://cdn.optimizely.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri https://c79f95068084e6225a0fe93e875f682d.report-uri.com/r/t/csp/reportOnly 1
base-uri *.rivals.com;default-src  'self' *.rivals.com/ *.yahoo.com; connect-src  *.yahoo.com *.rivals.com *.chartbeat.com *.advertising.com; frame-src  *.doubleclick.net *.twitter.com *.rivals.com widgets.outbrain.com *.braintreegateway.com *.youtube.com *.hudl.com *.yahoo.com *.aol.com; font-src  *.rivals.com/ fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src  *.rivals.com/ *.cloudinary.com/ *.chartbeat.net *.yahoo.com *.yimg.com *.outbrain.com *.twitter.com images.outbrainimg.com www.google-analytics.com stats.g.doubleclick.net; media-src  *.rivals.com/ *.vidible.tv; script-src  *.rivals.com/ static.chartbeat.com *.outbrain.com log.outbrainimg.com s.yimg.com bam.nr-data.net *.google-analytics.com cdn.syndication.twimg.com secure.quantserve.com *.newrelic.com c.jsrdn.com z.moatads.com *.yahoo.com platform.twitter.com *.braintreegateway.com *.braintree-api.com 'unsafe-eval' 'unsafe-inline'; style-src  fonts.googleapis.com cdnjs.cloudflare.com *.rivals.com/ platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com 'unsafe-inline'; report-uri /api/v1/content_security_policy_reports 1
font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tagesspiegel.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; report-uri https://csp.skype.com 1
frame-ancestors https://*.rte.ie https://*.rtegroup.ie; report-uri https://rtedotie.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://rameez.report-uri.io/r/default/csp/reportOnly 1
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp/ 1
block-all-mixed-content; report-uri https://csp-reports.pravmir.ru/https-mixed-content-logger/csp_report_log.php; 1
media-src https://www.stitchfix.com; img-src 'self' data: https://alb.reddit.com https://gcm.optimove.events https://e.dlx.addthis.com https://id.rlcdn.com https://stitchfixtracksdk.optimove.net https://pixel.advertising.com https://www.facebook.com https://pippio.com https://sync-tm.everesttech.net https://ib.adnxs.com https://gpush.cogocast.net https://sync.outbrain.com https://www.google-analytics.com https://d3ss0gp3e5d7m3.cloudfront.net https://pinterest.adsymptotic.com https://fcmatch.google.com https://cs.lkqd.net https://x.bidswitch.net https://www.ojrq.net https://i.liadm.com https://aa.agkn.com https://c.liadm.com https://us-east-sync.bidswitch.net https://secure.adnxs.com https://cx.atdmt.com https://cm.g.doubleclick.net https://fcmatch.youtube.com https://srv.stackadapt.com https://dmx.districtm.io https://ct.pinterest.com https://data.adxcel-ec2.com https://dpx.airpr.com https://hexagon-analytics.com https://dpm.demdex.net https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://stats.g.doubleclick.net https://tapestry.tapad.com https://d.turn.com https://www.google.com https://bat.bing.com https://p.tvpixel.com https://www.google.co.uk https://idsync.rlcdn.com https://pixel.quantserve.com https://tag.cogocast.net https://bsw.digitru.st https://tag.apxlv.com https://lrcm.optimove.events https://t.co; object-src https://www.stitchfix.com; worker-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.dynamicyield.com jsagent.tcell.io https://d3ss0gp3e5d7m3.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://s.pinimg.com https://www.redditstatic.com https://sp.analytics.yahoo.com https://px.airpr.com https://s.yimg.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://bat.bing.com https://cdn.singular.net https://b-code.liadm.com https://rules.quantcount.com https://script.crazyegg.com https://www.googleadservices.com https://secure.quantserve.com https://sdk-cdn.optimove.net https://analytics.twitter.com https://www.google-analytics.com https://connect.facebook.net https://d.impactradius-event.com https://stitchfixtracksdk.optimove.net https://c.tvpixel.com; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://d3ss0gp3e5d7m3.cloudfront.net; font-src 'self' https://d3ss0gp3e5d7m3.cloudfront.net; child-src https://bid.g.doubleclick.net https://staticxx.facebook.com https://www.facebook.com https://input.tcell.io/ https://i.liadm.com https://8611748.fls.doubleclick.net; frame-src https://bid.g.doubleclick.net https://staticxx.facebook.com https://www.facebook.com https://input.tcell.io/ https://i.liadm.com https://8611748.fls.doubleclick.net; connect-src 'self' https://ampcid.google.com https://api.tcell.io/ https://ampcid.google.com.pr https://p.tvpixel.com https://ampcid.google.lu https://graph.facebook.com https://notify.bugsnag.com https://www.google-analytics.com https://stitchfixtracksdk.optimove.net https://sessions.bugsnag.com https://www.facebook.com https://location-service.stitchfix.com https://client-analytics-service.production.stitchfix.com https://tags.srv.stackadapt.com https://lcidc.liadm.com https://d3ss0gp3e5d7m3.cloudfront.net https://input.tcell.io/ https://ct.pinterest.com https://ampcid.google.ca https://ampcid.google.com.mx https://stitch-fix.sjv.io https://ampcid.google.ae https://px.dynamicyield.com https://adservice.google.com https://stats.g.doubleclick.net; report-uri https://input.tcell.io/csp/248122046b673a7ab0e340296f1e73a9827b55dc2777a5b17415b2d8ce343b57?rid=98246921 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src https: data:; font-src https: data:; report-uri https://ee.report-uri.io/r/default/csp/reportOnly 1
report-uri	/some-report-uri 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp-endpoint/index 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; &a=wufoocms 1
script-src 'self' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-nRM2lfeK3BRRk282'; style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com *.vimeocdn.com; report-uri https://www.sidefx.com/csp_reports/; default-src 'self'; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com *.vimeo.com *.vimeocdn.com; img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com i.ytimg.com *.vimeocdn.com www.paypal.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; connect-src https: wss: ; font-src https: 'unsafe-inline' 'unsafe-eval' data: ; script-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://lancers.report-uri.io/r/default/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://a.tiles.mapbox.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://graph.facebook.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net https://www.facebook.com 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com data: https://static.hotjar.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=140-6392901-8686603:rid=WYYTZJV3C5H61P9VC6JQ:sn=www.audible.com 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src 'self' ; img-src * data: ; script-src 'self' www.google-analytics.com ssl.google-analytics.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-violations.external.wickes.co.uk 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::PROD_HTTPS_V2_1 1
default-src https:; connect-src https: wss:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' d36jn9qou1tztq.cloudfront.net 'report-sample'; style-src 'unsafe-inline' 'unsafe-eval' https: 'report-sample'; font-src https: data:; frame-src https: data:; report-uri /sitebuilder2/api/csp-report; report-to csp 1
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d1c5qktmphn2d.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d1c5qktmphn2d.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://px.airpr.com/airpr.js https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://static.ads-twitter.com https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp.wrike.com/csp-report?website 1
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: filesystem: mediastream: wikibooks.org *.wikibooks.org wikidata.org *.wikidata.org wikimedia.org *.wikimedia.org wikinews.org *.wikinews.org wikipedia.org *.wikipedia.org wikiquote.org *.wikiquote.org wikisource.org *.wikisource.org wikiversity.org *.wikiversity.org wikivoyage.org *.wikivoyage.org wiktionary.org *.wiktionary.org *.wmflabs.org wikimediafoundation.org mediawiki.org *.mediawiki.org wss://tools.wmflabs.org; report-uri https://tools.wmflabs.org/csp-report/collect; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.adform.net *.au.dk *.aucdn.dk *.cloudflare.com *.cloudfront.net *.crazyegg.com *.createsend1.com *.facebook.com *.facebook.net *.findvej.dk *.gefionau.dk *.google-analytics.com *.google.com *.google.dk *.googleapis.com *.googletagmanager.com *.gstatic.com *.instagram.com *.inviewmap.com *.livescribe.com *.mathjax.org *.pingdom.net *.siteimprove.com *.slideshare.net *.stakbogladen.dk *.statsbiblioteket.dk *.storify.com *.twimg.com *.twitter.com *.vimeo.com *.yahooapis.com *.youtu.be *.youtube.com 130.225.20.241 130.226.173.136 77.66.112.46 shoutbox.widget.me siteimproveanalytics.com *.cludo.com www2.dmu.dk unpkg.com *.usabilla.com *.doubleclick.net; img-src * 'self' data:; report-uri /csp-rapport/csp-rapport.php?i=i40v5; 1
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/wi/prod 1
script-src https://www.lookfantastic.com https://m.lookfantastic.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://hm.baidu.com https://tag.baidu.com; report-uri https://www.lookfantastic.com/cspReport.txt; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
default-src 'self' *.hotjar.com *.macupdate.com https://*.macupdate.com macupdate.com; frame-src 'self' 'unsafe-inline' https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.apple.com https://tpc.googlesyndication.com/; child-src 'self' 'unsafe-inline' https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.linksynergy.com https://*.macupdate.com https://*.macupdateblog.disqus.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com; img-src 'self' 'unsafe-inline' https://p.typekit.net *.macupdate.com https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.linksynergy.com https://*.macupdate.com https://*.macupdateblog.disqus.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.apple.com data: *.2mdn.net https://pagead2.googlesyndication.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org/ https://use.typekit.net https://code.jquery.com https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.linksynergy.com https://*.macupdate.com https://*.macupdateblog.disqus.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.apple.com https://l2.io *.inspectlet.com *.googlesyndication.com https://*.elev.io https://js.intercomcdn.com https://widget.intercom.io https://adservice.google.com https://adservice.google.ac https://adservice.google.ad https://adservice.google.ae https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ai https://adservice.google.al https://adservice.google.am https://adservice.google.co.ao https://adservice.google.com.ar https://adservice.google.as https://adservice.google.at https://adservice.google.com.au https://adservice.google.az https://adservice.google.ba https://adservice.google.com.bd https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.com.bh https://adservice.google.bi https://adservice.google.bj https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.bs https://adservice.google.bt https://adservice.google.co.bw https://adservice.google.by https://adservice.google.com.bz https://adservice.google.ca https://adservice.google.com.kh https://adservice.google.cc https://adservice.google.cd https://adservice.google.cf https://adservice.google.cat https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.co.ck https://adservice.google.cl https://adservice.google.cm https://adservice.google.cn https://adservice.g.cn https://adservice.google.com.co https://adservice.google.co.cr https://adservice.google.com.cu https://adservice.google.cv https://adservice.google.com.cy https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.com.do https://adservice.google.dz https://adservice.google.com.ec https://adservice.google.ee https://adservice.google.com.eg https://adservice.google.es https://adservice.google.com.et https://adservice.google.fi https://adservice.google.com.fj https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gf https://adservice.google.gg https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.com.gt https://adservice.google.gy https://adservice.google.com.hk https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.co.id https://adservice.google.iq https://adservice.google.ie https://adservice.google.co.il https://adservice.google.im https://adservice.google.co.in https://adservice.google.io https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.com.jm https://adservice.google.jo https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.ki https://adservice.google.kg https://adservice.google.co.kr https://adservice.google.com.kw https://adservice.google.kz https://adservice.google.la https://adservice.google.com.lb https://adservice.google.com.lc https://adservice.google.li https://adservice.google.lk https://adservice.google.co.ls https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.com.ly https://adservice.google.co.ma https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.com.mm https://adservice.google.mn https://adservice.google.ms https://adservice.google.com.mt https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.co.mz https://adservice.google.com.na https://adservice.google.ne https://adservice.google.com.nf https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.nl https://adservice.google.no https://adservice.google.com.np https://adservice.google.nr https://adservice.google.nu https://adservice.google.co.nz https://adservice.google.com.om https://adservice.google.com.pk https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.ph https://adservice.google.pl https://adservice.google.com.pg https://adservice.google.pn https://adservice.google.co.pn https://adservice.google.com.pr https://adservice.google.ps https://adservice.google.pt https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.sc https://adservice.google.se https://adservice.google.com.sg https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.com.sl https://adservice.google.sn https://adservice.google.sm https://adservice.google.so https://adservice.google.st https://adservice.google.sr https://adservice.google.com.sv https://adservice.google.td https://adservice.google.tg https://adservice.google.co.th https://adservice.google.com.tj https://adservice.google.tk https://adservice.google.tl https://adservice.google.tm https://adservice.google.to https://adservice.google.tn https://adservice.google.com.tr https://adservice.google.tt https://adservice.google.com.tw https://adservice.google.co.tz https://adservice.google.com.ua https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.com https://adservice.google.com.uy https://adservice.google.co.uz https://adservice.google.com.vc https://adservice.google.co.ve https://adservice.google.vg https://adservice.google.co.vi https://adservice.google.com.vn https://adservice.google.vu https://adservice.google.ws https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net *.doubleclick.net *.flowplayer.org *.macupdate.com *.twitter.com a.disquscdn.com disqus.com fonts.googleapis.com fonts.gstatic.com https://*.doubleclick.net https://*.macupdate.com https://*.twitter.com https://a.disquscdn.com https://disqus.com https://macupdateblog.disqus.com https://referrer.disqus.com https://*.google.com https://*.google.com.ua macupdateblog.disqus.com referrer.disqus.com; font-src 'self' https://use.typekit.net data: *.doubleclick.net *.macupdate.com *.twitter.com fonts.googleapis.com fonts.gstatic.com https://*.doubleclick.net https://*.macupdate.com https://*.twitter.com https://js.intercomcdn.com; object-src *.doubleclick.net *.flowplayer.org *.macupdate.com *.twitter.com https://*.doubleclick.net https://*.macupdate.com https://*.twitter.com https://pagead2.googlesyndication.com; connect-src 'self' https://*.macupdate.com https://performance.typekit.net https://*.hotjar.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.elev.io https://*.intercom.io; 1
default-src 'self' *.lendingclub.com lendingclub.com; img-src * data:; script-src 'unsafe-inline' 'self' *.lendingclub.com lendingclub.com js-agent.newrelic.com bam.nr-data.net t.a3cloud.net cdn.plaid.com *.googletagmanager.com/gtag/ *.googleadservices.com/pagead/ googleads.g.doubleclick.net/pagead/ s.pinimg.com connect.facebook.net tags.tiqcdn.com www.google-analytics.com; connect-src 'self' js-agent.newrelic.com bam.nr-data.net ct.pinterest.com; frame-src 'self' cdn.plaid.com; font-src 'self' data:; style-src 'unsafe-inline' 'self'; report-uri /site/csp/report-only 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net connect.facebook.net *.ytimg.com www.youtube.com www.google.com www.google.no track.adform.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net cdn.tt.omtrdc.net www.googleadservices.com *.boost.ai *.cicero.no *.sparebank1.no www.googletagmanager.com secure.adnxs.com maps.googleapis.com js.hs-analytics.net js.hs-scripts.com api.hubapi.com js.hsadspixel.net; style-src 'self' 'unsafe-inline' *.boost.ai *.sparebank1.no fonts.googleapis.com *.bootstrapcdn.com www.youtube.com; img-src 'self' *.yahoo.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net www.facebook.com *.sparebank1.no csi.gstatic.com maps.gstatic.com maps.googleapis.com *.boost.ai www.google.no www.google.com cm.everesttech.net dpm.demdex.net resources.mynewsdesk.com track.hubspot.com data:; connect-src 'self' dpm.demdex.net *.cicero.no *.boost.ai *.omtrdc.net data.brreg.no *.sparebank1.no www.facebook.com www.mynewsdesk.com publish.ne.cision.com api.hubapi.com; font-src 'self' *.boost.ai *.sparebank1.no fonts.gstatic.com resources.mynewsdesk.com *.bootstrapcdn.com data:; media-src 'none'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com player.vimeo.com www.facebook.com track.adform.net assets.adobedtm.com apis.google.com s-static.ak.facebook.com *.doubleclick.net dpm.demdex.net sparebank1.demdex.net www.google.no www.google.com cws.huginonline.com www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no; report-uri /bin/logservlet 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /misc/csp-report.php 1
default-src 'self' *.vk.com https://*.vk.com *.userapi.com https://*.userapi.com https://*.google.com https://*.google.ru *.googlesyndication.com https://*.googlesyndication.com https://*.doubleclick.net *.yandex.ru https://*.yandex.ru https://*.yandex.net yastatic.net https://yastatic.net *.yandexadexchange.net https://*.yandexadexchange.net *.yadro.ru https://*.yadro.ru data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com https://vk.com *.vk.com https://*.vk.com https://vidtok.ru https://*.gstatic.com https://*.google.com https://*.google.ru https://*.google.at https://*.google.by https://*.google.ca https://*.google.ch https://*.google.co.kr https://*.google.co.uk https://*.google.co.za https://*.google.co.uz https://*.google.co.il https://*.google.co.id https://*.google.co.in https://*.google.co.nz https://*.google.co.jp https://*.google.co.th https://*.google.co.ve https://*.google.co.ma https://*.google.com.cy https://*.google.com.sg https://*.google.com.tr https://*.google.com.ua https://*.google.com.lb https://*.google.com.ng https://*.google.com.pe https://*.google.com.hk https://*.google.com.tj https://*.google.com.my https://*.google.com.pk https://*.google.com.af https://*.google.com.eg https://*.google.com.au https://*.google.com.bo https://*.google.com.sa https://*.google.com.ph https://*.google.com.na https://*.google.com.mt https://*.google.com.br https://*.google.com.co https://*.google.com.ar https://*.google.com.vn https://*.google.com.om https://*.google.dk https://*.google.ee https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.ie https://*.google.iq https://*.google.it https://*.google.kz https://*.google.lv https://*.google.nl https://*.google.pl https://*.google.tm https://*.google.de https://*.google.az https://*.google.am https://*.google.se https://*.google.md https://*.google.cz https://*.google.kg https://*.google.ae https://*.google.bg https://*.google.dz https://*.google.lt https://*.google.no https://*.google.es https://*.google.hu https://*.google.sk https://*.google.be https://*.google.hr https://*.google.jo https://*.google.pt https://*.google.rs https://*.google.is https://*.google.lu https://*.google.ro https://*.google.tn https://*.google.si https://*.google.ci *.googlesyndication.com https://*.googlesyndication.com *.googletagservices.com https://*.googletagservices.com *.googletagmanager.com https://*.googletagmanager.com *.google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://cdn.ampproject.org *.yandex.ru https://*.yandex.ru https://*.yandex.by https://*.yandex.ua https://*.yandex.kz https://*.yandex.fr https://*.yandex.com.tr yastatic.net https://yastatic.net https://web.tolstoycomments.com data: ; style-src 'self' 'unsafe-inline'; img-src 'self' https://220youtube.com vk.com https://vk.com *.vk.com https://*.vk.com *.userapi.com https://*.userapi.com https://*.google.ru *.googlesyndication.com https://*.googlesyndication.com https://*.doubleclick.net *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googlezip.net https://*.googlezip.net https://yandex.ru *.yandex.ru https://*.yandex.ru *.yandex.net https://*.yandex.net https://yandex.st https://*.yandex.ua https://*.yandexadexchange.net https://*.tns-counter.ru https://wcm.solution.weborama.fr *.yadro.ru https://*.yadro.ru data: ; frame-src 'self' https://220vk.com vk.com https://vk.com https://login.vk.com https://vidtok.ru gsa://onpageload *.googlesyndication.com https://*.googlesyndication.com https://*.doubleclick.net https://vk-220.firebaseapp.com https://web.tolstoycomments.com https://*.yandex.ru yastatic.net https://yastatic.net *.yandexadexchange.net https://*.yandexadexchange.net; connect-src 'self' ws://220vk.com wss://220vk.com *.vk.com https://*.vk.com https://*.gstatic.com https://*.googleapis.com https://yandex.ru *.yandex.ru https://*.yandex.ru https://*.yandex.by https://*.yandex.ua yastatic.net https://yastatic.net https://awaps.yandex.net https://web.tolstoycomments.com *.bing.com https://*.bing.com; font-src 'self' data: https://*.gstatic.com; report-uri /files/collector.php 1
default-src 'self' https://img.zumpercdn.com; script-src 'self' 'unsafe-eval' www.googleadservices.com *.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.getblueshift.com *.scorecardresearch.com connect.facebook.net djnf6e5yyirys.cloudfront.net tracking.listhub.net cdnjs.cloudflare.com static.criteo.net *.criteo.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net 'nonce-d31205f1-0cb4-40dc-a243-77b7e41c4215' *.friendbuy.com cdn.jsdelivr.net *.trovit.com; connect-src 'self' *.zumper.com api.getblueshift.com www.google-analytics.com www.facebook.com ssl.geoplugin.net *.doubleclick.net api.rollbar.com logx.optimizely.com cdn.optimizely.com *.friendbuy.com *.recombee.us; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; frame-src 'self' *.facebook.com *.doubleclick.net *.criteo.com; img-src 'self' data: *.googleapis.com *.gstatic.com www.google-analytics.com www.googletagmanager.com www.facebook.com *.ggpht.com *.scorecardresearch.com *.doubleclick.net *.criteo.com d2t1047w253zzm.cloudfront.net https://static.zumpercdn.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net www.google.com rd.trovit.com tracking.listhub.com techcrunch.com img.buzzfeed.com housemethod.com i.amz.mshcdn.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; report-uri https://a7f26d32d940016fa60227f75db80b39.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-/a9nO15hDeGwCCnKqvRGVIMPBDbMJw5e' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-/a9nO15hDeGwCCnKqvRGVIMPBDbMJw5e' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com fonts.gstatic.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=137-0205983-6084511:rid=QH5YJTQ6GRC9VSGW0V4W:sn=www.audible.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/; report-uri /api/report-csp1/ 1
frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self';style-src 'self' 'unsafe-inline' g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com;connect-src 'self' *.dingtalk.com ynuf.alipay.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com;font-src 'self' at.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net ; connect-src 'self' https://account.myunidays.com https://account-cdn.myunidays.com https://perks.myunidays.com https://api.segment.io https://cdn.optimizely.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world ; script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-VJQhhEAbL0uGwWD8dOBszA==' 'sha256-FCD4CmGDa9ZlDWAh0W2yETdIFlIMPgmq5FkDQsxVxT4=' 'sha256-euoJNoaJITbhbO7ymsb/CcVchV6iwLXMOt4m8eeiEJM=' 'sha256-uaOgH6Wg5HZzOcOMUDlpqDrYOeBghbzAxWmuIk5CesQ=' 'sha256-7YaPxdD0kC1HoL/gBB+pc9XX79pLK1B8fsek/X0nL/o=' 'sha256-etomrtPR7+3YBJVhy4uup2zi9jdWdwYKdiAuoS19bgA=' ; style-src 'self' 'unsafe-inline' https: ; report-uri https://unidays.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/vg/prod 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; report-uri /report-csp-violation 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=denniexpres&d=2019-04-23 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
frame-ancestors 'self'; report-uri https://sentry.wongnai.com/api/2/csp-report/?sentry_key=1eb41851e6a44bd39f12e47f6de24633 1
default-src 'self' *.tapd.cn; connect-src http: https: ws: wss:;script-src 'self' 'nonce-c3d52aa7ea586083ea0a1dd775f0' 'unsafe-inline' 'unsafe-eval' *.tapd.cn bqq.gtimg.com t.gdt.qq.com admin.qidian.qq.com; style-src 'self' 'unsafe-inline' *.tapd.cn; img-src 'self' *.tapd.cn pingtcss.qq.com report.huatuo.qq.com badjs2.qq.com da.qidian.qq.com pingtas.qq.com data:; font-src 'self' *.tapd.cn data:; frame-src 'self' *.tapd.cn admin.qidian.qq.com webpage.qidian.qq.com; report-uri https://aq.qq.com/cn2/manage/mbtoken/hijack_csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://vk.com https://*.vk.com https://cdn.api.twitter.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://facebook.com https://*.facebook.com https://connect.facebook.net https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://*.criteo.net https://*.criteo.com https://video.bosch-pt-video.com https://uc.xddi.ru https://techport-st.cdn.ngenix.net https://demoup.com https://*.demoup.com https://pickpoint.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://api.flocktory.com; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1
default-src 'self' https://img.zumpercdn.com; script-src 'self' 'unsafe-eval' www.googleadservices.com *.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.getblueshift.com *.scorecardresearch.com connect.facebook.net djnf6e5yyirys.cloudfront.net tracking.listhub.net cdnjs.cloudflare.com static.criteo.net *.criteo.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net 'nonce-ae21f13c-b1a6-4718-9345-f33511ca586b' *.surveymonkey.com; connect-src 'self' *.zumper.com api.getblueshift.com www.google-analytics.com www.facebook.com ssl.geoplugin.net *.doubleclick.net api.rollbar.com logx.optimizely.com cdn.optimizely.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; frame-src 'self' *.facebook.com *.doubleclick.net *.criteo.com *.surveymonkey.com; img-src 'self' data: *.googleapis.com *.gstatic.com www.google-analytics.com www.googletagmanager.com www.facebook.com *.ggpht.com *.scorecardresearch.com *.doubleclick.net *.criteo.com d2t1047w253zzm.cloudfront.net https://static.zumpercdn.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net *.surveymonkey.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://img.zumpercdn.com https://d214hhm15p4t1d.cloudfront.net https://d2n1sxp1qtdjke.cloudfront.net; report-uri https://a7f26d32d940016fa60227f75db80b39.report-uri.com/r/d/csp/reportOnly 1
script-src https://www.myprotein.com https://m.myprotein.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.com/cspReport.txt; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=cmscache 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.przegladsportowy.pl::PsInfo_1_10_0 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://api.transparentcdn.com/v1/csp/report/83/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=1a45b777206e03f6848b512df8e87bcf 1
default-src https: blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://us-central1-pr-environment.cloudfunctions.net/policy-violation 1
default-src 'self' *.s-xoom.com; img-src 'self' data: *.paypal.com *.amazonaws.com *.s-xoom.com *.bbb.org *.facebook.com *.google.com *.googleapis.com *.bing.com *.doubleclick.net *.contentful.com *.ctfassets.net *.google-analytics.com *.mediaplex.com *.online-metrix.net *.ensighten.com *.googleadservices.com *.googleusercontent.com *.dotomi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.online-metrix.net *.segment.com *.iesnare.com *.mxpnl.com *.s-xoom.com *.google.com *.googleapis.com *.bing.com *.doubleclick.net *.googleadservices.com *.ensighten.com *.facebook.net *.optimizely.com *.contentful.com *.ctfassets.net *.paypalobjects.com *.google-analytics.com *.mediaplex.com *.gstatic.com *.googletagmanager.com *.braintreegateway.com; style-src 'self' 'unsafe-inline' *.s-xoom.com *.google.com *.contentful.com *.ctfassets.net; connect-src 'self' *.segment.io *.mixpanel.com *.paypalobjects.com *.s-xoom.com *.braintree-api.com *.braintreegateway.com; frame-src 'self' *.paypal.com *.google.com *.paypalobjects.com *.online-metrix.net *.jobvite.com *.facebook.net *.facebook.com *.youtube.com *.doubleclick.net *.braintreegateway.com *.cardinalcommerce.com; form-action 'self' *.doubleclick.net *.facebook.net; object-src 'self' *.online-metrix.net; report-uri /csp-violation; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: wss: blob: http://*.files.wordpress.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/gq/prod 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; img-src data: https:; report-uri https://lidlcsp.report-uri.io/r/default/csp/reportOnly; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.dotpay.pl ssl.google-analytics.com; img-src 'self' data: ssl.google-analytics.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src https://stats.g.doubleclick.net https://ssl.google-analytics.com ; report-uri /csp-report 1
default-src https: data: blob: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval' http://*.cdn.ne.jp https://*.cdn.ne.jp; report-uri /analyze/cspreport.php 1
frame-ancestors topface.com *.topface.com vk.com *.vk.com mail.ru *.mail.ru ok.ru *.ok.ru renren.com *.renren.com facebook.com *.facebook.com live.com *.live.com; report-uri /csp-report/; 1
block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com;  report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.com/ https://pagead2.googlesyndication.com/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.com https://apis.google.com https://accounts.google.com; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.com/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.com http://vk.com https://accounts.google.com/ 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;frame-ancestors 'none';report-uri /csp/report 1
default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' data:;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';report-uri https://cex.io/cspr; 1
default-src 'none' ; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com https://*.247-inc.net https://*.adobedtm.com https://*.sc.omtrdc.net https://www.google-analytics.com https://ajax.googleapis.com https://searspartsdirect.btttag.com https://tags.tiqcdn.com https://static.criteo.net https://px.owneriq.net https://*.go-mpulse.net https://resources.xg4ken.com https://bat.bing.com https://*.criteo.com https://connect.facebook.net https://secure.quantserve.com https://www.googleadservices.com https://st1.dialogtech.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.bounceexchange.com https://apps.bazaarvoice.com; style-src https: 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com; font-src 'self' data: https://fonts.gstatic.com; connect-src https: 'self' https://*.ch3.s.com https://*.searspartsdirect.io https://searspartsdirectapis.com https://*.247-inc.net; child-src https: 'self' https://armadillo.xyz https://www.searshomeservices.com https://*.247-inc.net https://youtube.com https://assets.bounceexchange.com https://px.owneriq.net https://d.btttag.com; object-src 'self'; worker-src 'self' blob:; manifest-src 'self'; img-src https: data:; frame-ancestors 'self'; report-uri https://31a2c7fb54d38ca48f49546888bdc42f.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.adobetag.com assets.adobedtm.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ va.ecitizen.gov.sg; style-src 'self' 'unsafe-inline' va.ecitizen.gov.sg; form-action 'self'; plugin-types application/pdf; img-src 'self' wogadobeanalytics.sc.omtrdc.net cm.everesttech.net dpm.demdex.net www.google-analytics.com va.ecitizen.gov.sg; frame-src 'self' wogaa.demdex.net dpm.demdex.net www.youtube.com https://www.google.com/recaptcha/ va.ecitizen.gov.sg; connect-src 'self' dpm.demdex.net wogadobeanalytics.sc.omtrdc.net www.google-analytics.com va.ecitizen.gov.sg; font-src *; report-uri /Members/_layouts/15/CPF.CMS/CSPReport.aspx 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=143-4796337-9040327:rid=K80CT5BC2PKZBF556XNK:sn=www.audible.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vwtjtrxk3sfdp0kvpob5s8gb.httpschecker.net/report 1
base-uri https://www.mbank.cz; report-uri https://wwwcz.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://www.youtube.com https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://i.ctnsnet.com https://c.imedia.cz https://track.adform.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.cz https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' 'report-sample' data: https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://*.fls.doubleclick.net https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://i.ctnsnet.com https://gcm.ctnsnet.com https://cm.ctnsnet.com https://ipac.ctnsnet.com https://scm.ctnsnet.com https://inl.ctnsnet.com https://cdn.ctnsnet.com https://ib.adnxs.com https://secure.adnxs.com https://bcp.crwdcntrl.net https://c.imedia.cz https://track.adform.net; font-src 'self' 'report-sample' https://www.mbank.cz https://fonts.gstatic.com/; connect-src 'self' 'report-sample' https://www.mbank.cz https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl; media-src 'self' 'report-sample' https://www.mbank.cz; object-src 'self' 'report-sample' https://www.mbank.cz https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; child-src 'self' 'report-sample' https://www.mbank.cz https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; form-action 'self' 'report-sample' https://www.mbank.cz https://form.mbank.cz; frame-ancestors 'self' 'report-sample' https://www.mbank.cz;  1
child-src https:;connect-src https:;font-src https: data:;frame-ancestors 'none';img-src https: data:;media-src https:;object-src https: data:;script-src https: data: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';report-uri /csp 1
report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=137-5524763-0832010:rid=SDV18XBHGQXZYMGDSFK5:sn=www.audible.com 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.fbcdn.net data: blob: 'unsafe-inline' 'unsafe-eval';style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com wss://*.workplace.com:* *.fbcdn.net blob: *.mktoresp.com *.workplace.tools;report-uri https://www.workplace.com/csp/reporting/ 1
default-src 'self' * 127.0.0.1; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; frame-src 'self' https: http: data:; child-src 'self' https: http: data:; 1
default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; report-uri https://api.youcanbook.me/v1/csp/reports 1
upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
script-src https: 'self' 'nonce-53ba3df470e2068520e1b69e36b3b4de' 'unsafe-inline' 'unsafe-eval' http://wx-static.drip.im/js/ http://res.wx.qq.com/open/js/jweixin-1.0.0.js http://eco-api.meiqia.com/ http://new-api.meiqia.com/ http://wxs-b.drip.im/js/ *.geetest.com *.qq.com http://hm.baidu.com http://isite.baidu.com;object-src *.qq.com *.youku.com *.drip.im;frame-src *.qq.com *.youku.com eco-api.meiqia.com new-api.meiqia.com *.drip.im weixinping: weixin:; report-uri https://weixin.drip.im/wx-web/system/csp-report-parser 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.rawgit.com https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; style-src-elem 'self'  https://cdn.rawgit.com https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; report-uri https://www.eur.nl/report-uri/reportOnly 1
frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 1
script-src https://www.zavvi.com https://m.zavvi.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://fp.zenaps.com https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net; report-uri https://www.zavvi.com/cspReport.txt; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' static.chartbeat.com https: ; img-src 'self' http: https: data: ; font-src 'self' https: data: ; frame-src https: ; connect-src 'self' monitor.web-staging.com https: ; report-uri https://monitor.web-staging.com/csp 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://www.googletagmanager.com https://www.youtube.com https://bam.nr-data.net https://cdn.mxpnl.com https://ajax.cloudflare.com https://s7.addthis.com https://dnn506yrbagrg.cloudfront.net https://edge.addthis.com https://www.google-analytics.com https://s.ytimg.com https://connect.facebook.net https://js-agent.newrelic.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://m.addthis.com https://m.addthisedge.com https://betterment-prod-cdn.s3.amazonaws.com https://static.ads-twitter.com https://www.googleadservices.com https://static.zdassets.com https://assets.zendesk.com https://cdnjs.cloudflare.com https://cdn.mathjax.org https://collector-2087.tvsquared.com; script-src-elem 'self' https://static.zdassets.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://betterment-prod-cdn.s3.amazonaws.com https://static.ads-twitter.com https://www.googleadservices.com https://assets.zendesk.com https://m.addthisedge.com https://m.addthis.com https://cdnjs.cloudflare.com https://cdn.mathjax.org https://collector-2087.tvsquared.com https://siteintercept.qualtrics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://wwws.betterment.com https://bam.nr-data.net https://m.addthis.com https://api.mixpanel.com https://tt.betterment.com https://api.segment.io https://api.levelaccess.net https://ampcid.google.com https://betterment.zendesk.com https://stats.g.doubleclick.net https://ekr.zdassets.com https://ampcid.google.de https://ampcid.google.com.sg https://adservice.google.com https://www.google-analytics.com https://ampcid.google.com.ua https://ampcid.google.com.sa https://ampcid.google.ro https://ampcid.google.com.hk https://ampcid.google.co.bw https://ampcid.google.ca https://ampcid.google.iq https://ampcid.google.ae https://ampcid.google.com.tw https://api.greenhouse.io https://sentry.io https://ampcid.google.co.id https://ampcid.google.it https://ampcid.google.com.au https://ampcid.google.be https://ampcid.google.fr https://ampcid.google.co.kr https://ampcid.google.com.pk https://ampcid.google.co.in https://ampcid.google.bg https://ampcid.google.co.nz https://ampcid.google.es https://siteintercept.qualtrics.com https://http-inputs-betterment.splunkcloud.com https://ampcid.google.com.ng https://ampcid.google.no https://ampcid.google.com.ph https://ampcid.google.at https://ampcid.google.co.jp https://ampcid.google.co.za https://ampcid.google.com.pr https://ampcid.google.com.kw https://ampcid.google.com.co https://ampcid.google.dk; media-src 'self' https://ssl.gstatic.com; object-src 'none'; child-src 'self'; frame-src 'self' https://www.googletagmanager.com https://8538009.fls.doubleclick.net https://s7.addthis.com https://bid.g.doubleclick.net https://d1svladlv4b69d.cloudfront.net https://www.youtube.com https://edge.addthis.com https://www.facebook.com; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; report-uri https://sentry.io/api/1290889/security/?sentry_key=8d9a3ccbfa7843c09f44b9a209bd9c8e&sentry_environment=csp-production; 1
script-src https://www.coggles.com https://m.coggles.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.coggles.com/cspReport.txt; 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
default-src https: wss:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; report-uri https://stagesuunto.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
default-src 'self' data: https: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' data: https: blob:; img-src 'self' data: https:; font-src 'self' data: https:; worker-src * blob:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://huffintl.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=0e933dd2a95d01bfc6a37d094c629060 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
base-uri https://www.mbank.pl; report-uri https://wwwsk.csp.mbank.pl; default-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://tpc.googlesyndication.com https://www.youtube.com https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://i.ctnsnet.com https://c.imedia.cz https://track.adform.net; style-src 'self' 'report-sample' 'unsafe-inline' https://www.mbank.sk https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' 'report-sample' data: https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://*.fls.doubleclick.net https://www.google.com https://www.google.pl https://www.google.de https://www.google.co.uk https://www.google.nl https://www.google.fr https://www.google.se https://www.google.no https://www.google.be https://www.google.ie https://www.google.es https://www.google.dk https://www.google.ch https://www.google.hr https://www.google.cz https://www.google.it https://www.google.com.ua https://www.google.sk https://s.ytimg.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://khms0.googleapis.com https://khms1.googleapis.com https://i.ctnsnet.com https://gcm.ctnsnet.com https://cm.ctnsnet.com https://ipac.ctnsnet.com https://scm.ctnsnet.com https://inl.ctnsnet.com https://cdn.ctnsnet.com https://ib.adnxs.com https://secure.adnxs.com https://bcp.crwdcntrl.net https://c.imedia.cz https://track.adform.net; font-src 'self' 'report-sample' https://www.mbank.sk https://fonts.gstatic.com/; connect-src 'self' 'report-sample' https://www.mbank.sk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl; media-src 'self' 'report-sample' https://www.mbank.sk; object-src 'self' 'report-sample' https://www.mbank.sk https://www.youtube.com; frame-src 'self' 'report-sample' https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://tpc.googlesyndication.com https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; child-src 'self' 'report-sample' https://www.mbank.sk https://www.googletagmanager.com https://tagmanager.google.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com https://cz.hit.gemius.pl https://ls.hit.gemius.pl https://www.facebook.com; form-action 'self' 'report-sample' https://www.mbank.sk https://form.mbank.sk; frame-ancestors 'self' 'report-sample' https://www.mbank.sk;  1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1
object-src data: 'self' *.yeloplay.be *.telenet-ops.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.telenet.be *.yeloplay.be *.telenet-ops.be; img-src data: 'unsafe-inline' 'self' *.telenet.be *.yeloplay.be *.telenet-ops.be; style-src 'self' 'unsafe-inline'; media-src data: blob: 'self' *.telenet.be *.yeloplay.be *.telenet-ops.be; plugin-types application/silverlight application/x-silverlight; report-uri /report-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; report-uri //root 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fast.wistia.com fast.wistia.net *.wistia.com *.wistia.com form.jotform.com cdn.jotfor.ms secure.jotformpro.com submit.jotformpro.com www.google-analytics.com *.typekit.net *.litix.io checkout.stripe.com ajax.googleapis.com www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fonts.googleapis.com;child-src 'self' https://voicethread.com fast.wistia.com fast.wistia.net *.wistia.com player.vimeo.com submit.jotformpro.com https://*.facebook.com player.vimeo.com www.google.com checkout.stripe.com;connect-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net *.litix.io *.wistia.com *.litix.io performance.typekit.net submit.jotformpro.com checkout.stripe.com;font-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com use.typekit.net fonts.gstatic.com fonts.googleapis.com;form-action 'self'  https://voicethread.com submit.jotformpro.com;frame-ancestors none ;img-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net events.jotform.com cdn.jotfor.ms docs.google.com *.googleusercontent.com www.google-analytics.com https://*.facebook.com p.typekit.net stats.g.doubleclick.net *.litix.io;media-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com embed.wistia.com embedwistia-a.akamaihd.net;object-src 'self' https://prod-cdn.voicethread.com;report-uri /csp_report/; 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net script.crazyegg.com; style-src *.bellroy.com https: 'unsafe-inline' data:; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1
script-src 'unsafe-eval' 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1& 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; report-uri /report/ 1
default-src https: data: blob: about: 'unsafe-inline' 'unsafe-eval'; report-uri https://8f97ca7fe77acd3ff57dd08291fc4c61.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.marketo.net *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net; report-uri /api/v3/violations/csp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://m3knwt5xlxrylde4mnk41bfp.httpschecker.net/report 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=emimino 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 1
script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kmnb9njjp1xgm16brnc7t488.httpschecker.net/report; report-to https://kmnb9njjp1xgm16brnc7t488.httpschecker.net/report 1
img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net bat.bing.com res.cloudinary.com *.clover.com images.contentful.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.online-metrix.net *.perka.com t.powerreviews.com *.rfihub.com api.swiftype.com pixel.quantserve.com; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com bid.g.doubleclick.net *.fls.doubleclick.net docs.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com; connect-src 'self' *.clover.com wss://*.clover.com *.contentful.com www.google-analytics.com storage.googleapis.com api.greenhouse.io heapanalytics.com in.hotjar.com *.intercom.io wss://*.intercom.io *.optimizely.com *.perka.com *.powerreviews.com sentry.io api.swiftype.com; default-src 'self'; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com js.intercomcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdnjs.cloudflare.com googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com maps.googleapis.com tagmanager.google.com www.google.com www.googletagmanager.com *.greenhouse.io www.gstatic.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com ui.powerreviews.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com secure.quantserve.com; style-src 'self' 'unsafe-inline' devportal.uksouth.cloudapp.azure.com devjb.uksouth.cloudapp.azure.com sitjustbe.uksouth.cloudapp.azure.com preprodjustbe.uksouth.cloudapp.azure.com jbmpsandbox.azurewebsites.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com just.be sandbox.just.be portal.natwest-tyl.com ui.powerreviews.com; frame-ancestors devportal.uksouth.cloudapp.azure.com devjb.uksouth.cloudapp.azure.com sitjustbe.uksouth.cloudapp.azure.com preprodjustbe.uksouth.cloudapp.azure.com jbmpsandbox.azurewebsites.net *.clover.com just.be sandbox.just.be portal.natwest-tyl.com; media-src videos.ctfassets.net js.intercomcdn.com; object-src h.online-metrix.net; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/tr/prod 1
script-src https://www.myprotein.jp https://m.myprotein.jp 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.jp/cspReport.txt; 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' cdn.ravenjs.com www.googletagmanager.com www.google-analytics.com js.driftt.com js.hs-scripts.com js.hs-analytics.net; connect-src 'self' sentry.io reload.getsentry.net api.amplitude.com; img-src 'self' data: sentry-brand.storage.googleapis.com sentry-blog.storage.googleapis.com sentryio-assets.storage.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com track.hubspot.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' js.driftt.com player.vimeo.com; media-src sentryio-assets.storage.googleapis.com; report-uri https://sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.stripe.com cdnjs.cloudflare.com *.hytto.com *.googleadservices.com *.bing.com *.google-analytics.com *.stripe.network *.lovense.com *.riskified.com *.exoclick.com; style-src 'self' 'unsafe-inline' *.hytto.com *.lovense.com; img-src 'self' data: main.realsrv.com *.google.lu *.google.com.pr *.google.com.hk *.g.doubleclick.net *.google.fr *.google.de *.google.no *.google.rs *.google.com.ua *.google.co.uk *.riskified.com *.google.ru *.google.com.br *.stripe.com *.google.co.kr *.google.ro *.vimeocdn.com main.exosrv.com *.exoclick.com *.google.co.in *.google.co.il main.dynsrvtyu.com *.googletagmanager.com *.google.com.uy *.google.es *.google.cn *.hytto.com *.bing.com *.google.mn *.google.com.mx *.google.com.co *.google.com.kw *.google-analytics.com *.stripe.network *.lovense.com *.gstatic.com *.google.com.ar *.google.by *.google.com.au main.exdynsrv.com *.google.ca *.google.com.vn *.trafficjunky.net *.google.com; font-src 'self' data: *.hytto.com *.lovense.com *.gstatic.com; connect-src 'self' *.hytto.com *.doubleclick.net *.lovense.com *.riskified.com; media-src 'self' *.vimeo.com *.youtube.com *.hytto.com *.lovense.com; object-src 'self' *.hytto.com *.lovense.com; frame-src 'self' *.googletagmanager.com *.vimeo.com *.stripe.com *.youtube.com *.hytto.com *.lovense.com; child-src 'self' blob: blob *.hytto.com *.lovense.com; worker-src 'self' blob: blob *.hytto.com *.lovense.com; form-action 'self' *.vimeo.com *.hytto.com *.lovense.com vimeo.com; manifest-src 'self' *.hytto.com *.lovense.com; report-uri /csp-report; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://static.infoclimat.net http://static.infoclimat.net 'unsafe-inline' 1
default-src https: blob: android-webview-video-poster: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://6lubylb0fb.execute-api.eu-west-1.amazonaws.com/prod/report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
report-uri https://csp.edipresse.pl/report/wizaz; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
script-src 'unsafe-eval' 'unsafe-inline' https://medpeer.jp/plugin/js/ https://medpeer.jp/plugin/jquery.colorbox/ https://medpeer.jp/plugin/ckeditor/ https://medpeer.jp/js2/vendor/ https://medpeer.jp/js2/medpeer/ https://medpeer.jp/assets/ https://medpeer.jp/packs/ https://www.googletagmanager.com/gtm.js https://static.karte.io/libs/tracker.js https://stats.g.doubleclick.net/dc.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/collect https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ga/inpage_linkid.js https://www.gstatic.com/charts/ https://b92.yahoo.co.jp/js/s_retargeting.js https://b92.yahoo.co.jp/search/ https://js.rtoaster.jp/Rtoaster.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/524553294314513 https://static.ads-twitter.com/uwt.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1051141260/ https://ad0.pinpointdmp.com/javascripts/pinpoint.js https://rt.rtoaster.jp/t/ https://js-agent.newrelic.com/ https://bam.nr-data.net/1/ https://www.googleadservices.com/pagead/conversion/938354904/ https://t.karte.io/track https://analytics.twitter.com/i/adsct https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://d37gvrvc0wt4s1.cloudfront.net/js/; object-src 'none'; base-uri 'none'; report-uri https://medpeer.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
default-src 'self' https://www.epay.bg https://online.epay.bg 'unsafe-inline' ; img-src 'self' data: https://www.epay.bg https://online.epay.bg ; frame-src https: ; report-uri https://www.epay.bg/csp 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://ssl.google-analytics.com https://www.google-analytics.com https://google-analytics.com www.google.com www.gstatic.com cdn.paddle.com checkout.paddle.com https://*.zopim.com *.zdassets.com; frame-src www.google.com checkout.paddle.com buy.paddle.com create-checkout.paddle.com; connect-src 'self' d31j93rd8oukbv.cloudfront.net ssl.google-analytics.com analytics.paddle.com browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.mx&source%5Bsection%5D=brochure&source%5Buuid%5D=38e368d90dd7e17532e5f0cd1faf3b58 1
script-src https://www.myprotein.es https://m.myprotein.es 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.es/cspReport.txt; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
default-src https://assets.easypost.com; script-src assets.easypost.com track.easypost.com cdn.ravenjs.com www.googletagmanager.com www.google-analytics.com d.adroll.com s.adroll.com www.gstatic.com www.google.com checkout.stripe.com cdn.plaid.com 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-zHMpQJiR6TH7azasrorKkYptGQpPYMAnG6JSoBRbZtw=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc='; style-src track.easypost.com 'unsafe-inline' assets.easypost.com www.gstatic.com; img-src track.easypost.com assets.easypost.com assets.track.easypost.com www.google-analytics.com www.gstatic.com q.stripe.com brand.easypostpartnercontent.com www.googletagmanager.com ssl.google-analytics.com data:; font-src assets.easypost.com track.easypost.com fonts.gstatic.com data:; connect-src https://www.google.com track.easypost.com www.easypost.com www-canary.easypost.com usps.easypost.com usps.easypost.com checkout.stripe.com www.google-analytics.com boards-api.greenhouse.io sentry.io; worker-src assets.easypost.com www.gstatic.com www.google.com; frame-src hire.withgoogle.com cdn.plaid.com checkout.stripe.com track.easypost.com www.googletagmanager.com www.google.com; report-uri https://sentry.io/api/1431584/security/?sentry_key=c94f0945b0d34659b3df102773f484d9 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://netdna.bootstrapcdn.com static.syukatsulabo.jp; img-src * data: https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://static.syukatsulabo.jp https://use.fontawesome.com https://netdna.bootstrapcdn.com https://s3-ap-northeast-1.amazonaws.com data: https://cdnjs.cloudflare.com; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://www.googletagmanager.com https://web.facebook.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/; connect-src 'self' https://log.syukatsulabo.jp https://www.google-analytics.com https://stats.g.doubleclick.net https://api.ipify.org https://s3-ap-northeast-1.amazonaws.com https://static.syukatsulabo.jp tag-api.dmm.com/v1.0 stg-tag-api.dmm.com/v1.0 https://trac.i3.dmm.com/ https://stg-trac-i3.dmm.com/ https://stg-trac.i3.syukatsulabo.jp; script-src 'report-sample' 'nonce-ctSBHqLUt5+ENVtgOmQrA59gk8c=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; report-uri https://syukatsunet.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src 'self' https://*.ruvilla.com https://*.dtlr.com https://bam.nr-data.net wss://*.zopim.com https://*.zendesk.com https://*.gstatic.com https://*.gravatar.com/ https://*.powerreviews.com https://*.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.ruvilla.com https://*.dtlr.com https://ruvilla.queue-it.net https://assets.queue-it.net https://static.queue-it.net https://www.pepperjamnetwork.com https://code.jquery.com https://analytics.twitter.com https://bat.bing.com https://static.ads-twitter.com https://twitter.com https://js.gleam.io https://*.zenaps.com https://*.veinteractive.com https://*.facebook.net https://www.googleadservices.com https://www.google.com https://www.googletagmanager.com https://*.googleapis.com https://translate.google.com https://*.google-analytics.com https://www.gstatic.com https://tpc.googlesyndication.com https://*.getsidecar.com https://www.dwin1.com https://*.cloudfront.net https://*.zendesk.com https://*.zdassets.com https://*.listrakbi.com https://*.curalate.com https://*.newrelic.com https://*.nr-data.net https://*.zopim.com https://*.powerreviews.com https://*.iesnare.com https://*.rawgit.com https://*.cloudflare.com https://*.datatables.net https://www.paypalobjects.com https://www.paypal.com; style-src 'self' 'unsafe-inline' https://*.ruvilla.com https://*.dtlr.com https://cdn.listrakbi.com https://*.bootstrapcdn.com https://*.powerreviews.com https://*.googleapis.com https://cdn.joinhoney.com; img-src data: https://*.ruvilla.com https://*.dtlr.com https://use.fontawesome.com https://res.cloudinary.com https://*.zenaps.com https://*.pinterest.com https://*.veinteractive.com https://www.paypalobjects.com https://www.xtento.com https://widgets.magentocommerce.com http://www.google.com https://translate.google.com https://translate.googleapis.com https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://www.googletagmanager.com https://*.googlesyndication.com https://i.ytimg.com https://www.awin1.com https://c1.adform.net https://bam.nr-data.net https://ib.adnxs.com https://cm.adform.net https://*.dtlr.com https://www.facebook.com https://t.co https://bat.bing.com https://secure.adnxs.com https://*.cloudfront.net/ https://*.listrakbi.com https://*.powerreviews.com https://*.zopim.com  https://*.gstatic.com https://secure.gravatar.com https://cdn.joinhoney.com; font-src 'self' data: https://*.ruvilla.com https://*.dtlr.com https://*.zopim.com https://storage.googleapis.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://cdn.joinhoney.com https://use.fontawesome.com; connect-src 'self' data: https://*.ruvilla.com https://*.dtlr.com wss://www.ruvilla.com/ wss://www.dtlr.com https://api.ipify.org https://code.jquery.com https://*.zenaps.com https://api.curalate.com https://*.powerreviews.com https://www.google.com https://www.google-analytics.com https://*.doubleclick.net https://*.veinteractive.com https://awsui.powerreviews.com https://villacustserv.zendesk.com https://*.zdassets.com wss://*.zopim.com https://*.zopim.com https://bam.nr-data.net https://www.paypal.com; frame-src 'self' data: https://*.ruvilla.com https://*.dtlr.com https://*.veinteractive.com https://*.facebook.com https://*.facebook.net https://www.instagram.com https://*.kaptcha.com https://www.google.com https://www.googletagmanager.com https://translate.googleapis.com https://*.googlesyndication.com https://www.youtube.com https://*.zenaps.com https://t.pepperjamnetwork.com https://gleam.io https://*.twitter.com; media-src 'self' data: https://www.ruvilla.com https://www.dtlr.com; report-uri https://remote-monitoring.dvwebops.com/notify-csp-reports.php 1
script-src https://www.lookfantastic.cn https://m.lookfantastic.cn 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://hm.baidu.com https://tag.baidu.com; report-uri https://www.lookfantastic.cn/cspReport.txt; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://78bea4bf87b149c097165aa3d49e632d.myssl-uri.com/api/csp-report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
default-src 'self' *.rocketbank.ru *.rocket-cdn.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rocket-cdn.ru *.googleadservices.com bam.nr-data.net static.criteo.net pixel.betweenx.com www.googletagmanager.com api-maps.yandex.ru yandex.st connect.facebook.net enterprise.api-maps.yandex.ru mc.yandex.ru stats.g.doubleclick.net top-fwz1.mail.ru vk.com www.google-analytics.com www.google.com cdn.jsdelivr.net js-agent.newrelic.com maps.googleapis.com; connect-src 'self' rocketbank.ru report.rocket-cdn.ru stats.g.doubleclick.net dadata.ru suggestions.dadata.ru top-fwz1.mail.ru mc.yandex.ru www.facebook.com www.google-analytics.com; frame-src 'self' *.fls.doubleclick.net *.googleadservices.com stats.g.doubleclick.net mc.yandex.ru www.google-analytics.com www.google.com www.facebook.com gum.criteo.com; media-src 'self' blob: ; img-src 'self' data: blob: *.rocket-cdn.ru maps.googleapis.com maps.gstatic.com api-maps.yandex.ru top-fwz1.mail.ru enterprise.api-maps.yandex.ru mc.yandex.ru *.maps.yandex.net vk.com www.facebook.com www.google-analytics.com www.google.ru www.google.com stats.g.doubleclick.net s3.amazonaws.com login.vk.com; style-src 'self' 'unsafe-inline' blob: *.rocket-cdn.ru cdn.jsdelivr.net; font-src 'self' data: https:; frame-ancestors 'self' *.rocketbank.ru webvisor.com *.yandex.net; report-uri https://report.rocket-cdn.ru/api/4/security/?sentry_key=0cc52e6197f842eeadf0de5d2c3cf600 1
default-src 'self' *.worlddancesport.org www.google-analytics.com staticxx.facebook.com; font-src 'self' data: cdnw.worlddancesport.org fonts.gstatic.com; connect-src 'self' clients6.google.com dc.services.visualstudio.com *.addthis.com www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' *.worlddancesport.org www.google.com browser-update.org; img-src data: *.worlddancesport.org *.ytimg.com *.facebook.com *.google.com *.calameoassets.com *.vimeocdn.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googleapis.com browser-update.org; script-src 'self' 'unsafe-inline' cdnw.worlddancesport.org az416426.vo.msecnd.net *.facebook.com *.facebook.net *.twitter.com *.addthis.com *.addthisedge.com *.google.com www.googleapis.com www.google-analytics.com browser-update.org; child-src 'self' cdnb.worlddancesport.org *.facebook.com *.twitter.com *.addthis.com *.google.com www.youtube.com player.vimeo.com www.saferpay.com; upgrade-insecure-requests; report-uri https://7ab93b867c81f64df54af5d5e2cd45ea.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'self'; base-uri 'self'; child-src 'self' cdn.nakedapartments.com *.twitter.com *.facebook.com www.youtube.com player.vimeo.com *.google.com tpc.googlesyndication.com; connect-src 'self' wss: www.google-analytics.com www.google.com securepubads.g.doubleclick.net cdn.nakedapartments.com bam.nr-data.net; font-src 'self' data: fonts.gstatic.com cdn.nakedapartments.com; form-action 'self' github.com; frame-ancestors 'none'; img-src 'self' 'unsafe-inline' data: cdn.nakedapartments.com *.streeteasy.com *.yelpcdn.com *.ggpht.com cbks0.googleapis.com 1520522.r.msn.com 1520522.r.bat.bing.com www.facebook.com www.google-analytics.com web.facebook.com www.appelsiini.net www.googleadservices.com tpc.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net s3.amazonaws.com csi.gstatic.com pagead2.googlesyndication.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com *.google.com *.realtymx.com; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.nakedapartments.com platform.twitter.com *.google.com ssl.google-analytics.com flex.msn.com js.pusher.com stats.pusher.com maps.googleapis.com pagead2.googlesyndication.com s3.amazonaws.com www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googletagservices.com www.googleadservices.com securepubads.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' cdn.nakedapartments.com *.google.com *.googleapis.com; report-uri https://1627f29bce741ebdc46108ecd8ebba3c.report-uri.io/r/default/csp/reportOnly 1
default-src https: 'unsafe-inline'; report-uri https://t2nzrlhfwl.execute-api.ap-northeast-1.amazonaws.com/release/ 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
default-src 'self' https: blob:; frame-src 'self' https:; media-src https: data: blob:; worker-src https: blob:; img-src https: data: blob:; connect-src 'self' https: data: blob: wss:; font-src https: data:; form-action 'self' https:; object-src 'self' https: blob:; script-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: data: blob: 'unsafe-inline'; report-uri https://kinja.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; form-action https:; report-uri https://arlingtonva.report-uri.io/r/default/csp/reportOnly; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AJO3FBRUE6J4S:sid=261-2444992-9053765:rid=4XA1TFYWT3QTMK902VFQ:sn=www.audible.in 1
script-src https://www.probikekit.jp https://m.probikekit.jp 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.probikekit.jp/cspReport.txt; 1
script-src https://www.skinstore.com https://m.skinstore.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com; report-uri https://www.skinstore.com/cspReport.txt; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://* data:;                                                report-uri https://homestay.report-uri.io/r/default/csp/reportOnly 1
script-src https://www.myprotein.it https://m.myprotein.it 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.it/cspReport.txt; 1
default-src 'self' https:; font-src 'self' https: data:; frame-ancestors 'none'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /loadnocache/csp-report 1
report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=ekstraklasa.tv::UCS 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=e028d8a7a0c8fb767f43f86eb6ff854b 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://trlhvadgdetff1t0lc6gw4oo.httpschecker.net/report 1
default-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; connect-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; font-src 'self' https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* data:; frame-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* http://*.twimg.com http://itunes.apple.com; img-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* data:; media-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; object-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://db14a374o5s8l.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://*; 1
default-src 'self' cas.avalon.perfdrive.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; frame-src 'self' blob: www.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.empruntis.com player.vimeo.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; img-src data: blob: www.google.com www.googletagmanager.com www.google.fr www.google-analytics.com stats.g.doubleclick.net www.facebook.com gl.hostcg.com api.mapbox.com static.intercomassets.com maps.googleapis.com maps.gstatic.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; child-src blob:; media-src *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; script-src 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com/ajax/libs/rollbar.js/ cdn.polyfill.io www.google-analytics.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com connect.facebook.net *.realytics.io cdn-eu.realytics.net gl.hostcg.com actorssl-5637.kxcdn.com js-agent.newrelic.com bam.nr-data.net *.perfdrive.com *.algolia.net *.algolianet.com widget.intercom.io js.intercomcdn.com d3js.org code.highcharts.com/highcharts.js *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; connect-src 'self' api.realytics.io m.realytics.io api.rollbar.com *.mapbox.com tile.meilleursagents.com stats.g.doubleclick.net www.google-analytics.com bam.nr-data.net *.perfdrive.com statcache-5637.kxcdn.com www.facebook.com *.algolia.net *.algolianet.com api-iam.intercom.io *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; font-src 'self' fonts.gstatic.com js.intercomcdn.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; worker-src blob:; report-uri /csp-report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri /csp-report/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com; report-uri /csp-reports 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1
default-src 'self' https://healthengine.com.au https://*.healthengine.com.au https://d2g92a8pyizotc.cloudfront.net https://ds85ahg0xxb4i.cloudfront.net https://d3o6iw1i9icjwo.cloudfront.net https://d3j3gy15otidth.cloudfront.net https://*.adobedtm.com https://*.tt.omtrdc.net https://*.demdex.net https://*.everesttech.net https://dev.appboy.com https://js.appboycdn.com https://use.fontawesome.com https://*.branch.io https://app.link https://*.google.com https://*.google.com.au https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.youtube.com https://cdnjs.cloudflare.com https://*.bootstrapcdn.com https://cdn.ravenjs.com https://cdn.jsdelivr.net https://files.healthengine.com.au.s3-ap-southeast-2.amazonaws.com https://healthengine.imgix.net https://*.hotjar.com https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://platform.twitter.com https://syndication.twitter.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://*.algolia.net https://*.algolianet.com https://*.addressify.com.au https://mappify.io 'unsafe-inline' 'unsafe-eval' data:; report-uri https://hesecurity.report-uri.com/r/d/csp/reportOnly; report-to https://hesecurity.report-uri.com/r/d/csp/reportOnly; 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://comments.grahamedgecombe.com https://www.google-analytics.com; connect-src 'self' https://comments.grahamedgecombe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com; frame-ancestors 'none'; report-uri https://gpe.report-uri.io/r/default/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; font-src 'self'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
frame-ancestors  http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src  http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://bvnux2bdnmvrbyg5ptbbmxge.httpschecker.net/report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https:; report-uri /csp-report 1
script-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com gitcdn.github.io www.google-analytics.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com gitcdn.github.io cdnjs.cloudflare.com; img-src 'self' data: www.google-analytics.com code.jquery.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com firebasestorage.googleapis.com https://api.github.com https://discordapp.com; media-src 'none'; object-src 'none'; child-src 'self'; worker-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://ffbeequip.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.ssl-images-amazon.com https://*.doubleverify.com https://*.amazon-adsystem.com https://www.googleapis.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://rules.quantcount.com https://secure.quantserve.com https://ssl.google-analytics.com https://wms.assoc-amazon.com https://stats.g.doubleclick.net https://seal.geotrust.com https://www.google-analytics.com https://edge.quantserve.com https://ajax.googleapis.com; connect-src 'self' https://m.addthis.com; img-src 'self' https://resources.tidal.com https://dt.adsafeprotected.com https://*.moatads.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://i.ytimg.com https://s1.ticketm.net https://seal.geotrust.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com http://img.besteveralbums.com http://albumart.besteveralbums.com https://pixel.quantserve.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.facebook.com https://widgets.itunes.apple.com https://s7.addthis.com https://*.doubleverify.com; 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net http://staging.shirtspace.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.crazyegg.com d2tic578h94r8u.cloudfront.net 'nonce-Yb+oI4VIiujBa7p/LaD28A=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.typekit.net 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net www.google.com s7.addthis.com assets.pinterest.com player.vimeo.com; connect-src 'self' *.braintreegateway.com *.google-analytics.com *.g.doubleclick.net *.braintree-api.com checkout.paypal.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com *.honeybadger.io www.facebook.com *.crazyegg.com d2tic578h94r8u.cloudfront.net; report-uri /csp_reports 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hs-growth-metrics.com https://*.usemessages.com https://*.hsadspixel.net https://*.hubapi.com https://seal.verisign.com/ https://cdn.datatables.net https://js.hscta.net https://forms.hsforms.com https://code.jquery.com https://*.greenhouse.io https://*.fontawesome.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.swiftype.com https://*.outbrain.com https://*.digicert.com https://*.polyfill.io https://*.swiftypecdn.com https://*.typekit.net  https://*.bootstrapcdn.com https://*.jsdelivr.net https://*.hsforms.net https://*.youtube-nocookie.com https://*.youtube.com  https://*.optimizely.com https://*.mxpnl.com https://*.cloudflare.com https://*.hsforms.net https://*.gstatic.com https://*.googleapis.com https://*.amazonaws.com https://*.mixpanel.com https://*.hs-scripts.com https://www.googleadservices.com https://*.rlcdn.com https://*.adroll.com https://*.openx.net https://*.adnxs.com https://*.bidswitch.net https://*.rubiconproject.com https://*.google.com https://*.gigya.com https://*.twitter.com https://*.ziggeo.com https://*.hubspot.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.hsleadflows.net https://*.hs-analytics.net https://*.linkedin.com https://*.yahoo.com https://*.google-analytics.com https://*.alooma.com https://*.bizographics.com https://*.crowdrise.com https://*.licdn.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* data:; connect-src https://*.crowdrise.com 'self' https://*.mixpanel.com https://*.hubapi.com https://*.hubspot.com https://*.alooma.com https://*.nr-data.net https://*.ziggeo.com https://*.twitter.com  https://*.optimizely.com https://*.doubleclick.net https://*.google-analytics.com https://*.typekit.net; report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A1QAP3MOU4173J:sid=356-8530490-0342904:rid=HP6VEDVVWCMSN7JS3PAX:sn=www.audible.co.jp 1
block-all-mixed-content; report-uri https://freeml.report-uri.com/r/t/csp/reportOnly 1
default-src https://*.scripbox.com/ 'self'; base-uri 'self'; block-all-mixed-content; child-src https://disqus.com https://*.facebook.com https://*.facebook.net https://platform.twitter.com https://www.googletagmanager.com https://player.vimeo.com https://dis.as.criteo.com https://syndication.twitter.com/ https://www.airim.co/ https://cdn.airim.co/ https://storage.googleapis.com/airim https://www.google.com/maps/embed https://app.recruiterbox.com/static/lib/ 'self'; connect-src https://scripbox.com/ https://*.scripbox.com/ https://api.amplitude.com/ https://api.mixpanel.com https://sumo.com https://api2.branch.io https://tracker.scripbox.io https://*.google.com https://performance.typekit.net https://ampcid.google.co.in https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.in https://widgets.ekomi.com https://s3.eu-central-1.amazonaws.com/smart-widget/ https://d1lpu0illwydyy.cloudfront.net/ https://utilities.collatebox.com/webServerUtilities.ashx https://utilities.collatebox.com/referralredirect.ashx https://web.collatebox.com/bots/prod/Tira_dev/fbace.ashx https://web.collatebox.com/assets/scripbox/ https://app.airim.co/api/widget/ https://*.pusher.com/pusher/app/308fe5e218c8eaf086a5/ wss://ws-ap2.pusher.com/app/ https://anugu-xeaipw6sqtfv.scripbox.com/api/nudge https://fcm.googleapis.com/fcm/connect/ scripbox.com 'self'; font-src https://use.typekit.net https://js.intercomcdn.com/ https://fonts.gstatic.com https://*.scripbox.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ https://netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/ data: 'self'; form-action 'self' *.scripbox.com *.facebook.com *.facebook.net *.twitter.com accounts.google.com; img-src https://*.scripbox.com/ https://dusy1lvven6c5.cloudfront.net/ https://dhkxjydftn2u5.cloudfront.net/ https://p.typekit.net/p.gif https://*.scripbox.io https://www.google-analytics.com/ https://stats.g.doubleclick.net https://trc.taboola.com https://www.facebook.com/tr/ https://www.google.com/ https://www.google.co.in https://t.co https://sumome-140a.kxcdn.com https://sumo.com https://*.disqus.com https://*.disquscdn.com https://*.googleusercontent.com https://maps.googleapis.com https://q.quora.com https://*.gstatic.com https://*.facebook.com https://*.fbcdn.net https://s3.eu-central-1.amazonaws.com/smart-widget/ https://*.linkedin.com https://static.licdn.com https://i.vimeocdn.com https://w.recruiterbox.com https://dev.visualwebsiteoptimizer.com https://d1lpu0illwydyy.cloudfront.net https://sw-assets.ekomiapps.de https://sumo.b-cdn.net https://www.googletagmanager.com https://ad.doubleclick.net https://cm.g.doubleclick.net https://adservice.google.com https://adservice.google.co.in https://abs.twimg.com https://ads.instabid.tech https://www.googleadservices.com/pagead/conversion/801472607/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/801472607/ https://money.dailyhunt.in/tracker https://chat.acebot.ai/v2/ https://cdn.branch.io https://syndication.twitter.com/ https://web.collatebox.com/assets/scripbox/ https://*.s3-ap-southeast-1.amazonaws.com data: https://secure.adnxs.com https://imp2.ads.linkedin.com/ android-webview-video-poster: 'self'; media-src https://*.scripbox.com/ https://js.intercomcdn.com/ 'self'; object-src 'self'; plugin-types application/x-shockwave-flash; script-src https://use.typekit.net https://www.googletagmanager.com https://*.scripbox.com/ https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://tracker.scripbox.io/piwik.js https://web.mxradon.com/t/Tracker.js https://cdn.mxpnl.com https://cdn.taboola.com/libtrc/scripboxindia-sc/tfa.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://web.mxradon.com https://connect.facebook.net https://*.intercom.io https://d24n15hnbwhuhn.cloudfront.net https://analytics.twitter.com https://sumome-140a.kxcdn.com https://load.sumome.com/ https://cdn.branch.io https://app.link https://disqus.com https://*.disqus.com https://*.disquscdn.com https://secure.adnxs.com https://*.linkedin.com https://*.bizographics.com https://linkedin.com https://bizographics.com https://a.quora.com https://cdn.ampproject.org https://ajax.googleapis.com/ajax/libs/jquery/ https://maps.googleapis.com https://widgets.ekomi.com https://s3.eu-central-1.amazonaws.com/smart-widget/ https://cdnjs.cloudflare.com/ajax/libs/tether/ https://dev.visualwebsiteoptimizer.com https://tagmanager.google.com https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://sumo.b-cdn.net https://www.gstatic.com/firebasejs/4.8.1/firebase-app.js https://www.gstatic.com/firebasejs/4.8.1/firebase-messaging.js https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/ https://www.airim.co/chat https://storage.googleapis.com/airim https://platform.twitter.com/widgets.js https://sw-assets.ekomiapps.de/static_resources/jquery.min.js https://chat.acebot.ai/v2/ https://code.jquery.com/jquery-3.3.1.slim.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://cdn.airim.co/ https://player.vimeo.com/api/player.js 'self' 'unsafe-eval' 'nonce-vYWFgh3S+KuyTiveh22cFPv1DGJN640rqqIR8AgdX98='; style-src https://maxcdn.bootstrapcdn.com https://*.scripbox.com/ https://sumome-140a.kxcdn.com https://fonts.googleapis.com https://*.disqus.com https://*.disquscdn.com https://widgets.ekomi.com https://s3.eu-central-1.amazonaws.com/smart-widget/ https://w.recruiterbox.com https://tagmanager.google.com https://cdn-images.mailchimp.com/embedcode/classic-10_7.css https://sumo.b-cdn.net https://sw-assets.ekomiapps.de https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://use.typekit.net/rxd6tca.css https://p.typekit.net/ https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/ https://platform.twitter.com/css/moment https://storage.googleapis.com/airim https://chat.acebot.ai/v2/ https://cdn.airim.co/ https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css 'self' 'unsafe-inline'; upgrade-insecure-requests; report-uri https://errors.scripbox.com/api/16/csp-report/?sentry_key=3f1bbc591c2e4851a946b2496e4a5ddf 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net fonts.googleapis.com en-us.eaglemoss.com fonts.gstatic.com www.googletagmanager.com eagle11134.pcapredict.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net services.postcodeanywhere.co.uk staticxx.facebook.com reporting.eaglemoss.com img.youtube.com www.facebook.com dis.eu.criteo.com static.criteo.net stats.g.doubleclick.net www.google-analytics.com goverseer.wishpond.com jambo.wishpond.com cdn.wishpond.net www.wishpond.com vars.hotjar.com api.optmnstr.com ct.pinterest.com www.google.com snapsmedia.io in.hotjar.com embedded.wishpondpages.com www.youtube.com platform.twitter.com syndication.twitter.com pbs.twimg.com ton.twimg.com www.w3.org abs.twimg.com a.optmnstr.com bid.g.doubleclick.net gum.criteo.com z.optmnstr.com cdn.lightwidget.com 8793740.fls.doubleclick.net webfonts.zohostatic.com ws1.hotjar.com api.optmstr.com a.mstrlytcs.com web.facebook.com psr.fuel451.com ws5.hotjar.com lightwidget.com www.lightwidget.com server.adform.net payment.pay3.secured-by-ingenico.com ws3.hotjar.com; img-src *; object-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net fonts.googleapis.com en-us.eaglemoss.com fonts.gstatic.com www.googletagmanager.com eagle11134.pcapredict.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net services.postcodeanywhere.co.uk staticxx.facebook.com widget.eu.criteo.com sslwidget.criteo.com static.criteo.net www.google-analytics.com a.optmnstr.com s.pinimg.com script.hotjar.com googleads.g.doubleclick.net cdn.wishpond.net www.googleadservices.com a.optmstr.com pixel.snapsmedia.io static.hotjar.com cdn.syndication.twimg.co cdn.syndication.twimg.com platform.twitter.com ajax.googleapis.com cdn.fuelx.com www.lightwidget.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net services.postcodeanywhere.co.uk platform.twitter.com ton.twimg.com ajax.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-elem cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://unpkg.com unpkg.com; style-src-elem cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl; img-src * 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/logging/log_csp_report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data 1
script-src https://www.allsole.com https://m.allsole.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.allsole.com/cspReport.txt; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.adelphi.edu/_logger/csp.php?host=www.adelphi.edu 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=137-9865038-2627234:rid=PXTTRZGEY51887T928EY:sn=www.audible.com 1
script-src https://www.myprotein.ru https://m.myprotein.ru 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://mc.yandex.ru; report-uri https://www.myprotein.ru/cspReport.txt; 1
script-src https://www.thehut.com https://m.thehut.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.thehut.com/cspReport.txt; 1
script-src https://www.iwantoneofthose.com https://m.iwantoneofthose.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.iwantoneofthose.com/cspReport.txt; 1
default-src 'self'; script-src 'self' files.plugin-alliance.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net analytics.twitter.com platform.twitter.com 'unsafe-inline'; style-src 'self' files.plugin-alliance.com cdnjs.cloudflare.com 'unsafe-inline'; img-src 'self' data: files.plugin-alliance.com i.ytimg.com img.youtube.com yt3.ggpht.com www.google-analytics.com www.facebook.com analytics.twitter.com t.co; font-src 'self' files.plugin-alliance.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.youtube.com embed.pivotshare.com d271ulnm1ao6ig.cloudfront.net w.soundcloud.com www.facebook.com staticxx.facebook.com; form-action 'self' plugin-alliance.us3.list-manage.com; upgrade-insecure-requests; block-all-mixed-content; disown-opener; reflected-xss block; referrer no-referrer-when-downgrade; report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=05e1c476f350a055b443112fdaf0e747 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.de&source%5Bsection%5D=brochure&source%5Buuid%5D=d41f93e83bffc268852795ffad39ff32 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com sentry.io app.getsentry.com api.unsplash.com; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com; manifest-src assets.sutori.com; report-uri https://sutori.report-uri.com/r/d/csp/reportOnly; 1
script-src https://www.lookfantastic.com.hk https://m.lookfantastic.com.hk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.com.hk/cspReport.txt; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: blob: *.pivotaltracker.com *.swiftypecdn.com *.typekit.net *.google.com *.googleapis.com *.googleadservices.com *.addthis.com *.addthisedge.com *.mxpnl.com *.mixpanel.com *.google-analytics.com *.cloudflare.com *.trustarc.com *.newrelic.com *.nr-data.net *.googletagmanager.com googleads.g.doubleclick.net *.disqus.com *.disquscdn.com js.stripe.com; report-uri /services/area_51/security_content_violations 1
default-src 'self'; img-src 'self' 'unsafe-inline' data: buzznet.ru counter.yadro.ru www.google-analytics.com avatars-fast.yandex.net favicon.yandex.net an.yandex.ru mc.yandex.ru yastatic.net static.leadia.ru api.leadiacloud.com api.cloudleadia.com; script-src 'unsafe-eval' 'nonce-RAND' an.yandex.ru yandex.st yastatic.net mc.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com pagead2.googlesyndication.com an.yandex.ru mc.yandex.ru yandex.st form.leadiacloud.com api.leadiacloud.com api.cloudleadia.com; style-src 'unsafe-inline' 'unsafe-eval' 'nonce-RAND' yandex.st yastatic.net; frame-src 'self' googleads.g.doubleclick.net form.leadiacloud.com api.leadiacloud.com api.cloudleadia.com awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru; connect-src 'self' www.google-analytics.com yandex.ru an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net; media-src *.yandex.net yandex.st yastatic.net; report-uri http://zakonbase.ru/csp 1
block-all-mixed-content; report-uri /csp-report?p=; connect-src 'self' https://runkit.com https://www.facebook.com/tr/ https://stats.g.doubleclick.net/j/collect https://www.google-analytics.com https://errors.stripe.com; frame-src 'self' https://runkit.com https://platform.twitter.com https://syndication.twitter.com https://connect.facebook.net/ https://js.stripe.com; media-src 'self' https://d37ugbyn3rpeym.cloudfront.net; script-src 'self' 'nonce-LaQVgfRyk416X8G7cxm5MA==' https://embed.runkit.com https://platform.twitter.com/widgets.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://ga.clearbit.com/v1/ga.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js 'sha256-imsFFurH1ga4dD0qKUrFgho9H3IWz4uSv9zqGPhDauo=' 'sha256-hOAiTeVRh1G6sL37DRPcchapAacG4IsPVHh/NWUtqzY=' 'sha256-xCVAFjvclbG6Z0PLN11uLptfgK7kytY1ciHdDJwZhrQ=' 'sha256-0cbzpPToyinPtZRkh8nit24VtCOx9DV0QrXA0aSbexs=' 'unsafe-eval' https://js.stripe.com 'report-sample'; img-src 'self' data: https://www.facebook.com/tr/ https://stats.g.doubleclick.net/r/collect https://www.google.com/ads/ga-audiences https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://dc.ads.linkedin.com/collect/ https://www.linkedin.com/px/ https://px.ads.linkedin.com https://q.stripe.com https://*.stripecdn.com/site-srv/assets; style-src 'self' 'unsafe-inline' https://fast.fonts.net/t/1.css; font-src 'self' data:; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://syndication.twitter.com/i/jot https://connect.facebook.net/log/fbevents_telemetry/ 1
script-src https://www.popinabox.co.uk https://m.popinabox.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.popinabox.co.uk/cspReport.txt; 1
default-src 'self' *.ccavenue.com *.fonepaisa.com view.officeapps.live.com www.google.com use.fontawesome.com; connect-src 'self' *.elitmus.com *.elitmus.net err.elitmusmail.com *.google-analytics.com wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com; object-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' cdn0.elitmus.net google-analytics.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1
default-src 'self' media.secure-mobiles.com facebook.com google.com drs2.veinteractive.com in.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com www.googleadservices.com media.secure-mobiles.com googleads.g.doubleclick.net accdn.lpsnmedia.net smct.co beacon.krxd.net cdn.api.twitter.com connect.facebook.net consumer.krxd.net fp.zenaps.com lo.v.liveperson.net lpcdn.lpsnmedia.net lptag.liveperson.net media.secure-mobiles.com script.hotjar.com static.hotjar.com tagconv.com www.everestjs.net www.hotukdeals.com www.zenaps.com stats.g.doubleclick.net mpsnare.iesnare.com www.dwin1.com *.veinteractive.com *.googleapis.com *.google.com *.bing.com *.krxd.net *.cloudfront.net *.reevoo.com *.facebook.net *.hotjar.com *.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googleadservices.com media.secure-mobiles.com cdn.mark.reevoo.com fonts.googleapis.com mark.reevoo.com translate.googleapis.com; frame-src 'self' vars.hotjar.com cdn.krxd.net edigitalsurvey.com connect.facebook.net lpcdn.lpsnmedia.net pixel.everesttech.net server.lon.liveperson.net settings.idmobile.co.uk smct.co vars.hotjar.com www.everestjs.net www.facebook.com www.googletagmanager.com www.three.co.uk www.zenaps.com *.veinteractive.com *.fls.doubleclick.net mark.reevoo.com; font-src 'self' data: cdn.mark.reevoo.com fonts.gstatic.com; img-src 'self' data: www.google-analytics.com *.bing.com media.secure-mobiles.com *.visualwebsiteoptimizer.com *.facebook.com *.google.com *.google.co.uk www.googletagmanager.com *.bing.com stats.g.doubleclick.net lpcdn.lpsnmedia.net apiservices.krxd.net beacon.krxd.net cdn.mark.reevoo.com cdn.smct.co cm.everesttech.net cm.g.doubleclick.net drs2.veinteractive.com dsum-sec.casalemedia.com googleads.g.doubleclick.net images.reevoo.com maps.googleapis.com media.secure-mobiles.com pixel.everesttech.net skynet.reevoo.com smct.co translate.googleapis.com www.awin1.com www.facebook.com www.google.co.uk www.gstatic.com www.zenaps.com mark.reevoo.com; connect-src 'self' beacon.krxd.net cdn.api.twitter.com clients6.google.com cookiee1.veinteractive.com drs2.veinteractive.com fp.zenaps.com graph.facebook.com in.hotjar.com jslog.krxd.net smct.co stats.g.doubleclick.net www.facebook.com www.google-analytics.com appsapi.veinteractive.com; report-uri https://cpwonlinesolutions.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'report-sample' 'nonce-dZ6qLFxz3PoOj8buz7D7Jg==' https://www.google-analytics.com; connect-src 'self' https://*.evemarketer.com https://esi.tech.ccp.is https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://imageserver.eveonline.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; report-uri https://report-uri.appspot.com/987196350443556864?ro=1 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/gl/prod 1
script-src https://www.lookfantastic.it https://m.lookfantastic.it 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.it/cspReport.txt; 1
default-src 'self' 'unsafe-inline' https://api.timekit.io https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.facebook.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.twitter.com https://*.adform.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src * data:; frame-src 'self' https:; font-src 'self' data: https://*.livechatinc.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/index 1
default-src 'self' https: ; connect-src https: wss:; frame-src https: *.webin.info;  script-src https: 'unsafe-eval' 'unsafe-inline' *.googleapis.com;  style-src https: 'unsafe-inline' *.googleapis.com;  img-src https: data: *.forextimes.ru *.photobucket.com forextimes.ru;  font-src https: data: fonts.googleapis.com;  report-uri /csp-report.php 1
default-src 'self' https://www.google.com; object-src 'none'; connect-src 'self' https://recommender.scarabresearch.com https://rum-collector-2.pingdom.net; img-src 'self' https://www.kickz.com https://secure.comodo.com https://www.facebook.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://apis.google.com https://www.gstatic.com/ https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googlecommerce.com https://googleads.g.doubleclick.net https://loader.wisepops.com https://static.hotjar.com https://script.hotjar.com https://cdn.scarabresearch.com https://rum-static.pingdom.net https://maxcdn.bootstrapcdn.com https://www.etracker.com https://code.etracker.com https://static.etracker.com https://www.etracker.de https://secure.comodo.com https://connect.facebook.net; worker-src 'self' https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://blog.kickz.com https://www.google.com https://vars.hotjar.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' https:; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.8.3.js https://cdn.syndication.twimg.com/timeline/ https://cdnjs.cloudflare.com/ajax/libs/jquery-tools/1.2.0/jquery.tools.min.js https://stats.g.doubleclick.net/ https://cdn.syndication.twimg.com/widgets/timelines/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://connect.facebook.net/en_US/sdk.js https://apis.google.com https://cdn.syndication.twimg.com/widgets/timelines/paged/ https://platform.twitter.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://*.twimg.com/tfw/css/ https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://platform.twitter.com/; frame-src 'self' https://docs.google.com/ https://twitter.com/ https://www.youtube.com/ https://www.facebook.com/ http://staticxx.facebook.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://calendar.google.com/; img-src 'self' data: https://update.dotnetnuke.com/ https://stats.g.doubleclick.net/ https://*.twimg.com/ https://ssl.google-analytics.com/ https://server4.web-stat.com/ https://www.kn-eat.org/images/ https://csi.gstatic.com/ https://dnnapi.com/beacon https://www.google-analytics.com/ https://pbs.twimg.com/ https://platform.twitter.com/ https://syndication.twitter.com/; media-src http://mediastream.ksde.org/media/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ data:; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' exeter.edu *.cincopa.com  www.google-analytics.com cdn.ckeditor.com www.google.com cse.google.com www.googleapis.com www.googletagmanager.com support.ebscohost.com ajax.googleapis.com maxcdn.bootstrapcdn.com bam.nr-data.net js-agent.newrelic.com code.jquery.com www.youtube.com s.ytimg.com platform.instagram.com static.tagboard.com platform.twitter.com cdn.syndication.twimg.com calendar.exeter.edu connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' exeter.edu *.cincopa.com cdn.ckeditor.com www.google.com platform.twitter.com; img-src 'self' data: *.cincopa.com cdn.ckeditor.com www.google.com cse.google.com www.google-analytics.com www.googleapis.com clients1.google.com syndication.twitter.com pbs.twimg.com www.facebook.com stats.g.doubleclick.net; media-src 'self' ; frame-src www.google.com www.youtube.com player.vimeo.com *.exeter.edu cse.google.com www.googletagmanager.com www.instagram.com embeds.tagboard.com platform.twitter.com syndication.twitter.com youtube.com; font-src 'self' data: cincopa.com; connect-src 'self' *.cincopa.com www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; report-uri /nelmio/csp/report 1
upgrade-insecure-requests; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1
default-src 'self'; img-src *; style-src 'self' www.warime.com 'unsafe-inline'; script-src 'self' www.warime.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; img-src 'self' https://www.comune.palermo.it// https://s.bookcdn.com/ https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://widgets.booked.net https://connect.facebook.net https://cse.google.com https://www.google-analytics.com https://clients1.google.com; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src https://www.facebook.com https://staticxx.facebook.com https://youtube.com; connect-src 'self' https://www.google-analytics.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; connect-src https: wss:; report-uri https://verivox.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.pubnub.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com freegeoip.net bam.nr-data.net cdn.heapanalytics.com heapanalytics.com cdn.segment.com cdn.pubnub.com pi.pardot.com js-agent.newrelic.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net d36mpcpuzc4ztk.cloudfront.net d2sdf28wg0skh3.cloudfront.net *.pusher.com *.pusherapp.com secure.gravatar.com boards.greenhouse.io pubnub.github.io *.wistia.com *.freshdesk.com cdnjs.cloudflare.com gist.github.com src.litix.io *.twitter.com *.wistia.net cdn.syndication.twimg.com platform.vine.co codepen.io code.jquery.com netdna.bootstrapcdn.com ajax.googleapis.com pubnub.s3.amazonaws.com www.youtube.com s.ytimg.com www.brighttalk.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' data: *.google-analytics.com *.google.com heapanalytics.com *.facebook.com d36mpcpuzc4ztk.cloudfront.net secure.gravatar.com googleads.g.doubleclick.net stats.g.doubleclick.net pubnub.github.io fonts.googleapis.com cdnjs.cloudflare.com assets-cdn.github.com netdna.bootstrapcdn.com rawgit.com http://s3.scalabl3.com platform.twitter.com; img-src * data:; connect-src  'self' pubnub.com *.pubnub.com http://*.pubnub.com chat.freshdesk.com wss://chat.freshdesk.com api.segment.io maps.googleapis.com *.pusher.com  wss://*.pusherapp.com *.pusherapp.com *.facebook.com *.tiles.mapbox.com *.wistia.com fg8vvsvnieiv3ej16jby.litix.io embedwistia-a.akamaihd.net syndication.twitter.com go.pardot.com in8yfl3bus-dsn.algolia.net in8yfl3bus-1.algolianet.com insights.algolia.io; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fast.wistia.com netdna.bootstrapcdn.com; media-src 'self' pubnub.com *.pubnub.com blob: d36mpcpuzc4ztk.cloudfront.net embedwistia-a.akamaihd.net pubnub-prod.appspot.com; report-uri /csp-report-uri/; child-src 'self' pubnub.com *.pubnub.com fast.wistia.com *.google.com *.g.doubleclick.net www.youtube.com boards.greenhouse.io pubnub.desk.com giphy.com player.vimeo.com w.soundcloud.com www.facebook.com platform.twitter.com vine.co pubnub.github.io stephenlb.github.io songhowon.com www.kickstarter.com codepen.io syndication.twitter.com http://www.tmcnet.com jsfiddle.net pubnub-demo.s3.amazonaws.com www.brighttalk.com; form-action 'self' *.pubnub.com/ www.facebook.com *.twitter.com; frame-ancestors 'self' 1
default-src 'self' https://secure.trust-provider.com https://secure.sectigo.com https://vars.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css?family=Roboto  ; font-src 'self' https://fonts.gstatic.com ; img-src 'self' https://www.google.com https://www.google.co.uk https://www.google.hr https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com ; object-src 'self'; connect-src 'self'; report-uri https://cspreports.sectigo.com 1
default-src 'self' https://www.google-analytics.com www.google-analytics.com ajax.googleapis.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; report-uri /csp.php; 1
default-src 'self'; font-src https://fonts.gstatic.com; ; ; frame-src https://maphub.net https://www.googletagmanager.com; img-src 'self' https://info.zcu.cz https://minerva.zcu.cz https://www.google-analytics.com https://piwik.zcu.cz; ; ; ; script-src 'self' https://www.googletagmanager.com https://piwik.zcu.cz 'nonce-g3Jc3MPR4DlNfYFJssRYew04gLnSF8p8Li7GvotlG3s='; style-src 'self' https://fonts.googleapis.com 'nonce-g3Jc3MPR4DlNfYFJssRYew04gLnSF8p8Li7GvotlG3s=' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ge.ch https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch; frame-src 'self' https://vod.infomaniak.com; font-src 'self'; connect-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-04azbkTjna7GrPoH66TKlg=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; media-src 'self' http: https: blob:; frame-ancestors app.optimizely.com; frame-src app.optimizely.com a5935064.cdn.optimizely.com fast.wistia.com fast.wistia.net subscriptions.smartrecruiters.com b.company-target.com platform.twitter.com js.driftt.com bid.g.doubleclick.net 8294363.fls.doubleclick.net www.facebook.com c1.adform.net rollouts-markitecture.herokuapp.com; font-src 'self' data: https: *.amazonaws.com/optimizely-marketing-site-assets-prod fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; plugin-types application/pdf; object-src 'none'; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 1
script-src https://www.beautyexpert.com https://m.beautyexpert.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.beautyexpert.com/cspReport.txt; 1
default-src 'none'; base-uri 'self'; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com js.intercomcdn.com data: magnetis-herokuapp-com.global.ssl.fastly.net st.getsitecontrol.com use.fontawesome.com; img-src 'self' data: cdn.jsdelivr.net t.co www.google-analytics.com magnetis-herokuapp-com.global.ssl.fastly.net magnetis-staging-herokuapp-com.global.ssl.fastly.net *.outbrain.com *.doubleclick.net www.google.com www.google.com.br track.hubspot.com *.intercom.io *.intercomcdn.com www.googletagmanager.com www.facebook.com secure.adnxs.com media.getsitecontrol.com static.intercomassets.com static.intercom-mail-300.com intercom.help app.getsitecontrol.com *.cloudfront.net analyticspage.tools googleads.g.doubleclick.net *.gstatic.com stats.g.doubleclick.net www.googleadservices.com *.hubspot.net; object-src 'self'; script-src 'self' 'unsafe-eval' js-agent.newrelic.com bam.nr-data.net magnetis-herokuapp-com.global.ssl.fastly.net tagmanager.google.com d2dq2ahtl5zl1z.cloudfront.net static.ads-twitter.com amplify.outbrain.com *.hotjar.com js.hs-analytics.net www.googletagmanager.com www.google-analytics.com *.getsitecontrol.com *.intercom.io js.hs-scripts.com js.usemessages.com js.intercomcdn.com *.zanox.com analytics.twitter.com *.wootric.com cdnjs.cloudflare.com connect.facebook.net www.googleadservices.com www.facebook.com voxus-targeting-voxusmidia.netdna-ssl.com static.sback.tech poscompra.shopconvert.com.br static.shopback.net viacep.com.br 'nonce-JhAvTWNuYtw2rlWJBqgMOw=='; style-src 'self' https: cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline'; connect-src 'self' api.segment.io api.hubspot.com *.hotjar.com *.intercom.io wss://*.intercom.io wss://*.hotjar.com *.airbrake.io www.google-analytics.com future-value-simulator.herokuapp.com app.getsitecontrol.com ads.adaptv.advertising.com ajax.googleapis.com analyticspage.tools api.ipify.org api.shopback.net api.voxus.tv bpb.opendns.com click.retargeter.com.br code.jquery.com front.shopconvert.com.br front.shoptarget.com.br *.intercomcdn.com production.wootric.com *.doubleclick.net targeting-version-voxusmidia.netdna-ssl.com wootric-eligibility.herokuapp.com www.facebook.com d8myem934l1zi.cloudfront.net amplify.outbrain.com api.zanox.com br.api4load.com bugdepromo.com cdn.jsdelivr.net cdn.wootric.com ckies.net connect.facebook.net d2dq2ahtl5zl1z.cloudfront.net fonts.googleapis.com fonts.gstatic.com gj.track.uc.cn gjtrack.ucweb.com js.hs-analytics.net magnetis-herokuapp-com.global.ssl.fastly.net future-value-simulator-staging.herokuapp.com maxcdn.bootstrapcdn.com static.ads-twitter.com static.zanox.com targeting.voxus.tv voxus-targeting-voxusmidia.netdna-ssl.com *.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com *.loggly.com; child-src 'self' www.youtube.com vars.hotjar.com/ *.doubleclick.net/ api-iam.intercom.io targeting.voxus.tv www.facebook.com  connect.facebook.net www.googletagmanager.com; frame-src 'self' intercom-sheets.com connect.facebook.net targeting.voxus.tv www.facebook.com www.googletagmanager.com www.youtube.com vars.hotjar.com *.doubleclick.net www.google.com; form-action 'self' connect.facebook.net intercom.help www.facebook.com api-iam.intercom.io; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' js.intercomcdn.com; report-uri https://magnetis.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.tecnoempleo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tecnoempleo.com snap.licdn.com *.google-analytics.com *.googletagmanager.com *.linkedin.com *.recruitics.com *.gstatic.com *.twitter.com static.ads-twitter.com connect.facebook.net *.indeed.com www.googleadservices.com cdnjs.cloudflare.com code.jquery.com *.googleapis.com; frame-src 'self' *.tecnoempleo.com www.youtube.com *.recruitics.com *.redsys.es *.gstatic.com *.linkedin.com; form-action 'self' *.tecnoempleo.com *.redsys.es; font-src 'self' *.tecnoempleo.com *.gstatic.com *.google-analytics.com  *.googletagmanager.com *.linkedin.com; style-src 'self' 'unsafe-inline' *.tecnoempleo.com *.googleapis.com cdnjs.cloudflare.com *.indeed.com; connect-src 'self' *.tecnoempleo.com *.google-analytics.com *.googletagmanager.com *.linkedin.com cdnjs.cloudflare.com stats.g.doubleclick.net; img-src 'self' data: *.tecnoempleo.com play.google.com *.google-analytics.com *.googletagmanager.com *.linkedin.com rd.trovit.com *.indeed.com stats.g.doubleclick.net www.google.com www.google.es; report-uri /csp-report/ 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://gateway.zscaler.net https://www.linkedin.com https://*.zopim.com https://c1.rfihub.net https://ajax.googleapis.com https://widgets.getsitecontrol.com/ https://v2.zopim.com/ https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://*.hotjar.com https://ssl.google-analytics.com https://static.olark.com https://ssl.p.jwpcdn.com https://assets-jpcust.jwpsrv.com https://www.youtube.com https://s.ytimg.com https://www.google.com https://*.googleapis.com https://bat.bing.com ict.infinity-tracking.net https://t.wowanalytics.co.uk use.typekit.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://s3.amazonaws.com https://services.postcodeanywhere.co.uk https://www.google.co.uk https://googleads.g.doubleclick.net https://snap.licdn.com/ http://t.wowanalytics.co.uk/ https://*.rfihub.com https://px.ads.linkedin.com/ https://dc.ads.linkedin.com https://www.google.co.in https://www.google.com.ph https://www.google.cn https://www.google.com.sa https://www.google.com.vn https://www.google.de https://www.google.co.id https://www.google.com.ph https://www.google.ie https://www.google.co.kr https://www.google.com.sa https://www.google.fr https://www.google.es https://www.google.ro https://www.google.co.jp https://www.google.bs https://www.google.com.sg; style-src 'self' data: 'unsafe-inline' https://static.olark.com *.googleapis.com use.typekit.net https://services.postcodeanywhere.co.uk https://maxcdn.bootstrapcdn.com https://www.gstatic.com; img-src * data: ; font-src 'self' data: https://webfonts.zohostatic.com http://fonts.gstatic.com https://www.clearplay.com/ https://maxcdn.bootstrapcdn.com https://v2.zopim.com/ https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja https://maxcdn.bootstrapcdn.com http://themes.googleusercontent.com; connect-src * 'self' wss://de06.zopim.com https://in.hotjar.com wss://ie06.zopim.com wss://*.zopim.com; frame-src 'self' https://tpc.googlesyndication.com https://gateway.zscloud.net https://www.googletagmanager.com https://players.brightcove.net https://player.vimeo.com https://vars.hotjar.com https://online.worldpay.com https://qad.eu.crossknowledge.com https://www.youtube.com https://connect.facebook.net https://bid.g.doubleclick.net https://vars.hotjar.com https://cdn.embedly.com https://www.facebook.com https://*.rfihub.com https://www.google.com https://vars.hotjar.com https://qad.eu.crossknowledge.com https://6662311.fls.doubleclick.net https://online.worldpay.com; worker-src 'self' data: https://vars.hotjar.com https://static.olark.com http://sdn.sitecore.net https://www.youtube.com https://players.brightcove.net https://qad.eu.crossknowledge.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.facebook.com; frame-ancestors 'self' https://qad.eu.crossknowledge.com; report-uri https://3chillies.report-uri.io/r/default/csp/reportonly;  1
default-src 'self' www.youtube.com www.cut-e.net www.maptq-staging.com fastpath.isvinternet.com op.scharley.ch; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src data: https:;  style-src 'unsafe-inline' https:; media-src 'self' vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com; font-src data: https: 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.co.uk *.ulsterbank.com *.ulsterbankanytimebanking.co.uk *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankni.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' *.disquscdn.com discus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.googleapis.com *.marketo.net *.google-analytics.com  *.google.com *.linkedin.com  *.marketo.com play.vidyard.com dev.visualwebsiteoptimizer.com  *.googletagmanager.com *.googleadservices.com *.mktoresp.com sjs.bizographics.com static.ads-twitter.com vidassets.terminus.services *.twitter.com *.snapengage.com *.doubleclick.net api.company-target.com *.demandbase.com *.cloudfront.net *.disqus.com *.disquscdn.com disqus.com discuscdn.com *.newrelic.com bam.nr-data.net client.netmng.com js.bizographics.com bat.bing.com caveracode.netmng.com  s.swiftypecdn.com connect.facebook.net script.crazyegg.com j.6sc.co *.amazonaws.com *.swiftype.com *.6sc.co; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cloud.typography.com cdnjs.cloudflare.com *.marketo.com scripts.demandbase.com *.disqus.com *.disquscdn.com s.swiftypecdn.com tagmanager.google.com; img-src 'self' data: * *.gstatic.com; media-src 'self' www.youtube.com *.snapengage.com; frame-src 'self' www.youtube.com *.google.com www.facebook.com platform.twitter.com careers.lifeatca.com *.snapengage.com b.company-target.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.disqus.com disqus.com; font-src 'self' data: *; connect-src 'self' *.mktoresp.com *.marketo.com api.company-target.com *.disqus.com *.disquscdn *.discuscdn.com *.google-analytics.com search-api.swiftype.com s.swiftypecdn.com cloud.typography.com cdnjs.cloudflare.com ajax.googleapis.com *.googleapis.com *.googletagmanager.com script.crazyegg.com *.googleadservices.com sjs.bizographics.com *.ads-twitter.com *.terminus.services *.snapengage.com bat.bing.com secure.adnxs.com fonts.gstatic.com connect.facebook.net caveracode.netmng.com scripts.demandbase.com munchkin.marketo.net cc.swiftype.com analytics.twitter.com *.doubleclick.net *.google.com t.co *.company-target.com *.prod.bidr.io id.rlcdn.com *.facebook.com *.ads.linkedin.com tag.demandbase.com *.6sc.co *.crazyegg.com *.swiftype.com; report-uri /report-csp-violation 1
frame-ancestors 'self' ;font-src 'self' https://fonts.gstatic.com https://webfonts.zohostatic.com https://d3rr3d0n31t48m.cloudfront.net  https://static.ecorebates.com https://ajax.googleapis.com  data: ;base-uri 'self' ; object-src 'self' https://www.chasepaymentechhostedpay.com https://na.electroluxmedia.com; report-uri /CSP-report; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data: blob:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/hg/prod 1
default-src *; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; report-uri https://cspreports.azurewebsites.net/api/PostReport 1
script-src https://www.myprotein.tw https://m.myprotein.tw 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.tw/cspReport.txt; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com stats.g.doubleclick.net; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
script-src https://www.myprotein.co.in https://m.myprotein.co.in 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.co.in/cspReport.txt; 1
default-src data: 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; media-src blob: https:; img-src https: data:; font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; report-uri /corp_includes/report_only.php 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-g7fuQ61JxME5tTIgJcL46ezB1U'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: s.ytimg.com siteimproveanalytics.com us4.siteimprove.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-iRZNLuBgtDkE9VzVxbzp5viEEI'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-9877456b-df01-466a-bf4b-22ebbc882c49' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self'; script-src 'nonce-dxICKaCt+eLR4z7X+3dDszMQUYKKxJgDrwSZQM9nZU4=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
default-src axabank.be https://www.axabank.be https://home.axabank.be; style-src https://www.axabank.be axabank.be https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src https://platform.twitter.com https://hello.myfonts.net https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://sjs.bizographics.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://connect.facebook.net https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.be https://maps.google.com https://maps.googleapis.com https://www.axabank.be https://home.axabank.be axabank.be https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com 'unsafe-inline'; img-src 'self' data: https://syndication.twitter.com https://raw.githubusercontent.com https://maps.google.com https://www.axabank.be https://www.facebook.com https://secure.adnxs.com https://www.google.com https://www.google.be https://imp2.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com https://csi.gstatic.com https://maps.gstatic.com; font-src https://maxcdn.bootstrapcdn.com https://plugin.skedify.io https://www.prd.authoring.axabank.be http://www.axabank.be https://fonts.gstatic.com; frame-src https://www.facebook.com https://platform.twitter.com https://staticxx.facabook.com https://campaigns.axa.be https://www.axabank.be https://www.prd.authoring.axabank.be https://www.youtube.com http://5567266.fls.doubleclick.net; frame-ancestors https://axabank.be https://www.axabank.be https://home.axabank.be; connect-src https://www.axabank.be https://home.axabank.be https://esg.services.axa.be https://api.skedify.io 1
report-uri https://29977f31d1f0eee3894a742ddae91cae.report-uri.com/r/d/csp/reportOnly; child-src https://*.pocruises.com.au http://*.pocruises.com.au https://*.fls.doubleclick.net https://www.youtube-nocookie.com https://tags.tiqcdn.com https://sdn.sitecore.net https://*.adsymptotic.com; frame-src https://*.pocruises.com.au http://*.pocruises.com.au http://sdn.sitecore.net https://bid.g.doubleclick.net https://widget.stackla.com https://goconnect.stackla.com https://*.fls.doubleclick.net https://www.youtube.com https://tags.tiqcdn.com https://www.youtube-nocookie.com https://www.paypal.com https://www.facebook.com https://*.adsymptotic.com; worker-src 'self' blob:; 1
default-src 'self' https://cdn.performanceplustire.com https://www.performanceplustire.com; connect-src *.performanceplustire.com https://*.affirm.com https://d38nbbai6u794i.cloudfront.net https://e1.fanplayr.com https://js.callrail.com https://stats.g.doubleclick.net https://tracker.affirm.com https://w1.fanplayr.com https://www.facebook.com https://www.google-analytics.com https://www.iconfigurators.com; font-src *.performanceplustire.com data: https://assets.resultspage.com https://cdn1.affirm.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://sxt.cdn.skype.com; frame-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; child-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; img-src *.performanceplustire.com cdn.performanceplustire.com data: https://*.cloudfront.net https://aa.agkn.com https://adadvisor.net https://ads.betweendigital.com https://ads.yahoo.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://beacon.krxd.net http://cf.kampyle.com https://cm.g.doubleclick.net https://cw.addthis.com https://d.agkn.com https://d38nbbai6u794i.cloudfront.net https://dmp.truoptik.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://dyn.yelpcdn.com http://farm4.static.flickr.com https://i.ytimg.com https://ib.adnxs.com https://iconfigurators.com https://images.iconfigurators.com https://insight.adsrvr.org https://match.adsrvr.org https://match.sharethrough.com https://nsg.symantec.com https://odr.mookie1.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.personagraph.com https://pixel.rubiconproject.com https://pixel.tapad.com https://s.thebrighttag.com https://s.w.org http://s3.amazonaws.com https://s3.amazonaws.com https://secure.gravatar.com https://simage2.pubmatic.com https://sp.adbrn.com https://stats.g.doubleclick.net https://su.addthis.com https://sync.adap.tv https://sync.adaptv.advertising.com https://test.kampyle.com https://upload.wikimedia.org https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.iconfigurators.com https://www.insureship.com https://x.bidswitch.net; script-src 'unsafe-eval' 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://api-cf.affirm.com https://assets.pinterest.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://cdn.callrail.com https://cdn.performanceplustire.com https://cdn1.affirm.com https://connect.facebook.net https://d1q7pknmpq2wkm.cloudfront.net https://d38nbbai6u794i.cloudfront.net https://dyn.yelpcdn.com https://e1.fanplayr.com https://js.callrail.com https://log.pinterest.com https://maps.googleapis.com https://my.fanplayr.com https://nsg.symantec.com https://performanceplustire.resultspage.com https://s.btstatic.com https://s.thebrighttag.com https://savingsslider-a.akamaihd.net https://script.crazyegg.com https://w1.fanplayr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.iconfigurators.com https://www.insureship.com https://www.yelp.com https://yelp.com; style-src 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://assets.resultspage.com https://cdn1.affirm.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://performanceplustire.resultspage.com https://www.iconfigurators.com 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://cdn.vsadu.ru/csp_report 1
script-src https://www.popinabox.fr https://m.popinabox.fr 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.popinabox.fr/cspReport.txt; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: blob:; report-uri /csp-report 1
block-all-mixed-content; report-uri https://r7cms.abd.jp/apiViewer/getCspInfo 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri https://report-csp.bizhost.kr/ 1
connect-src wss://forbiddenplanet.com 'self' themes.googleusercontent.com *.pinterest.com *.sagepay.com fonts.googleapis.com www.googlecommerce.com www.google-analytics.com *.google.com *.akamaihd.net storage.googleapis.com www.gravatar.com *.googleapis.com *.instagram.com dyn.media.forbiddenplanet.com *.facebook.com www.googletagmanager.com unpkg.com *.surveymonkey.com https: tripadvisor.com *.twitter.com *.facebook.net *.tile.openstreetmap.com *.youtube.com data: *.youtu.be https://media.forbiddenplanet.com *.cloudfront.net *.twimg.com *.gstatic.com fonts.gstatic.com dyn0.media.forbiddenplanet.com *.bootstrapcdn.com openstreetmap.com; frame-src 'self' https://media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net data:; img-src 'self' https://media.forbiddenplanet.com https: data: www.gravatar.com tripadvisor.com unpkg.com openstreetmap.com *.tile.openstreetmap.com dyn0.media.forbiddenplanet.com dyn.media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net; script-src 'self' https://media.forbiddenplanet.com 'unsafe-inline' 'unsafe-eval' data: www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net; default-src 'self' https://media.forbiddenplanet.com 'unsafe-inline' 'unsafe-eval' data:; worker-src 'self' https://media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net data:; style-src 'unsafe-eval' 'self' themes.googleusercontent.com *.pinterest.com *.sagepay.com fonts.googleapis.com www.googlecommerce.com www.google-analytics.com storage.googleapis.com *.google.com *.akamaihd.net *.googleapis.com *.instagram.com *.facebook.com www.googletagmanager.com unpkg.com *.surveymonkey.com *.twitter.com *.facebook.net *.youtube.com *.youtu.be https://media.forbiddenplanet.com *.cloudfront.net *.twimg.com *.gstatic.com fonts.gstatic.com *.bootstrapcdn.com data: 'unsafe-inline'; font-src 'self' https://media.forbiddenplanet.com data: fonts.googleapis.com storage.googleapis.com fonts.gstatic.com themes.googleusercontent.com; frame-ancestors 'self'; report-uri /@csp-report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://n5mcn64l2tp5piztj1c2b0wj.httpschecker.net/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=1a21bdafda1cb79050c482f9197797b4 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ng&source%5Bsection%5D=brochure&source%5Buuid%5D=d66ea577787ea386ea0fb28e11f4d176 1
manifest-src 'self'; default-src 'self' data:; object-src 'self' http://*.eyeka.com data: https://*.eyeka.com; script-src https://*.googleapis.com https://*.g.doubleclick.net https://*.uservoice.com https://*.facebook.net https://*.newrelic.com https://*.slaask.com https://*.licdn.com https://*.twitter.com http://*.eyeka.com https://*.google.co.id https://*.cedexis.com 'self' https://*.google.ru https://*.google-analytics.com https://*.mouseflow.com https://*.ads-twitter.com https://*.kameleoon.com https://*.google.fr https://*.embedly.com https://*.googleadservices.com https://*.ads.linkedin.com http://*.google.com 'unsafe-eval' https://*.adnxs.com https://*.eyeka.com https://*.pusher.com 'unsafe-inline' https://*.mxpnl.com https://*.nr-data.net https://*.linkedin.com data: https://*.gstatic.com https://*.google.com; style-src https://*.eyeka.com http://*.eyeka.com 'unsafe-inline' 'self' https://*.embedly.com https://*.googleapis.com data: https://*.slaask.com; connect-src https://slaask.com https://*.adnxs.com https://*.eyeka.com http://*.eyeka.com https://*.pusher.com https://*.facebook.com https://*.kameleoon.com https://*.cedexis.com 'self' https://*.g.doubleclick.net https://*.googleapis.com data: https://*.google.com http://*.google.com; media-src https://*.eyeka.com http://*.eyeka.com 'self' https://*.gstatic.com https://*.google.com https://*.slaask.com http://*.google.com; img-src https://*.googleapis.com https://*.g.doubleclick.net https://*.uservoice.com https://*.slaask.com https://*.gravatar.com https://*.licdn.com https://*.google.co.in http://*.eyeka.com https://*.google.co.id 'self' https://*.google.ru https://*.cdnetworks.net https://*.google-analytics.com https://*.facebook.com https://*.kameleoon.com https://*.google.fr https://*.ads.linkedin.com https://*.google.co.uk http://*.google.com https://*.adnxs.com https://*.eyeka.com https://*.google.com.ua https://t.co data: https://*.gstatic.com https://*.google.com https://*.google.com.ph; font-src https://*.eyeka.com http://*.eyeka.com 'self' https://*.embedly.com data: https://*.gstatic.com https://*.slaask.com; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265; child-src 'self'; frame-src https://*.kameleoon.eu https://*.facebook.com https://*.kameleoon.com 'self' https://*.embedly.com https://*.g.doubleclick.net https://*.uservoice.com data: https://*.google.com http://*.google.com; worker-src 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
default-src * data: blob:;style-src * data: 'unsafe-inline' blob:;connect-src 'self' *.doubleclick.net www.google-analytics.com *.gstatic.com *.googleapis.com *.googlesyndication.com www.facebook.com *.akamaihd.net securepubads.g.doubleclick.net *.klepierre.fr;object-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.klepierre.fr;script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.jquery.com *.jsdelivr.net *.cloudflare.com *.googleapis.com www.googletagmanager.com www.ultimedia.com www.googletagservices.com translate.google.com apis.google.com platform.twitter.com *.doubleclick.net *.googlesyndication.com www.google-analytics.com secure.adnxs.com connect.facebook.net cdn.vectaury.io static.critizr.com cdn-javascript.net cdn-js.net apiurl.org *.apicit.net cdn.ampproject.org *.akamaihd.net adservice.google.fr adservice.google.com adservice.google.be adservice.google.ch adservice.google.co.uk adservice.google.lu adservice.google.nl adservice.google.pt adservice.google.co.il adservice.google.de adservice.google.gp adservice.google.com.ua adservice.google.it adservice.google.ca adservice.google.hr adservice.google.sn adservice.google.dz adservice.google.co.in adservice.google.co.th adservice.google.fi adservice.google.com.pe adservice.google.tn adservice.google.dk securepubads.g.doubleclick.net adservice.google.ie adservice.google.es adservice.google.com.eg adservice.google.ge adservice.google.cm adservice.google.se adservice.google.ae adservice.google.co.zw adservice.google.com.lb adservice.google.at adservice.google.com.gh adservice.google.com.br adservice.google.no adservice.google.co.za adservice.google.com.mt adservice.google.ru adservice.google.com.tr adservice.google.ad adservice.google.com.ar adservice.google.cg adservice.google.cv adservice.google.com.ph adservice.google.ee adservice.google.ro adservice.google.la adservice.google.cz adservice.google.tg adservice.google.com.co adservice.google.co.jp adservice.google.com.kh adservice.google.hu adservice.google.com.hk adservice.google.lt adservice.google.com.mm adservice.google.me adservice.google.com.sg adservice.google.pl adservice.google.mu adservice.google.bj adservice.google.com.tw adservice.google.co.kr adservice.google.mg adservice.google.gr adservice.google.com.pk adservice.google.bg adservice.google.com.au adservice.google.com.sa adservice.google.com.gi adservice.google.co.id adservice.google.rs adservice.google.is adservice.google.com.uy adservice.google.com.ec adservice.google.si adservice.google.com.mx adservice.google.bf adservice.google.cl adservice.google.az adservice.google.ml adservice.google.sr adservice.google.com.cu adservice.google.co.nz adservice.google.com.kw adservice.google.com.cy adservice.google.com.vn adservice.google.lv *.klepierre.fr;report-uri /api/cspReport 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com s.ytimg.com https://cse.google.com https://www.google.com/cse/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cse.google.com https://www.google.com/cse/ https://imagesrv.adition.com/js/ad/; frame-src https: 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-gmrfZT5NHid4y5HHh8rsDekgfPQ'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' data:; img-src 'self' data: *; style-src 'self' https://static.healthcare.siemens.com 'unsafe-inline'; connect-src 'self' https://*.siemens.com https://*.siemens-healthineers.com https://*.amazonaws.com https://siemens.sc.omtrdc.net; media-src 'self' https://static.healthcare.siemens.com; script-src 'nonce-3fecde6d543730ed' 'nonce-3fec4ac35859b2f1' 'nonce-3fd2cfe55efe551c' 'nonce-3fd9813c04181964' 'self' 'unsafe-inline'  https://*.siemens.com https://*.siemens-healthineers.com https://*.siemens.com https://www.gstatic.com https://sjs.bizographics.com https://px.ads.linkedin.com https://maps.googleapis.com https://tools.adlytics.net; report-uri https://y84jcqwn7k.execute-api.us-east-1.amazonaws.com/latest 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://utdrvvtzkqpmtlszwunimosi.httpschecker.net/report 1
default-src 'self' data: *.doubleclick.net *.adriver.ru *.google.ru *.google.com *.criteo.com *.criteo.net tags.soloway.ru vk.com top-fwz1.mail.ru *.facebook.com *.facebook.net www.googletagmanager.com www.googleadservices.com player.vimeo.com *.livetex.ru *.yandex.net *.yandex.ru kontur.ru *.kontur.ru www.google-analytics.com counter.yadro.ru fonts.gstatic.com *.s-microsoft.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.kontur-extern.ru/private/csp-report 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com *.aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' data: ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.youtube.com http://us1.siteimprove.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com http://us1.siteimprove.com/ https://s.ytimg.com https://cdn.yoshki.com; object-src 'self'; img-src 'self' http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com http://us1.siteimprove.com/ https://cdn.yoshki.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self';frame-ancestors 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://d347b8264a61d229bec175972d08ae24.report-uri.io/r/default/csp/enforce 1
default-src https: 'unsafe-inline'; img-src 'self'; media-src 'self' 1
default-src 'none'; connect-src 'self' risk.clearbit.com *.googleapis.com https://sentry.io api.segment.io www.facebook.com www.google-analytics.com stats.g.doubleclick.net optimize.google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io api.hubspot.com *.intercomcdn.com *.intercom.io *.intercomusercontent.com wss://*.intercom.io *.linkedin.com vimeo.com data: *.ucweb.com *.uc.cn *.api4load.com; script-src-attr 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' risk.clearbit.com *.googleapis.com cdn.segment.com bat.bing.com connect.facebook.net www.google-analytics.com optimize.google.com *.hotjar.com js.hs-analytics.net js.hs-scripts.net js.hs-scripts.com js.usemessages.com *.intercomcdn.com *.intercom.io *.licdn.com *.linkedin.com *.leadforensics.com data: blob:; style-src 'self' 'unsafe-inline' optimize.google.com fonts.googleapis.com https://fonts.googleapis.com; img-src data: https: http: 'self'; frame-src www.facebook.com connect.facebook.net staticxx.facebook.com optimize.google.com *.hotjar.com *.vimeo.com www.youtube.com *.ritekit.com *.moz.com *.ciuvo.com; font-src https: http: data:; child-src *.hotjar.com share.intercom.io intercom-sheets.com www.intercom-reporting.com  www.youtube.com player.vimeo.com fast.wistia.net *.vimeo.com; media-src *.intercomcdn.com; base-uri 'self'; report-uri https://sentry.io/api/670553/security/?sentry_key=3c9b913593da4ea197eae952e4f3d5d9&sentry_release=3a02f6c773d833beddb6922eddc05283c0c00dbf&sentry_environment=production 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.rubiconproject.com https://wordpress.com https://*.wp.com https://*.adform.net https://cdn.polyfill.io https://*.hit.gemius.pl https://*.orcinus.ai https://*.pingdom.net https://shop.wolterskluwer.hu https://wolterskluwer.hu https://*.googlesyndication.com https://adservice.google.co.in https://static.addtoany.com https://*.optimonk.com https://*.linkedin.com https://*.facebook.com https://connect.facebook.net https://*.twitter.com https://*.gstatic.com https://ad.adverticum.net https://cdnjs.cloudflare.com https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.google.ie https://*.google.hu https://www.googletagmanager.com https://service.maxymiser.net https://*.mookie1.com https://*.googleapis.com https://*.adnxs.com https://*.adroll.com https://sjs.bizographics.com https://bs.serving-sys.com https://ams.creativecdn.com https://secure.gravatar.com https://img.en25.com https://hugde.adocean.pl https://eu-static.sociomantic.com https://ads.eu.criteo.com https://*.t.eloqua.com https://*.2mdn.net https://rdi.eu.criteo.com https://*.doubleverify.com https://www.youtube.com; report-uri /report_csp.php 1
report-uri https://csp.edipresse.pl/report/viva; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src 'unsafe-eval' 'unsafe-inline' data: https:; report-uri https://sentry.mybook.tech/api/44/csp-report/?sentry_version=5&sentry_key=8600d8ebdcab4cac85a0c19f624a07ac 1
script-src *.akamaihd.net *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com seal-easttexas.bbb.org *.shopperapproved.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://*; connect-src *.akamaihd.net *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com seal-easttexas.bbb.org *.shopperapproved.com; report-uri /ajax/content_policy_violation.php 1
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://98dba6326789eae01552e92f7b3e68d5.report-uri.io/r/default/csp/reportOnly 1
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp-report 1
report-uri https://sentry.io/api/1381643/csp-report/?sentry_key=035194ae1605493c99dd66c2a7b2ca98;base-uri 'self';font-src https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://js.intercomcdn.com https://*.stripe.com https://commondatastorage.googleapis.com https://outschool.com https://*.outschool.com data: blob: https://fast.wistia.com;img-src 'self' https: blob: data: https://*.outschool.com;media-src data: https://*.outschool.com https://www.filepicker.io https://cdn.filestackcontent.com https://*.stripe.com https://js.intercomcdn.com blob: https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com;object-src https://embedwistia-a.akamaihd.net;style-src 'self' 'unsafe-inline' https://*.outschool.com https://fonts.googleapis.com https://static.filestackapi.com https://static.opentok.com https://*.stripe.com;script-src 'self' 'unsafe-inline' https://*.outschool.com https://cdn.segment.com https://*.stripe.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://connect.facebook.net https://*.pinimg.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://www.fullstory.com https://js.intercomcdn.com https://*.intercom.io https://static.filestackapi.com https://static.opentok.com https://a.quora.com https://*.criteo.com https://*.criteo.net https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-eval' blob: https://fast.wistia.com https://fast.wistia.net https://src.litix.io;frame-src https://outschool.zoom.us https://zoom.us https://widget.intercom.io https://intercom-sheets.com https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://*.stripe.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://*.criteo.com https://*.criteo.net https://fast.wistia.com;connect-src 'self' blob: https://sentry.io https://bam.nr-data.net https://api.segment.io https://www.facebook.com https://rs.fullstory.com https://*.filestackapi.com https://cdn.filestackcontent.com https://*.intercom.io wss://*.intercom.io https://js.intercomcdn.com https://uploads.intercomcdn.com https://maps.googleapis.com https://s3.amazonaws.com https://anvil.opentok.com https://hlg.tokbox.com https://*.pinterest.com wss://*.tokbox.com https://*.stripe.com https://stats.g.doubleclick.net https://www.google-analytics.com https://app.getsentry.com https://embedwistia-a.akamaihd.net https://distillery.wistia.com https://embed-ssl.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://*.outschool.com;default-src blob: 'self' https://*.stripe.com https://*.outschool.com 1
default-src 'self'; img-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' *.doubleclick.net *.opentext.com data: *.everesttech.net *.llnwd.net *.xfinity.com *.plaxo.com *.licdn.com *.twitter.com *.facebook.com *.licdn.com *.brightcove.com *.superlawyers.com *.google-analytics.com *.cmptch.com *.demdex.net *.twitter.com *.akamaihd.net *.youtube.com *.betrad.com cdn.datatables.net *.eloqua.com *.google.com *.googletagmanager.com *.linkedin.com *.googlesyndication.com *.scorecardresearch.com *.googleapis.com *.gstatic.com *.doubleclick.com; font-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' data: cdn.tinymce.com fonts.gstatic.com; style-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' 'unsafe-inline' cdn.tinymce.com *.googleapis.com cdn.datatables.net *.gstatic.com; script-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' 'unsafe-inline' 'unsafe-eval' *.departapp.com *.thomsonreuters.com *.linkedin.com *.google-analytics.com *.rubiconproject.com *.bizographics.com *.perfdrive.com code.jquery.com https://ajax.cloudflare.com *.akamaihd.net *.omtrdc.net *.appdynamics.com *.opentext.com ajax.aspnetcdn.com *.facebook.net *.googletagmanager.com *.google.co.uk *.google.co.in *.google.co.in *.google-analytics.com *.scorecardresearch.com *.googletagservices.com img03.en25.com *.licdn.com *.lpsnmedia.net *.liveperson.net cdn.datatables.net *.doubleclick.net *.googleadservices.com *.brightcove.net *.googlesyndication.com *.gstatic.com *.betrad.com *.googleapis.com *.google.com cdn.jsdelivr.net assets.adobedtm.com assets.adobedtm.com *.findlaw.com *.issuu.com cdn.ampproject.org cdn.mouseflow.com cdnjs.cloudflare.com js.maxmind.com cdn.tinymce.com; connect-src 'self' *.akamaihd.net *.eum-appdynamics.com *.perfdrive.com *.superlawyers.com *.facebook.com *.google-analytics.com *.brightcove.com *.stickyadstv.com *.gstatic.net *.gstatic.com *.mouseflow.com *.springserve.com *.findlaw.com *.springserve.com *.advertising.com *.demdex.net *.googlesyndication.com *.vertamedia.com *.doubleclick.net *.googlesyndication.com *.google.com; frame-ancestors 'self'; frame-src *.issuu.com *.google.com *.googletagservices.com *.liveperson.net *.akamaihd.net *.youtube.com *.demdex.net *.lpsnmedia.net *.googlesyndication.com *.facebook.net *.facebook.com *.doubleclick.net; media-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' *.media.brightcove.com; object-src 'none'; manifest-src *.superlawyers.com; report-uri https://superlawyers.report-uri.com/r/t/csp/reportOnly; 1
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/private/csp-report 1
script-src-elem http://*.criteo.net https://*.criteo.com http://*.criteo.com https://*.criteo.net; connect-src http://*.moatads.com https://*.moatads.com https://*.addthis.com https://*.googleapis.com https://onesignal.com http://*.cloudinary.com https://*.g.doubleclick.net http://*.springserve.com https://*.crazyegg.com http://*.lkqd.net https://*.cooladata.com https://*.springserve.net data: 'self' https://*.cloudinary.com https://*.google.com https://*.vertamedia.com https://*.google-analytics.com http://*.us.criteo.com https://*.streamrail.net https://*.getsentry.com https://*.adaptv.advertising.com http://*.bfmio.com http://*.facebook.com https://*.cmptch.com https://*.springserve.com https://*.intercomcdn.com wss://*.intercom.io https://sentry.io https://*.us.criteo.com https://*.licdn.com https://*.facebook.com https://*.herokuapp.com wss://*.inspectlet.com https://*.inspectlet.com http://*.vertamedia.com https://*.bfmio.com https://*.intercom.io https://*.lkqd.net https://*.stripe.com; img-src https://*.google.ca https://*.google.com.ph http://*.moatads.com https://*.moatads.com https://*.addthis.com https://*.google.com.np https://*.google.com.sg http://*.cloudinary.com https://*.google.pl https://*.googleapis.com https://*.g.doubleclick.net https://*.google.de https://*.google.com.br https://*.google.com.tw https://*.google.com.tr https://*.googletagmanager.com https://*.crazyegg.com https://*.google.co.uk http://*.springserve.com https://*.google.com.ua http://*.lkqd.net https://*.cooladata.com https://*.google.com.my https://*.google.es https://*.springserve.net http://*.vidible.tv 'self' https://*.cloudinary.com https://*.googlesyndication.com data: https://*.google.com https://*.onesignal.com https://*.google-analytics.com https://*.intercomassets.com https://*.google.ae https://*.google.com.eg https://*.google.it https://*.joinhoney.com https://*.google.nl https://*.gstatic.com https://*.cloudfront.net https://*.google.co.il https://*.google.co.in http://*.bfmio.com http://*.facebook.com https://*.cmptch.com https://*.amazonaws.com https://*.outbrain.com https://*.springserve.com https://*.google.com.vn https://*.google.co.ma https://*.google.co.th https://*.google.fr https://*.intercomcdn.com https://*.google.ru https://*.ggpht.com https://*.google.co.za https://*.google.com.mx https://*.google.com.au https://*.taboola.com https://*.quora.com https://*.google.lk https://*.streamrail.com http://*.advertising.com https://*.facebook.com https://*.google.gr wss://*.inspectlet.com https://*.inspectlet.com https://*.lkqd.net https://*.bing.com https://*.bfmio.com https://*.vidible.tv https://*.google.com.kw https://*.stripe.com https://*.advertising.com; manifest-src 'self'; media-src https://*.intercomcdn.com http://*.cloudinary.com https://*.cloudfront.net data: 'self' https://*.cloudinary.com; default-src 'self'; script-src https://*.bizographics.com http://*.moatads.com https://*.moatads.com https://*.addthis.com https://*.googleapis.com https://onesignal.com http://*.cloudinary.com https://*.g.doubleclick.net https://*.googletagmanager.com https://*.bootstrapcdn.com https://*.ads.linkedin.com http://*.vidible.tv https://*.googleadservices.com https://*.ravenjs.com http://*.lkqd.net https://*.cooladata.com https://*.springserve.net data: 'self' https://*.cloudinary.com https://*.googlesyndication.com https://*.google.com https://*.nr-data.net https://*.onesignal.com https://*.vertamedia.com https://*.google-analytics.com http://*.us.criteo.com https://*.criteo.net https://*.zscalertwo.net https://*.cloudfront.net https://*.sentry-cdn.com https://*.facebook.net https://*.linkedin.com https://*.cmptch.com https://*.amazonaws.com 'unsafe-eval' https://*.outbrain.com https://*.newrelic.com https://*.intercomcdn.com wss://*.intercom.io 'unsafe-inline' https://*.taboola.com https://*.cloudflare.com https://*.quora.com https://*.us.criteo.com https://*.streamrail.com https://*.licdn.com http://*.advertising.com http://*.criteo.net http://*.criteo.com wss://*.inspectlet.com https://*.inspectlet.com http://*.vertamedia.com https://*.addthisedge.com https://*.criteo.com https://*.bing.com https://*.advertising.com https://*.vidible.tv https://*.intercom.io https://*.lkqd.net https://*.stripe.com https://*.beachfrontmedia.com; font-src https://*.intercomcdn.com chrome-extension: https://*.googleapis.com https://*.joinhoney.com https://*.gstatic.com https://*.bootstrapcdn.com https://*.s3.amazonaws.com data: 'self'; child-src 'self'; frame-src https://*.addthis.com https://*.googleapis.com http://*.cloudinary.com https://*.g.doubleclick.net https://*.s3.amazonaws.com data: 'self' https://*.googlesyndication.com https://*.cloudinary.com https://*.google.com http://*.us.criteo.com https://*.criteo.net https://*.cloudfront.net https://*.facebook.net http://*.facebook.com https://*.cmptch.com https://*.matterport.com https://*.typeform.com https://*.us.criteo.com https://*.moz.com http://*.advertising.com http://*.criteo.net http://*.criteo.com https://*.facebook.com https://*.criteo.com https://onesignal.com https://*.stripe.com https://*.advertising.com; object-src https://*.cmptch.com 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_b712ff430c344451a7b9973dcafa5a57; worker-src 'self'; style-src https://*.cloudflare.com https://*.google.com https://*.cmptch.com https://*.googleapis.com https://onesignal.com https://*.joinhoney.com https://*.bootstrapcdn.com 'unsafe-inline' https://*.amazonaws.com data: 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://9a2118122033a14511d655c2e61579c2.report-uri.com/r/d/csp/reportOnly 1
script-src https://www.myprotein.co.kr https://m.myprotein.co.kr 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.co.kr/cspReport.txt; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' analyse.elaon.de 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://bat.bing.com https://dev-crm.agribargain.fr https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://www.gstatic.com https://connect.facebook.net https://sw-assets.ekomiapps.de https://*.ekomi.com https://googleads.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://ssl.google-analytics.com https://sw-assets.ekomiapps.de https://i.ytimg.com https://i.imgur.com https://www.googletagmanager.com https://www.google.com https://dev-crm.agribargain.fr; style-src 'self' https://sw-assets.ekomiapps.de https://widgets.ekomi.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com https://sw-assets.ekomiapps.de; frame-src https://www.google.com https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://widgets.ekomi.com; object-src 'none'; connect-src 'self' https://widgets.ekomi.com https://*.algolianet.com https://*.algolia.net 1
script-src https://www.ry.com.au https://m.ry.com.au 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.ry.com.au/cspReport.txt; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: asset: cdn.funds.jp cosmic-s3.imgix.net cdnjs.cloudflare.com sentry.io fonts.googleapis.com www.google.com www.google.co.jp www.googletagmanager.com www.google-analytics.com www.googleadservices.com fonts.gstatic.com www.gstatic.com platform.twitter.com syndication.twitter.com connect.facebook.net www.facebook.com staticxx.facebook.com heapanalytics.com cdn.heapanalytics.com *.criteo.net *.criteo.com www.tcs-asp.net *.ebis.ne.jp *.accesstrade.net *.linksynergy.com *.trafficgate.net *.doubleclick.net s.yimg.jp *.yahoo.co.jp *.microad.jp *.a8.net *.dc-storm.com *.cribnotes.jp *.rlcdn.com *.rmtag.com; report-uri https://sentry.io/api/1312751/security/?sentry_key=905abc2358684b45b94d0af144209396&sentry_environment=production 1
default-src 'self' https://*.jxck.io https://www.google-analytics.com; connect-src https://report-uri.jxck.io; report-uri https://report-uri.jxck.io; report-to; trusted-types; default 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
script-src https://www.lookfantastic.ru https://m.lookfantastic.ru 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.ru/cspReport.txt; 1
script-src https://www.skincarerx.com https://m.skincarerx.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://dnn506yrbagrg.cloudfront.net; report-uri https://www.skincarerx.com/cspReport.txt; 1
script-src https://www.probikekit.com.au https://m.probikekit.com.au 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.probikekit.com.au/cspReport.txt; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.pinterest.com log.pinterest.com connect.facebook.net platform.twitter.com syndication.twitter.com tfw-current.s3.amazonaws.com www.google.com www.gstatic.com cdnjs.cloudflare.com stevenlevithan.com www.googletagmanager.com www.google-analytics.com; report-uri /nelmio/csp/report 1
connect-src 'self' https://evt.klarna.com https://www.google-analytics.com *.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://bam.nr-data.net https://www.facebook.com; img-src 'self' data: *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net *.klarna.com https://www.google-analytics.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com images.contentful.com images.ctfassets.net https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com https://maps.googleapis.com https://bat.bing.com https://www.facebook.com https://img.youtube.com https://pixel.quantserve.com; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com; frame-src 'self' *.klarna.com *.doubleclick.net https://vars.hotjar.com *.youtube.com https://booking.brenderuprental.com https://utm.keskoanalytics.com/; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com https://keskoanalytics.s3.eu-central-1.amazonaws.com; script-src 'self' 'unsafe-inline' *.klarnacdn.net https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com; default-src 'none'; media-src videos.contentful.com videos.ctfassets.net; child-src https://vars.hotjar.com; report-uri https://www.k-rauta.se/csp-report; 1
script-src https://www.myvitamins.com https://m.myvitamins.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.myvitamins.com/cspReport.txt; 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com; img-src 'self' https://* * data:; script-src 'self' https://*.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://cdn.jsdelivr.net https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://media2.supermagnete.fr https://www.supermagnete.fr 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.fr https://www.supermagnete.fr 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; report-to https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
default-src *; base-uri *; connect-src *; font-src *; form-action *; frame-ancestors *; frame-src *; child-src *; object-src *; plugin-types *; script-src *; style-src *; worker-src * 1
script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com bam.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net secure-nz.imrworldwide.com static.criteo.net *.criteo.com web-sdk.urbanairship.com web-push-api.urbanairship.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com storage.googleapis.com; default-src web-push-api.urbanairship.com web-sdk.urbanairship.com bid.g.doubleclick.net *.criteo.com storage.googleapis.com blob: static.criteo.net *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com 'self' data: secure-nz.imrworldwide.com www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com secure-nz.imrworldwide.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net secure-nz.imrworldwide.com *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com web-sdk.urbanairship.com web-push-api.urbanairship.com storage.googleapis.com www.googletagservices.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz web-sdk.urbanairship.com web-push-api.urbanairship.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org; font-src 'self' *.grabone.co.nz fonts.gstatic.com data: storage.googleapis.com; report-uri https://f6v4mfnzug.execute-api.ap-southeast-2.amazonaws.com/prod/csp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ ; script-src 'self' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://8566731.fls.doubleclick.net/ https://bid.g.doubleclick.net/ ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod 1
script-src https://www.idealshape.com https://m.idealshape.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://dnn506yrbagrg.cloudfront.net https://www.shopperapproved.com; report-uri https://www.idealshape.com/cspReport.txt; 1
report-uri https://www.childcare.co.uk/app/csp-reports; default-src blob: data: https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.ampproject.org https://cdnjs.cloudflare.com https://code.jquery.com https://js.recurly.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://connect.facebook.net https://d1l6p2sc9645hc.cloudfront.net https://*.gosquared.com https://*.childcare.co.uk https://*.trustpilot.com https://*.doubleclick.net https://cdn.ckeditor.com 1
frame-src 'self' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://adm.lcl https://u.ua https://u.lcl https://login.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://www.google.com https://www.google.com.ua https://www.google-analytics.com https://stats.g.doubleclick.net; connect-src https://adm.tools https://adm.lcl https://www.ukraine.com.ua https://cdn.ukraine.com.ua:3001 https://login.tools wss://cdn.ukraine.com.ua:3001 https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://9f7d2d480a369bf85ef8324e15fb3448.report-uri.com/r/d/csp/reportOnly 1
script-src https://www.lookfantastic.se https://m.lookfantastic.se 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.se/cspReport.txt; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src https: blob: mediastream: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://disqus.com https://c.disquscdn.com; base-uri 'self'; font-src 'self' https: data:; script-src 'self' https://www.google-analytics.com https://www.google.com https://www.googleapis.com https://disqus.com https://tunetheweb.disqus.com https://a.disquscdn.com https://c.disquscdn.com https://translate.googleapis.com https://translate.google.com https://cdn.ampproject.org https://www.gstatic.com; style-src 'unsafe-inline' 'self' https:; frame-ancestors 'none'; form-action 'self'; img-src 'self' https: data:; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; worker-src 'self' https://www.google-analytics.com https://www.google.com https://www.googleapis.com https://disqus.com https://tunetheweb.disqus.com https://a.disquscdn.com https://c.disquscdn.com https://translate.googleapis.com https://translate.google.com https://cdn.ampproject.org https://www.gstatic.com; child-src 'self' https://https.tunetheweb.com https://disqus.com; media-src 'none'; object-src 'none'; report-uri https://tunetheweb.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'nonce-f1e23f61-fc70-4f2d-b53e-c553c914e168' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
frame-ancestors https://www.noegkk.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src https://www.noegkk.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-MjcivgYflzwE9gqroE8fyOSczk' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
script-src https://www.lookfantastic.de https://m.lookfantastic.de 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.de/cspReport.txt; 1
script-src https://www.myprotein.no https://m.myprotein.no 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.no/cspReport.txt; 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; report-uri https://sentry.utdev.com/api/11/security/?sentry_key=fd1451556bfc4ccd9a2e268240b3e2e7; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ph&source%5Bsection%5D=brochure&source%5Buuid%5D=4c419fb5fd7865ad56e9b440c93e3ad2 1
script-src https://www.lookfantastic.pt https://m.lookfantastic.pt 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.pt/cspReport.txt; 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-69579330-21be-45d3-9dae-85d06ab9f48c' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src'self' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=b0f9242235a7ccc63ec955819839b6db 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/; media-src 'self' https://projectlombok.org/; script-src 'self' 'sha256-H639OXZXKP0j2o4p/B40Znp/sDbQKrAYH8hMr+jDUEg=' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; report-uri https://projectlombok.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://3yz21u6wojsrvhw3tvd5q8ux.httpschecker.net/report 1
script-src https://www.popinabox.it https://m.popinabox.it 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.popinabox.it/cspReport.txt; 1
report-uri /api/csp-violation-report 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.ie *.ulsterbank.com *.ulsterbankanytimebanking.ie *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com www.irishlife.ie; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankroi.report-uri.com/r/t/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri https://ramsalt.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; img-src 'self' data: https://piwik.contactoffice.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.contactoffice.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; form-action 'self'; frame-ancestors 'self'; report-uri https://mailbe.report-uri.com/r/d/csp/reportOnly; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; report-uri https://sentry.io/api/90716/csp-report/?sentry_key=4381f955b6f94fd9ba83d0364bee911f 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
connect-src 'self' https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.gastracker.io https://api.blockcypher.com https://api.etherscan.io https://sentry.io; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://gatehub.net https://*.gatehub.net https://www.google.com; img-src 'self' https://gatehub.net https://*.gatehub.net https://*.amazonaws.com https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com blob: data:; media-src 'self' https://gatehub.net https://*.gatehub.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com; report-uri https://b960aada6d33bb96f0f823104b1b3dde.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation/ 1
block-all-mixed-content; report-uri https://www.matrony.ru/https-mixed-content-logger/csp_report_log.php; 1
default-src 'self'; style-src 'self' 'unsafe-inline' ws1.postescanada-canadapost.ca tpc.googlesyndication.com creator.zmags.com fonts.googleapis.com cdn1.lavieenrose.com cdn1.bikinivillage.com snapwidget.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.zopim.com static.hotjar.com script.hotjar.com *.rfihub.net *.rfihub.com cdn.districtm.ca secure.adnxs.com libs.na.bambora.com *.postescanada-canadapost.ca amik.postaffiliatepro.com snapwidget.com cdn1.lavieenrose.com cdn1.bikinivillage.com s7.addthis.com m.addthisedge.com m.addthis.com maps.googleapis.com creator.zmags.com c.zmags.com www.google-analytics.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com d.impactradius-event.com www.googletagmanager.com pixel.adacado.com js-agent.newrelic.com bam.nr-data.net secure.quantserve.com rules.quantcount.com; font-src data: 'self' *.zopim.com fonts.gstatic.com cdn1.lavieenrose.com cdn1.bikinivillage.com; img-src data: 'self' www.google.nl www.google.fr www.google.com www.google.ca www.google-analytics.com www.gstatic.com gstatic.com maps.gstatic.com www.googltagmanager.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net dmx.districtm.ca secure.adnxs.com cdn.na.bambora.com www.addthis.com m.addthis.com *.zopim.com *.zopim.io creator.zmags.com c.zmags.com ws1.postescanada-canadapost.ca *.bikinivillage.com *.lavieenrose.com connect.facebook.net www.facebook.com static.hotjar.com script.hotjar.com vars.hotjar.com insights.hotjar.com pixel.quantserve.com; frame-src 'self' 'unsafe-eval' *.rfihub.com vars.hotjar.com libs.na.bambora.com *.lavieenrose.com gsa://onpageload *.doubleclick.net player.vimeo.com connect.facebook.net snapwidget.com www.facebook.com s7.addthis.com bid.g.doubleclick.net; connect-src 'self' wss://*.zopim.com insights.hotjar.com wss://*.hotjar.com www.google.com www.google.ca *.zopim.com ws1.postescanada-canadapost.ca *.zmags.com stats.g.doubleclick.net s7.addthis.com m.addthis.com www.google-analytics.com; media-src 'self' *.zopim.com; report-uri /csp-report; 1
script-src https://www.myprotein.gr https://m.myprotein.gr 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.gr/cspReport.txt; 1
default-src 'none'; script-src 'self' https://www.google-analytics.com 1
img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1
default-src 'self' tpc.googlesyndication.com; frame-src 'self' *.trademe.co.nz https://d3f5l8ze0o4j2m.cloudfront.net www.youtube.com www.facebook.com connect.facebook.net gsa://onpageload *.googlesyndication.com *.doubleclick.net *.imrworldwide.com trademe.wufoo.com my.matterport.com; font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: blob: *.tmcdn.co.nz *.trademe.co.nz d3f5l8ze0o4j2m.cloudfront.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com www.facebook.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.googlesyndication.com *.imrworldwide.com *.doubleclick.net *.googleusercontent.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3f5l8ze0o4j2m.cloudfront.net connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie www.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org; form-action 'self' *.trademe.co.nz trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net; connect-src 'self' *.trademe.co.nz *.tmcdn.co.nz api.dev.trademe.nz sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.doubleclick.net *.googlesyndication.com; report-uri https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd 1
default-src 'self' *.canterbury-cathedral.org; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://translate.google.com https://translate.googleapis.com https://www.googletagmanager.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://fonts.googleapis.com; img-src data: *; font-src data: 'self' https://fonts.gstatic.com; frame-src https://www.youtube.com https://maps.google.co.uk https://maps.google.com https://www.google.com 'self' *.canterbury-cathedral.org https://cvminder.com https://w.soundcloud.com; connect-src 'self' *.canterbury-cathedral.org https://*.google-analytics.com; report-uri https://www.canterbury-cathedral.org/csp-report.php; report-to default 1
default-src https://*.luxprivat.lu https://*.clicky.com https://*.getclicky.com 'unsafe-inline'; form-action 'self' www.google.lu; base-uri https://www.luxprivat.lu; img-src https://*.luxprivat.lu http://*.clicky.com https://*.getclicky.com; font-src https://*.luxprivat.lu netdna.bootstrapcdn.com; report-uri https://csp-report.aginion.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.roche.com *.roche.net *.gene.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src * 'self' data:; object-src 'self' ; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; disown-opener; reflected-xss block; base-uri 'none'; plugin-types application/pdf; report-uri https://roche.report-uri.com/r/t/csp/reportonly; 1
default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' *.slotmachinegratis.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com https://cdn.ywxi.net https://cdn.trustedsite.com https://connect.facebook.net https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com http://connect.facebook.net  https://secure.statcounter.com https://www.statcounter.com https://c.statcounter.com http://stat.svere.com;     style-src 'self' 'unsafe-inline';     frame-src 'self' https://snaiesercizioportal.game360.it https://freeplay.gt-cdn.net http://scdn.888.com https://mobet.williamhill.it/ http://www.williamhill.it https://www.williamhill.com http://sports.williamhill.it https://sports.williamhill.it http://ads.williamhill.it https://ads.williamhill.it http://www.affpowergames.com http://cache.download.casino.titanbet.it https://staticxx.facebook.com http://staticxx.facebook.com https://facebook.com https://www.facebook.com http://www.facebook.com http://static.ak.facebook.com https://s-static.ak.facebook.com;     img-src 'self' https://stats.g.doubleclick.net https://mmwebhandler.aff-online.com https://web.facebook.com https://www.facebook.com http://wwwimages.adobe.com http://stat.svere.com https://c.statcounter.com https://www.google-analytics.com http://www.adobe.com;     object-src 'self' https://slotmachinegratis.com;     report-uri //csplogic.appspot.com/report?src=slotmachinegratis.com; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-g5uDYKnMZh79zrJ782xTFUzRIk'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk www.youtube-nocookie.com; script-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk cdn.ravenjs.com ssl.google-analytics.com www.google-analytics.com static.addtoany.com dfsrovckda8bt.cloudfront.net hitcounter.servmetric.com www.google.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com *.googleapis.com www.googletagmanager.com platform.twitter.com babm.texthelp.com plus.browsealoud.com *.tawk.to cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ websurveys2.servmetric.com websurveys2.govmetric.com hitcounter.govmetric.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.charnwood.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.google.com maps.google.co.uk *.googleapis.com plus.browsealoud.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com websurveys2.govmetric.com websurveys2.servmetric.com 'unsafe-inline'; img-src 'self' data: www.charnwood.gov.uk secure.cuttlefish.com static.cuttlefish.com ssl.google-analytics.com www.google-analytics.com dfsrovckda8bt.cloudfront.net www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com maps-api-ssl.google.com babm.texthelp.com plus.browsealoud.com syndication.twitter.com platform.twitter.com stats.g.doubleclick.net cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com abs.twimg.com https://*.ggpht.com static-v.tawk.to websurveys2.govmetric.com websurveys2.servmetric.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com static-v.tawk.to; connect-src 'self' www.charnwood.gov.uk ssl.google-analytics.com www.google-analytics.com translate.googleapis.com babm.texthelp.com plus.browsealoud.com baspeech.speechstream.net sentry.cuttlefish.com https://stats.g.doubleclick.net *.tawk.to wss://*.tawk.to; frame-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk static.addtoany.com platform.twitter.com syndication.twitter.com www.facebook.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ va.tawk.to websurveys2.govmetric.com; media-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk baspeech.speechstream.net; frame-ancestors 'self' www.charnwood.gov.uk my.charnwood.gov.uk; child-src 'self' va.tawk.to; form-action 'self' www.charnwood.gov.uk my.charnwood.gov.uk pa.charnwood.gov.uk va.tawk.to; report-uri https://us-central1-domains-174713.cloudfunctions.net/csp?report_only; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src 'self' wss:; report-uri /ping/ 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
script-src https://www.glossybox.com https://m.glossybox.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://dnn506yrbagrg.cloudfront.net; report-uri https://www.glossybox.com/cspReport.txt; 1
child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com 1
frame-ancestors https://www.pensionsversicherung.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src https://www.pensionsversicherung.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
default-src 'self' *.facebook.com *.fbcdn.net *.google-analytics.com *.doubleclick.net *.bing.com secure.adnxs.com *.google.com *.google.it go.turboadv.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.bing.com *.turboadv.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;              report-uri /none; 1
default-src 'self' syndication.twitter.com; script-src js.suedtirolerland.it 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.suedtirolerland.it css.suedtirolerland.it www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.suedtirolerland.it js.suedtirolerland.it; font-src css.suedtirolerland.it; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src https:; script-src 'unsafe-inline'; style-src 'unsafe-inline';  1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://bac-csp.azurewebsites.net/api/CspReport 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' *.yandex.ru; style-src https: 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src https: data: fonts.googleapis.com; frame-src https: www.youtube.com; report-uri /csp-report 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=modnipeklo 1
default-src https:; frame-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
default-src c.disquscdn.com disqus.com image-src.kualo.com; object-src div.show; script-src image-src.kualo.com d3rxaij56vjege.cloudfront.net kualo.activehosted.com kualo.disqus.com analytics.twitter.com *.crisp.chat www.google.com static.hotjar.com libraries.hund.io trackcmp.net www.google-analytics.com static.ads-twitter.com connect.facebook.net rum-static.pingdom.net widget.trustpilot.com maxcdn.bootstrapcdn.com www.gstatic.com cdn.kualo.com www.googletagmanager.com w.recruiterbox.com *.addthis.com c.disquscdn.com m.addthisedge.com graph.facebook.com www.linkedin.com *.hotjar.com ajax.googleapis.com cdn.syndication.twimg.com cdnjs.cloudflare.com connect.facebook.net d3vv6lp55qjaqc.cloudfront.net disqus.com kualo-cdn.r.worldssl.net links.services.disqus.com maps.googleapis.com my.kualo.com netdna.bootstrapcdn.com platform.twitter.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src image-src.kualo.com cdn.jsdelivr.net *.crisp.chat fonts.googleapis.com cdn.kualo.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com libraries.hund.io w.recruiterbox.com c.disquscdn.com kualo-cdn.r.worldssl.net my.kualo.com netdna.bootstrapcdn.com platform.twitter.com ton.twimg.com 'self' 'unsafe-inline'; img-src image-src.kualo.com kualo-cdn.r.worldssl.net images.softaculous.com *.crisp.chat www.google-analytics.com t.co www.facebook.com www.google.com cdn.kualo.com stats.g.doubleclick.net data: w.recruiterbox.com cdn.viglink.com links.services.disqus.com sync.crwdcntrl.net ps.eyeota.net ce.lijit.com abs.twimg.com c.disquscdn.com cdnjs.cloudflare.com content.screencast.com d226aj4ao1t61q.cloudfront.net d3vv6lp55qjaqc.cloudfront.net i.ytimg.com m.addthis.com maps.googleapis.com maps.gstatic.com pbs.twimg.com platform.twitter.com referrer.disqus.com screens.kgix.net syndication.twitter.com ton.twimg.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.softaculous.com 'self'; font-src client.crisp.chat fonts.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.kualo.com image-src.kualo.com kualo-cdn.r.worldssl.net my.kualo.com netdna.bootstrapcdn.com themes.googleusercontent.com www.kualosites.com 'self' 'unsafe-inline'; connect-src wss://*.crisp.chat rum-collector-2.pingdom.net www.google-analytics.com my.kualo.com status.kualo.com in.hotjar.com www.facebook.com connect.facebook.net *.crisp.chat links.services.disqus.com m.addthis.com 'self' cdn.kualo.com image-src.kualo.com s7.addthis.com stats.g.doubleclick.net; frame-src www.youtube.com widget.trustpilot.com vars.hotjar.com www.google.com www.facebook.com app.recruiterbox.com disqus.com *.addthis.com c.disquscdn.com game.crisp.chat platform.twitter.com staticxx.facebook.com syndication.twitter.com www.googletagmanager.com; script-src-elem cdn.syndication.twimg.com cdnjs.cloudflare.com d3vv6lp55qjaqc.cloudfront.net disqus.com links.services.disqus.com maps.googleapis.com platform.twitter.com ; style-src-elem c.disquscdn.com platform.twitter.com ton.twimg.com; manifest-src https://www.kualo.com https://www.kualo.co.uk https://www.kualo.in; report-uri https://kualo.report-uri.com/r/d/csp/wizard; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' carjam.co.nz *.carjam.co.nz; connect-src 'self' carjam.co.nz *.carjam.co.nz www.google-analytics.com stats.g.doubleclick.net www.facebook.com; font-src 'self' carjam.co.nz *.carjam.co.nz data: d1oe1cut6yqpb4.cloudfront.net fonts.gstatic.com; frame-src 'self' carjam.co.nz *.carjam.co.nz staticxx.facebook.com www.facebook.com connect.facebook.net web.facebook.com www.youtube.com www.googletagmanager.com; img-src *; media-src 'self' carjam.co.nz *.carjam.co.nz www.youtube.com; object-src 'self' carjam.co.nz *.carjam.co.nz; script-src 'self' 'unsafe-inline' https: 'nonce-dee8d1d2f9' 'strict-dynamic'; style-src 'self' carjam.co.nz *.carjam.co.nz d1oe1cut6yqpb4.cloudfront.net staticxx.facebook.com www.youtube.com 'unsafe-inline'; report-uri https://www.nzpro.com/csp-prod.php; 1
default-src https://www.google.com https://maps.google.com  https://stats.g.doubleclick.net  https://www.google-analytics.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; font-src data: https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' http://fonts.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; object-src https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; img-src https://www.google.com https://www.google.pl https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://www.google-analytics.com data:; upgrade-insecure-requests; 1
frame-ancestors https://www.meinesv.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src https://www.meinesv.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
script-src https://www.illamasqua.com https://m.illamasqua.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://cloud.google.com https://maps.googleapis.com https://assets.rewardstyle.com https://collect.rewardstyle.com https://widgets.rewardstyle.com; report-uri https://www.illamasqua.com/cspReport.txt; 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com; img-src 'self' https://* * data:; script-src 'self' https://*.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://cdn.jsdelivr.net https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; report-to https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.es&source%5Bsection%5D=brochure&source%5Buuid%5D=c5e000a904c1eee0a9fb34fbf95dea4f 1
default-src * 'unsafe-eval' 'unsafe-inline' 'self' blob:; font-src 'self' https://vjs.zencdn.net data:; img-src * data:; media-src 'self' https://vjs.zencdn.net https://*.brightcove.com blob:; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self'; report-uri /ContentSecurityPolicy/Report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri / 1
script-src https://www.gillette.co.uk https://m.gillette.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://code.jquery.com https://geolocation.onetrust.com; report-uri https://www.gillette.co.uk/cspReport.txt; 1
default-src 'self'; media-src 'self' *.lpsnmedia.net; connect-src 'self' *.addthis.com; script-src 'unsafe-inline' 'unsafe-eval' *.ihi.com *.liveperson.net *.statcamp.net *.tiqcdn.com *.lpsnmedia.net *.addthis.com *.addthisedge.com *.sitecore.net; img-src 'self' *; style-src 'unsafe-inline' *.ihi.com; frame-src * *.lpsnmedia.net *.addthis.com *.sitecore.net; frame-ancestors 'self' *.sitecore.net; 1
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline'; report-uri /csp-violations 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; connect-src https: wss:; block-all-mixed-content; report-uri https://4care.report-uri.com/r/d/csp/reportOnly; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 1
default-src photomath.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' tcms.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' cms.photomath.net tcms.photomath.net; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com about: data:; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com; report-uri https://563mjpey.uriports.com/reports/report; report-to default 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com platform.twitter.com connect.facebook.net *.addthis.com *.doubleclick.net; img-src 'self' *.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' *.addthis.com *.doubleclick.net; media-src 'self' *.youtube.com; child-src 'self' *.youtube.com apis.google.com accounts.google.com *.googletagmanager.com platform.twitter.com *.addthis.com *.doubleclick.net *.facebook.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; object-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://*.dcrdata.org; manifest-src 'self' 1
script-src https://www.exantediet.com https://m.exantediet.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.exantediet.com/cspReport.txt; 1
default-src 'self' muxoboika.ru http://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' muxoboika.ru advapi.ru *.ytimg.com https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com http://*.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.doubleclick.net; object-src 'self' http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com https://*.googleapis.com *.google-analytics.com http://www.youtube.com https://www.youtube.com *.gstatic.com;frame-src 'self' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://*.googlesyndication.com *.doubleclick.net https://*.google-analytics.com https://*.doubleclick.net https://*.google.com http://*.google.com; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sc020yt0rwhkktjwws4uujxl.httpschecker.net/report 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=vitalion 1
default-src 'self' http://ohotnik-kolomna.ru ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ssl.google-analytics.com https://ssl.google-analytics.com http://*.googleapis.com https://*.googleapis.com http://vk.com https://vk.com https://login.vk.com http://login.vk.com http://www.google-analytics.com https://www.google-analytics.com http://top-fwz1.mail.ru https://top-fwz1.mail.ru http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com http://*.addthis.com https://*.addthis.com http://*.ok.ru https://*.ok.ru http://st.top100.ru https://st.top100.ru http://*.delicious.com https://*.delicious.com https://*.google.com http://*.google.com https://*.pinterest.com http://*.pinterest.com http://*.twitter.com https://*.twitter.com http://www.odnoklassniki.ru https://www.odnoklassniki.ru http://www.reddit.com https://www.reddit.com https://www.linkedin.com http://www.linkedin.com http://counter.rambler.ru https://counter.rambler.ru http://m.addthisedge.com https://m.addthisedge.com http://yandex.ru; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com; img-src 'self' data: http://yandex.ru http://*.yadro.ru https://vk.com http://vk.com http://top-fwz1.mail.ru http://www.google-analytics.com https://www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net https://*.facebook.com http://*.facebook.com http://counter.rambler.ru https://counter.rambler.ru http://kraken.rambler.ru http://top-fwz1.mail.ru https://top-fwz1.mail.ru http://*.addthis.com https://*.addthis.com http://*.gstatic.com https://*.gstatic.com https://*.pinterest.com http://*.pinterest.com http://*.twitter.com https://*.twitter.com http://*.googleapis.com https://*.googleapis.com http://www.adobe.com https://www.adobe.com http://m.addthisedge.com https://m.addthisedge.com https://apis.google.com http://apis.google.com ; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com ; media-src 'self'; child-src 'self' http://vk.com https://vk.com http://login.vk.com https://login.vk.com http://*.facebook.com https://*.facebook.com https://*.ok.ru http://*.ok.ru http://*.addthis.com https://*.addthis.com https://*.google.com http://*.google.com https://*.pinterest.com http://*.pinterest.com http://*.twitter.com https://*.twitter.com http://www.youtube.com https://www.youtube.com ; connect-src 'self' http://www.google-analytics.com https://www.google-analytics.com http://*.addthis.com https://*.addthis.com https://m.addthisedge.com http://m.addthisedge.com https://sba.yandex.net https://yandex.ru; object-src 'self';report-uri   https://902149f45b2c02508d9587ab45c98de3.report-uri.io/r/default/csp/enforce   ; 1
block-all-mixed-content; default-src 'self'; style-src * 'unsafe-inline'; font-src * data:; img-src * data: blob:; object-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdnjs.cloudflare.com js.stripe.com cdn.segment.com connect.facebook.net static.zdassets.com cdn.amplitude.com maps.googleapis.com www.google-analytics.com cdn.inspectlet.com *.zopim.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net; frame-src js.stripe.com staticxx.facebook.com blob: docs.google.com www.facebook.com bid.g.doubleclick.net tpc.googlesyndication.com connect.facebook.net gsa://onpageload https://onpageload; connect-src 'self' ekr.zdassets.com api.segment.io iziworksupport.zendesk.com api.amplitude.com www.facebook.com graph.facebook.com hn.inspectlet.com wss://*.zopim.com wss://ws.inspectlet.com www.google-analytics.com api.rollbar.com iziwork-backend-prod.herokuapp.com; report-uri https://iziwork-backend-prod.herokuapp.com/report-violation 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=log&sessionId=10c4b5f0fe3ae72fe057b04eead951c525b5fe78 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=log&sessionId=7ae41802c436a2a8e2e17ffc164937b35dce643e 1
default-src 'self'; script-src 'self' 'unsafe-inline' asset; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com/; report-uri //joinpage.webbilling.com/logservice.php 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinsidr.com cloudinsidr.com *.digitalmastersmag.com digitalmastersmag.com *.google-analytics.com https://sync.sharethis.com https://apis.google.com https://accounts.google.com https://cdn.heapanalytics.com load.sumome.com https://sumome.com https://sumome-140a.kxcdn.com https://sumo.com https://js.stripe.com https://gc.kis.scr.kaspersky-labs.com https://platform.twitter.com https://connect.facebook.net https://api.facebook.com https://graph.facebook.com https://widgets.pinterest.com https://buttons.reddit.com https://www.linkedin.com https://www.yummly.com https://api.bufferapp.com https://affiliate.thesslstore.com https://ad.linksynergy.com https://contextual.media.net http://contextual.media.net https://srvjsr.media.net https://cdn.inspectlet.com https://lg1.media.net https://srvjsre.media.net z-na.amazon-adsystem.com https://digital-masters-magazine.disqus.com https://cloudinsidr-com.disqus.com https://c.disquscdn.com https://disqus.com https://fast.wistia.net https://mstat.acestream.net https://links.services.disqus.com https://gateway.zscalertwo.net http://cdn.inspectlet.com https://m59.prod2016.com; img-src 'self' data: https://sumome-140a.kxcdn.com *.cloudinsidr.com cloudinsidr.com *.digitalmastersmag.com digitalmastersmag.com https://s.w.org https://load.sumo.com https://sumome.com https://sumo.com https://media.sumo.com https://sumome-media.s3.amazonaws.com https://micro.sumo.com https://www.gravatar.com https://secure.gravatar.com https://www.gstatic.com https://q.stripe.com https://www.facebook.com https://syndication.twitter.com https://dashboard.zopim.com https://affiliate.thesslstore.com *.amazon-adsystem.com https://images-na.ssl-images-amazon.com *.google-analytics.com https://stats.g.doubleclick.net ad.linksynergy.com https://mproxy.banner.linksynergy.com https://impus.tradedoubler.com https://vht.tradedoubler.com https://qsearch-a.akamaihd.net https://c.adyield.co https://c.ad-srv.co https://srvjsr.media.net https://contextual.media.net https://lg1.media.net https://s.mnet-ad.net https://referrer.disqus.com https://c.disquscdn.com https://disqus.com https://links.services.disqus.com https://code.jquery.com https://cdn.viglink.com https://i1.wp.com https://heapanalytics.com https://hn.inspectlet.com https://bcp.crwdcntrl.net https://ps.w.org https://gateway.zscalertwo.net https://www.a4c.com https://microsumo-140a.kxcdn.com https://sync.sharethis.com https://easyid.scansafe.net; style-src 'self' 'unsafe-inline' data: *.cloudinsidr.com *.digitalmastersmag.com https://fonts.googleapis.com https://sumome-140a.kxcdn.com https://sumo.com load.sumome.com https://code.jquery.com https://c.disquscdn.com https://disqus.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://sumome-140a.kxcdn.com https://contextual.media.net https://sxt.cdn.skype.com https://maxcdn.bootstrapcdn.com; form-action 'self'; connect-src 'self' wss://www.digitalmastersmag.com wss://www.cloudinsidr.com https://apis.google.com https://www.google-analytics.com https://sumome.com https://sumo.com https://sumome-140a.kxcdn.com https://clients6.google.com https://code.jquery.com https://hn.inspectlet.com https://yoast.com https://links.services.disqus.com wss://ws.inspectlet.com https://stats.g.doubleclick.net https://cr-input.mxpnl.net; frame-src 'self' https://apis.google.com https://accounts.google.com https://js.stripe.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://impus.tradedoubler.com https://ad.linksynergy.com https://affiliate.thesslstore.com http://affiliate.thesslstore.com https://contextual.media.net https://sumo.com https://c.disquscdn.com https://disqus.com https://fast.wistia.net https://static.media.net; object-src 'self'; report-uri https://f454b82e7d32b8566fe5e2c5adce5e2e.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' about: blob: data: https://*.salesforceliveagent.com https://c.disquscdn.com https://connect.facebook.net https://disqus.com https://fast.wistia.com https://freelanceadvisor.disqus.com https://metrics.responsetap.com https://pi.pardot.com https://px.ads.linkedin.com https://script.hotjar.com https://static-ssl.responsetap.com https://static.hotjar.com https://www.crunch.uk https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com https://storage.googleapis.com https://hst.tradedoubler.com https://api.trustpilot.com https://widget.trustpilot.com https://s3-eu-west-1.amazonaws.com/crunch-cdn; style-src 'self' 'unsafe-inline' https://c.disquscdn.com; frame-ancestors 'self' https://*.crunch.co.uk; default-src 'self' https://disqus.com https://c.disquscdn.com https://*.crunch.co.uk; frame-src 'self' https://*.crunch.co.uk https://connect.facebook.net https://disqus.com https://fast.wistia.com https://go.pardot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: *; connect-src 'self' https://api.mixpanel.com https://distillery.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://insights.hotjar.com https://in.hotjar.com https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com; object-src 'self' blob:; media-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; report-to /platform-api/csp-violations/report/; report-uri /platform-api/csp-violations/report/; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri csp-report 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' connect.facebook.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com widget.intercom.io js.intercomcdn.com bridge.paymill.com wootric-eligibility.herokuapp.com d27j601g4x0gd5.cloudfront.net cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net googleads.g.doubleclick.net www.google.com www.google.dk www.google.co.uk cdn.headwayapp.co consentcdn.cookiebot.com consent.cookiebot.com static.hotjar.com script.hotjar.com; report-uri https://elmahio.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: wss: data: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-w9M3O47Tyb1zSznoGUriTqgOnKE'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'none'; style-src 'unsafe-inline' *.hl-inside.ru platform.twitter.com ton.twimg.com; img-src data: *.hl-inside.ru pbs.twimg.com abs.twimg.com syndication.twitter.com platform.twitter.com ton.twimg.com mc.yandex.ru img.youtube.com site.yandex.net i.ytimg.com i1.ytimg.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com vk.com steamcdn-a.akamaihd.net mc.webvisor.com mc.webvisor.org ymetrica.com mc.yandex.ua mc.yandex.ru ymetrica1.com googletagmanager.com; script-src 'nonce-FH2TpIrVDWL3MpENJA4OYA==' *.hl-inside.ru platform.twitter.com cdn.syndication.twimg.com mc.yandex.ru graph.facebook.com vk.com login.vk.com site.yandex.net c-cdn.coub.com yastatic.net sitesearch-suggest.yandex.ru www.google-analytics.com d31j93rd8oukbv.cloudfront.net mc.webvisor.com mc.webvisor.org cdn.jsdelivr.net; frame-src syndication.twitter.com platform.twitter.com store.steampowered.com w.soundcloud.com orphus.ru archive.org coub.com www.youtube.com vk.com docs.google.com gfycat.com; frame-ancestors 'self'; connect-src *.hl-inside.ru mc.yandex.ru mc.yandex.by passport.yandex.fr www.googleapis.com ssl.google-analytics.com mc.webvisor.com mc.webvisor.org ymetrica.com report.appmetrica.webvisor.com passport.yandex.ua lalablah.com syndication.twitter.com www.google-analytics.com; media-src *.hl-inside.ru; 1
default-src https://neverbounce.com 'unsafe-inline' https://* ; script-src https://neverbounce.com 'self' 'unsafe-eval' 'unsafe-inline' https://*; connect-src https://neverbounce.com https://* wss://*; style-src https://neverbounce.com 'unsafe-inline' https://* ; frame-src https://neverbounce.com 'self' https://* ; child-src https://neverbounce.com 'self' https://* ; worker-src https://neverbounce.com 'self' https://* ; font-src https://neverbounce.com data: https://* ; img-src https://neverbounce.com data: https://* ; object-src 'none' ; report-uri https://sentry.neverbounce.com/api/4/security/?sentry_key=4a166cf492e041cda3079631d36bb76d&sentry_environment=production&sentry_release=0.2.298 1
default-src 'self' 'nonce-bkulxnafvcgeshkhgdtmyndxnhhapjnpfrzbkjoi' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; 1
default-src 'none'; media-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-EvDhsU29hvS3NWDP6Yy091iOfWyn9pFxgBdQTVNjLk1r/vZVlJ1HXD1QaNBxY+AQDsZm7Url+i5HKFjAo27z0A==' 'report-sample' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/hint.css/1.3.2/hint.min.css https://optimize.google.com/optimize/editor/css/css.css; font-src 'self' https://themes.googleusercontent.com/static/fonts/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.facebook.com data:; img-src * data:; frame-src data: 'self' https://*.doubleclick.net/ https://*.facebook.net/ https://www.youtube.com/ https://www.googletagmanager.com/ https://accounts.google.com/; connect-src *; object-src 'self'; child-src 'self'; report-uri https://ac82c0dc52571d815c9ba2a927354a38.report-uri.com/r/d/csp/reportOnly; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:8001 http://localhost:8001 https://cdn.jsdelivr.net https://*.google-analytics.com https://*.googleapis.com https://*.newrelic.com http://*.sumome.com/ sumo.b-cdn.net https://secure-ds.serving-sys.com https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/fancybox/ https://code.jquery.com; style-src 'self' 'unsafe-inline' sumo.b-cdn.net https://cdn.jsdelivr.net https://use.fontawesome.com fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/fancybox/; img-src * data:; report-uri https://cd36466f21f5db895967ac9cb87c0cb5.report-uri.com/r/d/csp/reportOnly 1
script-src https://www.myprotein.pl https://m.myprotein.pl 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.pl/cspReport.txt; 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.za:*; frame-ancestors *.calypso.net.au *.flightcentre.co.za; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=log&sessionId=73c32b82ff1c040d50ca25b413d1d1170e64fcf7 1
default-src 'self' syndication.twitter.com; script-src js.pustertal.org 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.pustertal.org css.pustertal.org www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.pustertal.org js.pustertal.org; font-src css.pustertal.org; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src 'self' syndication.twitter.com; script-src js.val-pusteria.net 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.val-pusteria.net css.val-pusteria.net www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.val-pusteria.net js.val-pusteria.net; font-src css.val-pusteria.net; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
script-src https://www.lookfantastic.ae https://m.lookfantastic.ae 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.ae/cspReport.txt; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net https://player.polyv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epixnow.com https://api.mixpanel.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/; script-src 'self' 'unsafe-inline' data: https://*.epixnow.com https://api.mixpanel.com/ https://www.google.com/ https://www.gstatic.com/ https://recaptcha.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://analytics.twitter.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://static.ads-twitter.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://connect.facebook.net/; connect-src https://*.epixnow.com/ https://epixnow.com/ https://api.mixpanel.com/ https://stats.g.doubleclick.net/ https://sentry.io/ ; img-src 'self' https://*.epixnow.com https://content.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com.ar/ https://www.google.com.ua/ https://www.google.ro/ https://www.google.ae/ https://t.co/ https://www.facebook.com/ data: ; style-src 'self' 'unsafe-inline'; font-src data: https://www.epixnow.com/ https://epixnow.com/ ; report-uri https://sentry.io/api/1229739/security/?sentry_key=fc99f2d07f6e472681f711aa39fdfe3d&sentry_environment=prod 1
script-src https://www.myprotein.ro https://m.myprotein.ro 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.ro/cspReport.txt; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
report-uri /csp-report-collector; default-src 'none'; script-src 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https:; frame-src 'self' https:; connect-src 'self' https: wss:; img-src 'self' data: https:; font-src data: https:; media-src blob: https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://static.addtoany.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com https://*.google.com https://*.webspellchecker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com; media-src 'self' data: http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://stats.g.doubleclick.net; frame-src https://*.webspellchecker.net https://static.addtoany.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://maps.google.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://stats.addtoany.com https://stats.g.doubleclick.net https://www.google-analytics.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://*.google-analytics.com https://*.googleapis.com https://*.pingdom.net http://*.pusher.com https://*.pusher.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net https://unpkg.com https://*.postmarkapp.com; object-src 'self'; form-action 'self'; base-uri https://rent4sure.co.uk https://dev.rent4sure.co.uk http://dev.rent4sure; report-uri /log/csp_violation 1
default-src 'self' https://themes.googleusercontent.com/ https://www.rovid.nl http://www.rovid.nl; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl http://statistiek.rijksoverheid.nl https://www.rovid.nl http://www.rovid.nl; report-uri //report-csp-violation 1
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' https://charts3.equitystory.com https://socialcloud.bertelsmann.com https://www.youtube.com https://*.rtl.de; connect-src 'self' wss://*.bertelsmann.de https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net; report-uri http://deniol2415.nionex.net/report-uri.php 1
default-src 'none'; 'unsafe-inline' 1
script-src https://www.lookfantastic.com.sg https://m.lookfantastic.com.sg 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.com.sg/cspReport.txt; 1
report-uri https://www.netigate.net/sv/wp-json/reporting-api/v1/reporting/; report-to default 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.my&source%5Bsection%5D=brochure&source%5Buuid%5D=6a4845c5f91400a87049173e96c8df06 1
default-src	'self' 
				'unsafe-inline' 
				data: 
				'unsafe-eval' 
				*.firstunitedbank.com 
				*.netteller.com 
				*.youtube.com 
				*.liveperson.net 
				*.newrelic.com 
				*.nadaguides.com 
				www.googletagmanager.com 
				*.google-analytics.com 
				s.ytimg.com 
				d3tpuxked45kzt.cloudfront.net 
				dispatch.look.io 
				*.ensighten.com 
				bam.nr-data.net 
				*.doubleclick.net 
				https://www.google.com/ads/
				https://connect.facebook.net
				https://bat.bing.com
				https://bat.r.msn.com
				https://www.facebook.com
				https://siteimproveanalytics.com
				https://us.personalcard.net
				https://us1.siteimprove.com
				https://admin.americasaves.org
				https://*.lpsnmedia.net
				https://www.googleadservices.com/pagead/conversion_async.js
				https://*.wishpond.net
				https://*.wishpond.com
				; 
		report-uri /_/csp-reports; 1
default-src 'self' *.typekit.net *.google.com *.gstatic.com *.googleapis.com *.vimeo.com http://siteimproveanalytics.com https://vimeo.com *.googletagmanager.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 1
default-src 'self'; script-src https://static.groklearning-cdn.com 'nonce-XZEhmCY5IwbH7oKe1f1Km1et' https://groklearning.com https://mathjax.groklearning-cdn.com https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net connect.facebook.net https://www.google-analytics.com; style-src https://static.groklearning-cdn.com 'unsafe-inline' https://mathjax.groklearning-cdn.com https://d12wqas9hcki3z.cloudfront.net https://djtflbt20bdde.cloudfront.net https://fonts.googleapis.com; img-src 'self' data: https://groklearning-cdn.com https://static.groklearning-cdn.com https://web.comp.gl www.facebook.com web.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com d33v4339jhl8k0.cloudfront.net https://www.gravatar.com; connect-src 'self' https://groklearning-cdn.com https://static.groklearning-cdn.com wss://realtime.groklearning.com wss://terminals.groklearning.com wss://sandbox.comp.gl wss://*.sandbox.comp.gl https://preview.comp.gl https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.helpscout.net https://api.ipify.org https://docs.groklearning.io; font-src https://static.groklearning-cdn.com https://mathjax.groklearning-cdn.com https://fonts.gstatic.com; object-src https://djtflbt20bdde.cloudfront.net; media-src https://static.groklearning-cdn.com https://groklearning-cdn.com; frame-src 'self' https://static.groklearning-cdn.com https://web.comp.gl cybersecurity.comp.gl https://djtflbt20bdde.cloudfront.net staticxx.facebook.com *.sandbox.comp.gl preview.comp.gl *.preview.comp.gl; child-src 'self' https://web.comp.gl cybersecurity.comp.gl https://djtflbt20bdde.cloudfront.net *.facebook.com; form-action 'self' https://www.paypal.com; base-uri docs.helpscout.net; report-uri /csp/report-violation/ 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' data: about: *.google.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.facebook.com *.adroll.com sync.outbrain.com *.doubleclick.net *.googleapis.com zopim.com *.zopim.com wss://*.zopim.com *.google-analytics.com *.gstatic.com crossmetrix.com pippio.com *.leadfamly.com *.googleadservices.com trc.taboola.com dsum-sec.casalemedia.com *.facebook.net *.zdassets.com adtr.io *.adform.net *.zendesk.com x.bidswitch.net *.trustpilot.com *.newrelic.com *.sleeknote.com *.vimeocdn.com *.adservicemedia.dk cdn3.org *.atdmt.com *.yahoo.com *.3lift.com *.pubmatic.com *.linksynergy.com *.magentocommerce.com *.cogocast.net *.msecnd.net *.adtraction.com *.advertising.com pixel.rubiconproject.com *.zopim.io *.nr-data.net *.googletagmanager.com *.pushengage.com *.openx.net idsync.rlcdn.com ib.adnxs.com *.queue-it.net *.raptorsmartadvisor.com *.msecnd.net *.vimeo.com jxp.dk *.jxp.dk *.amazonaws.com *.sport24outlet.dk p.adsymptotic.com *.siliconanalytics.com match.adsrvr.org; report-uri /csp-report/index.php; 1
script-src https://www.myprotein.se https://m.myprotein.se 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.se/cspReport.txt; 1
default-src 'self'; script-src 'self' *.yandex.ru 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelassociates.com:*; frame-ancestors *.calypso.net.au *.travelassociates.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
script-src https://www.lookfantastic.gr https://m.lookfantastic.gr 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.gr/cspReport.txt; 1
default-src 'none'; form-action 'none'; img-src 'self' data:; script-src 'self' https://cdn.segment.com https://sdks.shopifycdn.com https://cdn.optimizely.com https://cdn.ravenjs.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://automaticapp.myshopify.com https://*.optimizely.com https://api.segment.io https://sentry.io https://google-analytics.com; font-src 'self'; media-src 'self'; plugin-types 'none'; report-uri https://automaticlabs.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' https://connect.facebook.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ 'sha256-JZ5wNPhIX3Tz0pAFc0dcQ2DIazdU88R4/6H9g8/uNkI=' 'sha256-F1mrGc+CUxbmjcGEp0U+9INtuESlctOEt1D8zjF4ckM=' 'sha256-9hHy2LkoZqjNH1n+y+Tp0VeNku2IkHRSOw9DW6whLc0=' 'sha256-TqkI7/KNnd3PpAdtyAsIVjXgE1YG+9ynaVuONGw+0P8=' https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.0.0/polyfill.min.js https://script.crazyegg.com/pages/scripts/0079/5046.js https://code.jquery.com/ https://s0.wp.com/ https://stats.wp.com https://secure.gravatar.com/js/gprofiles.js; img-src 'self' https://www.facebook.com/ https://www.google-analytics.com/ https://i1.wp.com/ https://i2.wp.com/ data: https://stats.g.doubleclick.net/ https://pixel.wp.com/; connect-src https://www.facebook.com/tr/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com/releases/v5.1.0/css/all.css https://secure.gravatar.com/dist/css/; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/releases/v5.1.0/ https://wordpress.com/ data:; report-uri https://report-uri.sc-oasys.com/csp/reportOnly/SavilleAssessment?code=iWwURavrXljsclumY3H4iJwUGL99ryjJaJAps92V8aWaLwdTg0b/yg== 1
script-src https://www.hqhair.com https://m.hqhair.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://dyn-beacon.akamaized.net; report-uri https://www.hqhair.com/cspReport.txt; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.paypalobjects.com s7.addthis.com m.addthis.com m.addthisedge.com api-public.addthis.com graph.facebook.com www.linkedin.com cdnjs.cloudflare.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' www.bis-space.com www.minicartjs.com www.google-analytics.com data:; frame-src 'self' s7.addthis.com www.google.com maps.google.co.uk 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.localphone.com *.localphone.co.uk https://*.tawk.to wss://*.tawk.to; img-src * data: ; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://*.tawk.to https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com https://*.tawk.to wss://*.tawk.to; report-uri https://localphone.report-uri.io/r/default/csp/reportOnly 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: blob:; report-uri /report-csp-violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1
script-src https://www.popinabox.ca https://m.popinabox.ca 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.popinabox.ca/cspReport.txt; 1
script-src https://www.popinabox.us https://m.popinabox.us 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.popinabox.us/cspReport.txt; 1
require-sri-for script; require-sri-for style 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'self' https:; script-src 'self' https: 'nonce-d9ef8a52' 'nonce-gtm-d9ef8a52' 'strict-dynamic' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: wss://ebaymag.com/ wss://ebaymag.com:443/; font-src 'self' https: data:; object-src 'none'; base-uri 'none'; img-src 'self' https: data:; report-uri https://ebaymag.com/csp/report 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://rembetiko.gr/logs/ https://rembetiko.gr/sidekiq/ https://rembetiko.gr/mini-profiler-resources/ https://rembetiko.gr/assets/ https://rembetiko.gr/brotli_asset/ https://rembetiko.gr/extra-locales/ https://rembetiko.gr/highlight-js/ https://rembetiko.gr/javascripts/ https://rembetiko.gr/plugins/ https://rembetiko.gr/theme-javascripts/ https://rembetiko.gr/svg-sprite/ https://www.google-analytics.com/analytics.js amp.cloudflare.com cdnjs.cloudflare.com cloudflare.com; worker-src 'self' blob:; report-uri https://rembetiko.gr/csp_reports 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; media-src 'self' blob: data: https: *.idnes.cz; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ocko&d=2019-04-23 1
object-src 'self' https://*.cloudfront.net; style-src-elem https://*.fontawesome.com; style-src https://*.googleapis.com https://*.google.com 'self' 'unsafe-inline' http://*.google.com https://*.cloudfront.net https://unpkg.com https://*.fontawesome.com https://*.cloudflare.com; font-src https://unpkg.com 'self' https://*.fontawesome.com https://*.gstatic.com; script-src https://*.facebook.net https://*.googleapis.com https://*.google.com 'self' 'unsafe-inline' https://*.ausgezeichnet.org https://*.mxpnl.com https://*.driftt.com https://*.hotjar.com https://*.facebook.com wss://*.hotjar.com https://*.google-analytics.com 'unsafe-eval' http://*.google.com https://*.cloudfront.net https://*.newrelic.com https://*.nr-data.net https://unpkg.com https://*.g.doubleclick.net https://*.cloudflare.com https://*.googleadservices.com; default-src 'self' *.ravenjs.com; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e1d179bd309a456abc36313a51dfc009; manifest-src 'self'; frame-src https://*.youtube.com https://*.google.com 'self' https://*.driftt.com https://*.facebook.com wss://*.hotjar.com http://*.google.com https://*.cloudfront.net https://*.g.doubleclick.net https://*.hotjar.com; script-src-elem https://*.facebook.net https://*.g.doubleclick.net https://*.googleadservices.com; connect-src https://*.mixpanel.com https://*.googleapis.com 'self' https://*.hotjar.com https://*.facebook.com wss://*.hotjar.com https://*.g.doubleclick.net https://*.cloudflare.com; child-src 'self'; worker-src 'self'; img-src https://*.gstatic.com https://*.googleapis.com https://*.google.com 'self' https://*.ausgezeichnet.org https://*.facebook.com https://*.google-analytics.com http://*.google.com https://*.cloudfront.net https://*.g.doubleclick.net https://*.webflow.com; media-src 'self' 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com; img-src 'self' https://* * data:; script-src 'self' https://*.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://cdn.jsdelivr.net https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://media2.supermagnete.es https://www.supermagnete.es 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.es https://www.supermagnete.es 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; report-to https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
script-src https://www.zavvi.es https://m.zavvi.es 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://fp.zenaps.com https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net; report-uri https://www.zavvi.es/cspReport.txt; 1
script-src https://www.myprotein.cz https://m.myprotein.cz 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://c.imedia.cz; report-uri https://www.myprotein.cz/cspReport.txt; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://b27bc57f5ac35510ce587d23f4bd7d03.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com tpc.googlesyndication.com; font-src cdnjs.cloudflare.com fonts.gstatic.com tpc.googlesyndication.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' cdnjs.cloudflare.com ajax.cloudflare.com *.googletagservices.com *.googlesyndication.com partner.googleadservices.com *.google-analytics.com js-agent.newrelic.com *.nr-data.net *.doubleclick.net js.gleam.io; frame-src *.doubleclick.net *.googlesyndication.com gleam.io; connect-src 'self' *.google.com csi.gstatic.com tpc.googlesyndication.com securepubads.g.doubleclick.net; report-uri https://8d2b428ee407306b4542daeaa267dcf8.report-uri.io/r/default/csp/reportOnly 1
script-src https://www.myprotein.ie https://m.myprotein.ie 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.ie/cspReport.txt; 1
script-src 'self' https://www.google.fr https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js  https://code.jquery.com http://hello-site.ru https://hello-site.ru https://cdn.datatables.net/ https://cdn.jsdelivr.net/npm/vue  https://unpkg.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.blitz-market.ru/sprite/latest/ 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://mc.yandex.ru/metrika/watch.js https://embed.tawk.to aprtx.com/code/paykassa https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.11.0/highlight.min.js aprtx.com/code/paykassa; font-src 'self' https://use.fontawesome.com/releases/v5.5.0/webfonts/ https://maxcdn.bootstrapcdn.com https://static-v.tawk.to; frame-src 'self'  yandex.net  webvisor.com https://va.tawk.to https://www.google.com https://www.gstatic.com; style-src 'self' https://use.fontawesome.com/releases/v5.5.0/css/all.css https://cdn.jsdelivr.net/npm/vue https://cdn.datatables.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.11.0/styles/default.min.css 'unsafe-inline'; connect-src 'self'  yandex.net  webvisor.com https://code.jquery.com http://hello-site.ru https://hello-site.ru https://cdn.datatables.net https://unpkg.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com wss://*.tawk.to https://mc.yandex.ru https://static-v.tawk.to https://aprtx.com https://va.tawk.to https://*.tawk.to aprtx.com/code/paykassa aprtx.com/push/;  img-src 'self'  https://www.google.fr https://stats.g.doubleclick.net/r/collect https://mc.yandex.ru https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://static-v.tawk.to https://vk.com/rtrg https://www.google-analytics.com; media-src 'self'; object-src 'none'; report-uri https://paykassa.pro/report.php; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.nl&source%5Bsection%5D=brochure&source%5Buuid%5D=83efc71c33720321e3cc460cd52f31aa 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /errorendpoint.html 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com assets.ubembed.com *.js.ubembed.com connect.facebook.net cdn.polyfill.io code.jquery.com s7.addthis.com m.addthisedge.com m.addthis.com use.typekit.net www.google-analytics.com ssl.google-analytics.com cable.disqus.com script.crazyegg.com platform.twitter.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com pcuktelecom.tdsapi.com pci.tdscd.com pcf.tdscd.com beacon-v2.helpscout.net unpkg.com localhost:3000; connect-src 'self' *.events.ubembed.com performance.typekit.net pcuktelecom.tdsapi.com pcf.tdscd.com m.addthis.com cable.us4.list-manage.com admin.cable.co.uk localhost:3000; img-src 'self' data: *.cable.co.uk p.typekit.net www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com syndication.twitter.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com platform.twitter.com pbs.twimg.com m.addthis.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com; style-src 'self' 'unsafe-inline' platform.twitter.com code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk localhost:3000; font-src 'self' fonts.typekit.net use.typekit.net maxcdn.bootstrapcdn.com pcf.tdscd.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' *.pages.ubembed.com platform.twitter.com syndication.twitter.com s7.addthis.com widget.trustpilot.com googleads.g.doubleclick.net data:; child-src 'self' blob:; report-uri https://bilgo.report-uri.io/r/default/csp/reportOnly 1
script-src https://www.sowaswillichauch.de https://m.sowaswillichauch.de 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.sowaswillichauch.de/cspReport.txt; 1
base-uri 'self'; object-src 'self' ; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.cdmhub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://cdmhub.org https://www.dropbox.com https://graph.facebook.com https://translate.googleapis.com; default-src 'self' https://*.cdmhub.org https://*.cdmhub2.aws.hubzero.org; font-src 'self' https://fonts.gstatic.com data: safari-extension: chrome-extension: 'unsafe-inline'; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://*.cdmhub.org https://*.cdmhub2.aws.hubzero.org  https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://*.labs.cdmhub.aws.hubzero.org; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com  https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://apis.google.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://www.google.com; report-uri https://help.hubzero.org/csp-cms.php; report-to cms 1
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_a848013831841cfb88b2197b82a731fd 1
script-src https://www.mankind.co.uk https://m.mankind.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.mankind.co.uk/cspReport.txt; 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.nz:*; frame-ancestors *.calypso.net.au *.flightcentre.co.nz; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
script-src https://www.myprotein.sk https://m.myprotein.sk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.sk/cspReport.txt; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-iETR6ZrckPxfMzM5R7wAYm0ZaY'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.google-analytics.com www.gstatic.com ajax.googleapis.com www.google.com widget.intercom.io www.googleadservices.com googleads.g.doubleclick.net https://js.intercomcdn.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com; font-src 'self' fonts.gstatic.com js.intercomcdn.com; img-src 'self' data: https://ssl.google-analytics.com https://ajax.googleapis.com https://*.intercomcdn.com https://static.intercomassets.com/; frame-src www.youtube.com www.google.com; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercom.io https://uploads.intercomcdn.com/; media-src 'self' https://js.intercomcdn.com/; report-uri /callback/csp-report.php; 1
default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.disqus.com *.disquscdn.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.pinterest.com *.youtube.com disqus.com s.ytimg.com stephband.info https://thirdhour.org; connect-src https:; font-src data: https:; form-action https:; frame-src https:; child-src https:; img-src data: https:; manifest-src https:; media-src https:; object-src https:; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' moiprogrammy.net *.moiprogrammy.net authentication.me *.authentication.me *.jquery.com https://*.jquery.com https://jquery.com *.softobase.com https://*.softobase.com https://softobase.com http://installpack.net https://installpack.net https://adnext.net http://adnext.net *.yandex.ru https://*.yandex.ru https://yandex.ru yandex.ru *.mc.yandex.ru https://*.mc.yandex.ru https://mc.yandex.ru https://cdn.jsdelivr.net https://ymetrica1.com *.disqus.com https://*.disqus.com https://disqus.com disqus.com *.disquscdn.com https://*.disquscdn.com https://disquscdn.com disquscdn.com *.disqus.com https://*.disqus.com https://disqus.com *.disquscdn.com https://*.disquscdn.com https://disquscdn.com *.vk.com https://*.vk.com https://vk.com http://vk.com *.facebook.com *.facebook.net https://*.facebook.com https://facebook.com *.addthis.com https://*.addthis.com https://addthis.com m.addthisedge.com www.odnoklassniki.ru connect.ok.ru widgets.pinterest.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com *.googletagmanager.com *.publisherconsole.appspot.com https://*.publisherconsole.appspot.com https://publisherconsole.appspot.com https://adservice.google.com.ua pagead2.googlesyndication.com googleads.g.doubleclick.net *.google.com https://*.google.com https://google.com https://fonts.gstatic.com *.youtube.com https://*.youtube.com https://youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com ddpnt.advertur.ru;style-src 'self' 'unsafe-inline' 'unsafe-eval' moiprogrammy.net *.moiprogrammy.net https://* *.disquscdn.com *.softobase.com softobase.com *.addthis.com *.softobase.com https://*.softobase.com https://softobase.com *.youtube.com https://*.youtube.com https://youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com *.facebook.com https://*.facebook.com https://facebook.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' moiprogrammy.net *.moiprogrammy.net data: *; media-src 'self' 'unsafe-inline' 'unsafe-eval' moiprogrammy.net *.moiprogrammy.net mediastream: *; report-uri /csp 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.id&source%5Bsection%5D=brochure&source%5Buuid%5D=a1e78f32ae17f9720d84e7dc42e56238 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cuoresportivo.no www.google-analytics.com; style-src 'self' 'unsafe-inline' *.cuoresportivo.no; img-src * data:; font-src 'self'; connect-src 'self' www.google-analytics.com; frame-src 'self' www.google.com www.youtube.com; worker-src www.google.com; manifest-src 'self' 1
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/reportOnly 1
default-src https:; connect-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src https: ws:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
frame-src https://w.soundcloud.com/ https://www.youtube.com/ https://*.facebook.com https://c.sharethis.mgr.consensu.org/ 'self' http://*.sharethis.com;img-src http://www.google-analytics.com/ 'self' https://stats.g.doubleclick.net/ http://www.dana.org/ http://*.sharethis.com;report-uri https://poc.tsrs.cloud/r/f4b90b97277a0306fa31ba9293928556afa17e7c;script-src 'strict-dynamic' http://www.google-analytics.com/ https://*.sharethis.com 'nonce-fe8f2Ce34F60D6ce26A6e82ee48' 'self' http://*.sharethis.com https://cdn.emailjs.com/ 'report-sample' http://client.a.pxi.pub/ https: http://connect.facebook.net/ 'unsafe-eval';base-uri  'none';object-src  'none';style-src http://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' 'self' http://*.sharethis.com;media-src  'none';worker-src  'none';font-src http://fonts.gstatic.com/ 'self' https://maxcdn.bootstrapcdn.com/;connect-src https://l.sharethis.com/ 'self';block-all-mixed-content ;form-action  'self'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' client.siteheart.com; connect-src https: wss:;style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssllogo.twca.com.tw https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://ssllogo.twca.com.tw; img-src 'self' data: https://www.pay2go.com https://payment.pay2go.com https://ssllogo.twca.com.tw https://www.google-analytics.com https://www.google.com https://www.google.com.tw https://stats.g.doubleclick.net; font-src 'self' data:; report-uri https://cwww.pay2go.com/P2g_csp; 1
script-src https://www.probikekit.com https://m.probikekit.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.probikekit.com/cspReport.txt; 1
frame-ancestors https://www.svagw.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src https://www.svagw.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
frame-ancestors https://www.wgkk.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src https://www.wgkk.at http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
block-all-mixed-content 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-fySPLeHQeA5pNHTc3hoAX1xLjBw'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src https:; style-src 'self' 'unsafe-inline' *.liveperson.net *.addressy.com *.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.liveperson.net *.googleapis.com bat.bing.com connect.facebook.com *.freshchat.com *.google-analytics.com schwaab.oro-cloud.com *.doubleclick.net *.bootstrapcdn.com *.googlecommerce.com *.addressy.com; font-src fonts.gstatic.com; report-uri https://www.stampxpress.com/report.aspx 1
report-uri /es/Error/ReportCPS; 1
script-src https://www.myprotein.com.hk https://m.myprotein.com.hk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.com.hk/cspReport.txt; 1
default-src *; img-src *; frame-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; report-uri https://www.tyan.com 1
default-src 'self' 'unsafe-inline' *.arpansa.gov.au *.sunsmart.com.au uv-makeup.azurewebsites.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.doubleclick.net data:;; report-uri /admin/config/system/seckit/csp-report 1
connect-src 'self' wss://kron.no https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com ws://localhost:5000 *.bugsnag.com;font-src 'self' data: https://js.intercomcdn.com;media-src 'self' https://js.intercomcdn.com;img-src 'self' data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com;script-src 'self' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://adtr.io https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://script.crazyegg.com https://sc-static.net;style-src 'self' 'unsafe-inline';object-src 'none';report-uri https://kron.report-uri.com/r/d/csp/reportOnly; 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.rawgit.com https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; style-src-elem 'self'  https://cdn.rawgit.com https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; report-uri https://www.iss.nl/en/report-uri/reportOnly 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-fFyovPhP1lVWZJfqR0MtbeDTY' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://*.ytimg.com *.db-app.de https://www.google.com *.googleapis.com *.google.com integration.hotelmap.com googleads.g.doubleclick.net https://www.hotelmap.com https://hotelmap.com https://www.googleadservices.com *.facebook.net https://walls.io https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com; style-src 'self' data: 'unsafe-inline' fast.fonts.net hotelmap.com https://translate.googleapis.com; img-src 'self' data: reedexpo-service.com *.db-app.de *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com https://*.ytimg.com https://www.google.de https://www.google.com https://www.google.at stats.g.doubleclick.net *.cloudfront.net integration.hotelmap.com hotelmap.com i.travelapi.com https://www.hotelmap.com foto.hrsstatic.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com stats.g.doubleclick.net *.googleapis.com connect.facebook.net https://www.facebook.com; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com https://www.google.com reedexpo-service.com *.google.com https://www.hotelmap.com https://www.googletagmanager.com https://walls.io https://www.facebook.com; frame-ancestors 'self' data:; report-uri https://www.fibo.com/?ajax=csp:log 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-bEz0UvdM6E7mDk3pu3lpfK30'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'none'; script-src-elem www.google.com 'self' 'unsafe-inline' www.gstatic.com www.google-analytics.com cdn.jsdelivr.net ;frame-src 'self' data: mailto: tel: www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-eval' cdn.jsdelivr.net  www.google.com www.gstatic.com www.google-analytics.com; connect-src 'self' saveload.tradingview.com www.tradingview.com https://www.google-analytics.com wss://www.bitexen.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; img-src 'self' data: www.google-analytics.com; manifest-src 'self'; style-src-attr 'unsafe-inline'; report-uri https://www.bitexen.com/report-uri 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://apis.google.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com https://google-analytics.com https://t.womtp.com https://api.ipify.org https://maps.googleapis.com https://www.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com https://stats.g.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ad.doubleclick.net https://ads.profilemkt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com; img-src 'self' data: *.azureedge.net https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://cdnpcomercialsolvia.azureedge.net https://www.google.com https://www.google.es https://sb.scorecardresearch.com *.g.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://in.hotjar.com *.cdnwebcloud.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; report-uri https://69b2b976c6287d70a018dda40c4a3fca.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' https://*.typekit.net https://www.google.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com; img-src 'self' data: 'unsafe-inline' https://www.google-analytics.com https://*.typekit.net; font-src 'self' https://*.typekit.net https://themes.googleusercontent.com; report-uri https://systemseed.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'self'; img-src 'self' https: data:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; font-src https://use.typekit.net https://fonts.googleapis.com 'self' data:; report-uri https://sentry.io/api/1430084/security/?sentry_key=8f00b7eacf024d9b99dce905f595b67f&sentry_release=v1.0 1
script-src https://www.myvegan.com https://m.myvegan.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.myvegan.com/cspReport.txt; 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: ; report-uri https://csp.scran.ac.uk/scran-live; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: blob: data:;img-src * data:;report-uri https://5b6713e499c037b3b2e71a1ac390107c.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; manifest-src 'self' cdn.mazout-on-line.be; connect-src 'self' ws: *.amazonaws.com *.hotjar.com *.watcheezy.net *.watcheebox.net; frame-src 'self' *.umbraco.org www.ekomi.fr www.ekomi.nl vars.hotjar.com *.google.com *.facebook.com; style-src 'self' 'unsafe-inline' *.watcheezy.net cdn.mazout-on-line.be fonts.googleapis.com; img-src 'self' data: *.watcheezy.net *.facebook.com cdn.mazout-on-line.be *.gstatic.com *.googleapis.com *.google-analytics.com *.xiti.com *.doubleclick.net *.google.com *.google.be *.global.ssl.fastly.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' backoffice.targetfirst.com s3-eu-west-1.amazonaws.com connect.facebook.net cdn.mazout-on-line.be d3js.org *.googleapis.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.watcheezy.net *.watcheebox.net *.google.com *.gstatic.com *.googletagmanager.com googleads.g.doubleclick.net; font-src 'self' cdn.mazout-on-line.be fonts.gstatic.com; report-uri https://totalmol.report-uri.com/r/d/csp/reportOnly 1
script-src https://www.myprotein.be https://m.myprotein.be 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.be/cspReport.txt; 1
default-src 'self'; font-src https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com; report-uri https://jenoptik.report-uri.io/r/default/csp/reportOnly 1
policy-uri /admin/config/system/seckit/csp-policy 1
Content-Security-Policy-Report-Only: default-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ https://ajax.aspnetcdn.com/ https://ajax.aspnetcdn.com/ https://ajax.aspnetcdn.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://www.gstatic.com/ https://www.google-analytics.com/ https://api.flickr.com/; style-src 'self' data: 'unsafe-inline' https://services.postcodeanywhere.co.uk https://fonts.googleapis.com/; img-src * ; upgrade-insecure-requests; report-uri https://3chillies.report-uri.io/r/default/csp/reportonly; 1
default-src 'self' https://*.yandex.ru; script-src 'self' https://*.google-analytics.com https://*.top100.ru https://*.yandex.ru 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googleapis.com https://*.yadro.ru https://openstat.net; img-src 'self' https://i0.wp.com https://*.rambler.ru https://*.g.doubleclick.net https://*.yandex.ru https://*.google-analytics.com https://front.facetz.net https://*.googleapis.com https://*.gravatar.com https://*.yadro.ru https://openstat.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; child-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss: 1
default-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; connect-src 'self' https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com; font-src 'self' https://production-trackbill.netdna-ssl.com https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; object-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
default-src https:; font-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; image-src 'self' https://moonchart.co.uk; frame-ancestors 'none'; default-src 'self' https://moonchart.co.uk; report-uri https://www.llun.net/report 1
upgrade-insecure-requests; default-src data: blog: 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com secure.livechatinc.com s3.amazonaws.com bat.bing.com connect.facebook.net *.doubleclick.net *.addthis.com *.addthisedge.com *.googleapis.com *.google.com *.hotjar.com *.districtm.ca *.newrelic.com *.nr-data.net; font-src 'self' maxcdn.bootstrapcdn.com cdn.livechatinc.com fonts.gstatic.com themes.googleusercontent.com; img-src 'self' 'data' www.google-analytics.com www.facebook.com www.google.com www.google.ca *.livechatinc.com *.doubleclick.net bat.bing.com www.paypalobjects.com maps.gstatic.com maps.googleapis.com *.districtm.ca *.adnxs.com; frame-src 'self' bid.g.doubleclick.net *.livechatinc.com *.addthis.com *.youtube.com *.google.com *.hotjar.com connect.facebook.net *.newrelic.com; connect-src 'self' *.addthis.com *.hotjar.com www.google-analytics.com; report-uri /csp-test.php 1
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /WS.asmx/CSP 1
default-src https: wss:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.turne.com.ua/api/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adform.net *.au.dk *.aucdn.dk *.cloudflare.com *.cloudfront.net *.crazyegg.com *.createsend1.com *.facebook.com *.facebook.net *.findvej.dk *.gefionau.dk *.google-analytics.com *.google.com *.google.dk *.googleapis.com *.googletagmanager.com *.gstatic.com *.instagram.com *.inviewmap.com *.livescribe.com *.mathjax.org *.pingdom.net *.siteimprove.com *.slideshare.net *.stakbogladen.dk *.statsbiblioteket.dk *.storify.com *.twimg.com *.twitter.com *.vimeo.com *.yahooapis.com *.youtu.be *.youtube.com 130.225.20.241 130.226.173.136 77.66.112.46 shoutbox.widget.me siteimproveanalytics.com *.cludo.com www2.dmu.dk unpkg.com *.usabilla.com *.doubleclick.net; img-src 'self' data: *; report-uri /csp-rapport/csp-rapport.php?i=i47v2 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com api.wunderground.com *.google-analytics.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' www.afva.net www.gstatic.com fonts.googleapis.com; img-src 'self' data: *.google-analytics.com api.weather.com *.gstatic.com *.googleapis.com maps.google.com; child-src www.facebook.com; font-src 'self' fonts.gstatic.com; report-uri https://gvagroup.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.questionpoint.org; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src *.questionpoint.org; upgrade-insecure-requests 1
frame-ancestors *.nyrabets.com *.nyra.com *.cfdv.net http://*.cfdv.net *.cloudflare.com 'self'; report-uri https://www.nyrabets.com/CSP/LogCSPViolation-ReportOnly.ashx 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://pcls.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.youtube.com *.siteimprove.com *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com https://www.youtube.com *.siteimprove.com *.ytimg.com *.hubbardone.com;object-src 'self'; img-src 'self' *.google-analytics.com https://www.googletagmanager.com *.siteimprove.com;font-src 'self' *.gstatic.com; connect-src 'self';frame-ancestors 'self' *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 1
script-src https://www.lookfantastic.fr https://m.lookfantastic.fr 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.fr/cspReport.txt; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
block-all-mixed-content; report-uri https://sentry.io/api/240559/csp-report/?sentry_key=88a08f84524d43a48004246638cd9c7f; img-src https: data:; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'self'; style-src 'self' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' https://seal.godaddy.com https://*.hubspot.com https://www.google-analytics.com https://www.google.ca https://stats.g.doubleclick.net https://www.google.com https://www.facebook.com ; connect-src https://*.comm100.com https://api.ipify.org https://*.hubspot.com ; script-src  'self'  https://api.ipify.org https://*.hs-analystics.net  https://*.hs-leadflows.net  https://*.hs-scripts.net  https://*.hscta.net https://*.hubspot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*googleapis.com https://*.gstatic.com https://*doubleclick.net https://*linkedin.com https://*.licdn.com https://*.facebook.net https://*.comm100.com https://seal.godaddy.com; frame-src https://*.youtube-nocookie.com https://*youtube.com https://www.googletagmanager.com 1
default-src 'self' 'unsafe-inline' dyrbj6mjld-flywheel.netdna-ssl.com fonts.googleapis.com googleapis.com *.doubleclick.net *.mktoresp.com hotjar.com *.googletagmanager.com *.linkedin.com *.facebook.com *.facebook.net twitter.com instagram.com *.youtube.com *.bizible.com snapapp.com vimeo.com lightwidget.com fonts.gstatic.com *.hotjar.com *.hotjar.io *.doubleclick.net *.adroll.com *.licdn.com *.airpr.com *.marketo.net *.google-analytics.com *.google.com *.casalemedia.com *.rubiconproject.com *.3lift.com *.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.advertising.com *.outbrain.com *.pubmatic.com *.taboola.com; 1
style-src https://*.btrll.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2l8nji9ebsran&partner=; 1
script-src 'self' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1
default-src 'self'; report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.marketo.net *.googletagmanager.com *.zopim.com *.mktoresp.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self'; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com *.zopim.com data: wss:; connect-src 'self' *.mktoresp.com *.zopim.com wss:; report-uri /report-csp-violation 1
default-src 'self' ; script-src 'self' 'sha256-PHTCIN26skYLpNZ3yqQlZSL7S2qNynjATxDNMjM1Ftg=' 'sha256-j+nbTKvUprTVl4N7wQcwvSCB8SeehIXaZJfMJ7/O1O8=' 'unsafe-eval' www.google-analytics.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; font-src 'self' data: fonts.gstatic.com ; img-src 'self' data: www.google-analytics.com ; report-uri https://69952ade1a0590c68d876b650b061433.report-uri.com/r/d/csp/enforce ; 1
default-src 'self' wss: ; frame-ancestors 'self' wss: ;    connect-src 'self' stats.g.doubleclick.net geo.query.yahoo.com *.addthisedge.com *.addthis.com *.tctm.co graylog.hotjar.com insights.hotjar.com *.typekit.net www.google-analytics.com;     frame-src 'self' staticxx.facebook.com www.facebook.com connect.facebook.net s7.addthis.com vars.hotjar.com connect.facebook.com *.youtube.com;media-src 'self';    object-src 'self' embedr.flickr.com lemontroyal.qc.ca ; report-to https://bb8.agencehpj.com/csp; report-uri https://bb8.agencehpj.com/csp;    script-src 'self' 'unsafe-eval' 'unsafe-inline' cse.google.com *.flickr.com cdn.ravenjs.com *.typekit.net *.addthisedge.com www.linkedin.com *.membogo.com *.addthis.com *.youtube.com graph.facebook.com s.ytimg.com tagmanager.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com  cdn.jsdelivr.net js-agent.newrelic.com unpkg.com code.jquery.com ssl.google-analytics.com bat.bing.com *.tctm.co pi.pardot.com static.hotjar.com bam.nr-data.net www.google.com connect.facebook.net script.hotjar.com maps.googleapis.com *.hpjcc.com ;    font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.typekit.net ;    img-src 'self' data: https: www.google-analytics.com;    style-src 'self' 'unsafe-inline' https: data: fonts.googleapis.com; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-Uqi94H0AZXDfLoIa9e3X0RnsZPY'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://sapareps.org/logs/ https://sapareps.org/sidekiq/ https://sapareps.org/mini-profiler-resources/ https://sapareps.org/assets/ https://sapareps.org/brotli_asset/ https://sapareps.org/extra-locales/ https://sapareps.org/highlight-js/ https://sapareps.org/javascripts/ https://sapareps.org/plugins/ https://sapareps.org/theme-javascripts/ https://sapareps.org/svg-sprite/; worker-src 'self' blob:; report-uri https://sapareps.org/csp_reports 1
default-src https: 'unsafe-eval' 'unsafe-inline';         font-src https: data:;         img-src https: data:;         report-uri https://gaa.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=mobilcz 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://qgqdrzuefekogxtp0vsacl3x.httpschecker.net/report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://www.yourguide.biz/csp.php 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.studentflights.com.au:*; frame-ancestors *.calypso.net.au *.studentflights.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
report-uri /csp-violations.php 1
script-src https://www.lookfantastic.com.tw https://m.lookfantastic.com.tw 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.com.tw/cspReport.txt; 1
default-src 'self' https://*.google-analytics.com https://*.w.org https://*.youtube.com 'unsafe-inline' https://*.googleapis.com https://www.googletagmanager.com https://d3vyv7r1om3d5m.cloudfront.net https://www.facebook.com/ https://*.twitter.com/ https://*.twimg.com/ https://*.gstatic.com/; media-src 'self' https://d3vyv7r1om3d5m.cloudfront.net; report-uri https://webdigi.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';               script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com http://cdn.livechatinc.com https://secure.livechatinc.com/ https://www.googletagmanager.com https://policy.cookieinformation.com https://assets.juicer.io https://connect.facebook.net https://pixel.mathtag.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://www.google-analytics.com;                style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://impreza.us-themes.com https://assets.juicer.io;               img-src 'self' data: https://secure.livechatinc.com/ https://dashboard.umbraco.org https://assets.juicer.io https://graph.facebook.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://match.adsrvr.org https://pixel.mathtag.com https://www.facebook.com https://www.google-analytics.com https://track.hubspot.com;               connect-src 'self' https://recruiter-api.hr-manager.net https://assets.juicer.io http://www.juicer.io https://api.hubapi.com;               object-src 'self';               media-src 'self';               frame-src 'self';               font-src 'self' https://assets.juicer.io; 1
default-src 'self' https://experiences.assets.brightcove.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://tagmanager.google.com https://use.typekit.net https://performance.typekit.net https://www.googleadservices.com https://sjs.bizographics.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://platform.twitter.com https://static.ads-twitter.com https://connect.facebook.net https://bat.bing.com https://static.hotjar.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://www.linkedin.com https://media.mercantila.dk https://bs.serving-sys.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https://p.typekit.net https://www.google-analytics.com http://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://www.google.no https://www.google.fi https://www.google.se https://www.google.dk https://www.google.nl https://t.co https://www.facebook.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com;frame-src 'self' blob: https://id.skagenfondene.no https://players.brightcove.net https://vds.issgovernance.com https://vars.hotjar.com https://investor.skagenfondene.no https://investor.skagenfonder.se https://investor.skagenfondene.dk https://investor.skagenfunds.com https://www.facebook.com https://6036336.fls.doubleclick.net;font-src 'self' data: https://cdnjs.cloudflare.com https://use.typekit.net https://fonts.gstatic.com;connect-src 'self' https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://experiences.assets.brightcove.com https://www.facebook.com https://www.linkedin.com https://secure-ds.serving-sys.com https://players.brightcove.net https://edge.api.brightcove.com https://metrics.brightcove.com;frame-ancestors 'self' https://investor.skagenfondene.no https://investor.skagenfonder.se https://investor.skagenfondene.dk https://investor.skagenfunds.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: dolgojit.net *.yandex.ru https://yandex.ru *.docdoc.ru docdoc.ru https://docdoc.ru https://cdn.docdoc.ru https://w.docdoc.ru https://adservice.google.md http://docdoc.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yandex.st *.yandex.st https://yandex.st https://*.yandex.st https://*.yandex.ua yastatic.net https://yastatic.net yandexadexchange.net *.yandexadexchange.net *.google.com https://*.google.ru https://*.google.com https://*.google.com.ua https://*.google.kz https://*.google.az *.liveinternet.ru *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googlezip.net *.yadro.ru https://*.yadro.ru *.youtube.com https://*.youtube.com http://*.mail.ru http://img.imgsmail.ru http://*.cloudflare.com http://r.mradx.net http://*.adriver.ru http://*.adfox.ru *.facebook.net vk.com *.vk.com https://vk.com http://*.buzzoola.com https://*.buzzoola.com http://*.weborama.fr http://*.facetz.net http://*.exe.bid http://*.tns-counter.ru mc.yandex.by google-analytics.com *.facebook.com *.google.fr mc.yandex.kz *.googletagservices.com https://adservice.google.kg/ https://adservice.google.com.lb; report-uri https://dolgojit.net/csp-manager/tracker.php 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.co&source%5Bsection%5D=brochure&source%5Buuid%5D=1a72899abd25ca1d247e2376e86947db 1
style-src 'unsafe-inline' https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://radar.cedexis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; default-src https://*.flickr.com https://*.staticflickr.com; img-src data: blob: https://*.flickr.com https://*.staticflickr.com https://ec.yimg.com https://s.yimg.com https://de.adserver.yahoo.com https://sb.scorecardresearch.com https://image.maps.api.here.com http://*.static-alpha.flickr.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://hexagon-analytics.com https://*.flickrpro.com https://*.everesttech.net; media-src https://*.flickr.com https://*.staticflickr.com https://s.yimg.com https://*.http.atlas.cdn.yimg.com http://*.static-alpha.flickr.com https://*.flickrpro.com; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-9a439869658f2621326b2b1cf56349dc' 'strict-dynamic' https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://de.adserver.yahoo.com https://radar.cedexis.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://api.digitalriver.com https://cdn.siftscience.com https://*.flickrpro.com; connect-src https://*.flickr.com https://s.yimg.com https://cdn.yahooapis.com https://yui-s.yahooapis.com https://api.flickr.com https://*.braintreegateway.com https://*.sandbox.paypal.com https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.adobedtm.com https://*.2o7.net https://cdn.siftscience.com https://store.digitalriver.com https://*.flickrpro.com https://*.demdex.net; frame-src https://*.flickr.com https://s.yimg.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net; child-src https://*.flickr.com https://s.yimg.com https://de.adserver.yahoo.com https://*.braintreegateway.com https://*.sandbox.braintreegateway.com https://assets.braintreegateway.com/ https://*.paypal.com https://*.paypalobjects.com https://assets.adobedtm.com https://*.2o7.net; font-src https://s.yimg.com https://*.flickr.com data:; worker-src blob:; report-uri https://www.flickr.com/csp_report.gne?src=adsecflickrreport; 1
script-src https://www.myprotein.com.br https://m.myprotein.com.br 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.com.br/cspReport.txt; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-scDahb6XK5Hm9UMNjSGsspDFSiQ'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
style-src https://*.btrll.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=BR&lang=pt-BR&device=desktop&yrid=15i70kpebtgb4&partner=; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.lord.com *.solosegment.com *.linkedin.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.ytimg.com https://*.addthis.com https://m.addthisedge.com https://*.livechatinc.com https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://lord.actonservice.com https://*.facebook.com https://www.youtube.com https://assets.adobedtm.com https://code.visitor-track.com https://sync.multiview.com https://www.rumiview.com https://ml314.com https://gateway.zscalertwo.net https://js-agent.newrelic.com https://bam.nr-data.net https://*.kaspersky-labs.com https://sjs.bizographics.com; object-src 'self'; style-src *.google.com 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.kaspersky-labs.com *.lord.com  https://*.solosegment.com https://translate.googleapis.com; img-src *.google.com https://www.gstatic.com https://www.googletagmanager.com https://csi.gstatic.com/ https://dev-lord.webcap.biz https://*.ytimg.com https://www.lord.com  https://www.google-analytics.com https://stats.g.doubleclick.net/ https://marketing.lord.com https://web.archive.org https://secure.livechatinc.com https://s7.addthis.com/  https://code.visitor-track.com https://www.rumiview.com/ https://sync.multiview.com/ https://static.licdn.com/ data: 'self' https://lordimb.files.wordpress.com https://gateway.zscalertwo.net https://m.addthis.com https://pa.solosegment.com https://www.linkedin.com https://*.solosegment.com https://www.lord.com/sites/all/themes/lordcorp/static/dist//img/grey.svg https://rrc.rlcdn.com https://www.microstrain.com https://lordelectronicmaterials.files.wordpress.com https://*.yandex.net https://captcha.gecirtnotification.com https://cdn.livechatinc.com https://dc.ads.linkedin.com; media-src 'self' https://cdn.livechatinc.com; frame-src https://www.youtube.com/ https://accounts.google.com/ https://marketing.lord.com/ https://apis.google.com/ https://secure.livechatinc.com https://sensorcloud.microstrain.com/ https://s7.addthis.com/ https://www.lord.com 'self' https://edge.addthis.com https://notify.bluecoat.com https://gateway.zscalertwo.net; font-src https://cdn.joinhoney.com https://api.couponmate.com https://themes.googleusercontent.com https://secure.livechatinc.com https://cdn.livechatinc.com https://fonts.gstatic.com/ 'self' data:; connect-src 'self' https://m.addthis.com/ https://s7.addthis.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://pa.solosegment.com https://www.linkedin.com https://*.solosegment.com https://marketing.lord.com; report-uri /report-csp-violation 1
default-src                  'self'                  data:                  blob:                  localhost:*                  ws://localhost:*                  https://bam.nr-data.net                 https://play.google.com                  https://*.googleapis.com                 https://*.facebook.net                  https://*.facebook.com                  http://*.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com                  https://*.gstatic.com                  https://mc.yandex.ru                  https://www.google.ru                 https://www.google.by                 https://www.google.kz                 https://www.google.nl                 https://www.google.fr                 https://www.google.es                 https://www.google.com.my                 https://www.google.com                 https://www.google-analytics.com                  https://stats.g.doubleclick.net                  https://www.youtube.com/                 https://use.fontawesome.com                 https://cdnjs.cloudflare.com                 https://educationerp.blob.core.windows.net                 https://cdn.jsdelivr.net                 https://i.ytimg.com                 https://vk.com                 https://pp.userapi.com                 https://travel.fsjunior.com                 https://my.swim-kids.com                 https://my.fsjunior.com                 https://my.schoolballet.com                 https://my.ei-kids.com                 https://education-erp.com                 android-webview-video-poster                 blob;                             script-src                  'unsafe-inline'                  'unsafe-eval'                  'self'                  localhost:*                  https://js-agent.newrelic.com                  https://bam.nr-data.net                 https://*.googleapis.com                  *.facebook.net                  *.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com        https://vk.com/js/api/openapi.js          https://*.gstatic.com                  https://mc.yandex.ru                  https://www.google-analytics.com                  https://www.google.com/                  https://code.jquery.com                 https://cdn.jsdelivr.net                 https://cdnjs.cloudflare.com                 https://travel.fsjunior.com                 https://education-erp.com;             style-src                  'unsafe-inline'                  'self'                  https://bam.nr-data.net                 https://*.googleapis.com                  https://*.gstatic.com                  *.facebook.net                  *.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com                  https://mc.yandex.ru                  https://www.google-analytics.com                 https://use.fontawesome.com                 https://cdnjs.cloudflare.com                 https://cdn.jsdelivr.net                 https://education-erp.com;             report-uri                  https://education-erp.com/Administrator/ReportCsp 1
default-src 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.addthis.com *.addthisedge.com *.brightcove.net *.brightcove.com *.demdex.net *.doubleclick.net *.idio.co *.facebook.net www.facebook.com/ *.google.com *.googletagmanager.com *.googlesyndication.com *.linkedin.com *.licdn.com *.morningstar.com ofi-digitalmedia-accentassets-prod-ue1.s3.amazonaws.com *.optimizely.com *.pulseinsights.com *.tealiumiq.com *.twitter.com *.ads-twitter.com *.zencdn.net *.d22xmn10vbouk4.cloudfront.net *.analyze.ly blob: data:; base-uri 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com; font-src 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.gstatic.com data:; img-src 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.akamaihd.net *.brightcove.com *.brightcove.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.idio.co t.co *.tealiumiq.com *.d22xmn10vbouk4.cloudfront.net *.analyze.ly data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.addthis.com *.addthisedge.com *.adobedtm.com *.brightcove.net *.brightcove.com *.doubleclick.net *.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com *.idio.co *.licdn.com *.linkedin.com *.optimizely.com *.pulseinsights.com *.tiqcdn.com *.twitter.com *.ads-twitter.com *.zencdn.net *.d22xmn10vbouk4.cloudfront.net *.analyze.ly blob: data:; style-src 'unsafe-inline' 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.googleapis.com; report-uri https://5ff27446038fbaae5d149ddf2f968b84.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; report-uri /ar/report-csp-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-3FdILvSFiefa7T4q441rd6SS8'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self'; media-src 'self' blob:; connect-src 'self' gw.oribi.io api.addressy.com stats.g.doubleclick.net www.google-analytics.com performance.typekit.net dc.services.visualstudio.com in.hotjar.com pmvideo.streaming.mediaservices.windows.net widget.trustpilot.com *.contentful.com *.neverbounce.com; font-src 'self' *.neverbounce.com amp.azure.net fonts.gstatic.com use.typekit.net static.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com www.google.com amp.azure.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.oribi.io az416426.vo.msecnd.net use.typekit.net connect.facebook.net *.neverbounce.com script.hotjar.com www.googletagmanager.com www.google-analytics.com www.google.com widget.trustpilot.com amp.azure.net static.hotjar.com; img-src 'self' data: images.ctfassets.net gravatar.com 8223477.fls.doubleclick.net d15k2d11r6t6rl.cloudfront.net pmstorelive.blob.core.windows.net pmstoreuat.blob.core.windows.net p.typekit.net www.google.com www.googletagmanager.com stats.g.doubleclick.net www.google-analytics.com www.google.co.uk amp.azure.net www.facebook.com http://127.0.0.1:10000 static.hotjar.com; frame-src widget.trustpilot.com vars.hotjar.com www.facebook.com; worker-src 'self' blob: amp.azure.net; report-uri https://propertymaster.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self';script-src 'self' 'nonce-QNzrLaUyVs/FvlPN9l9B' *.jquery.com *.google.com *.youtube.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cloudflare.com unpkg.com *.sharethis.com *.ytimg.com;style-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net via.placeholder.com *.sharethis.com data: waspshubmedia.blob.core.windows.net;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com;font-src 'self' *.gstatic.com data:;connect-src 'self' query.yahooapis.com *.sharethis.mgr.consensu.org *.pingdom.net *.sharethis.com 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=cc1d818c743282dd3441b3bbc7f833f7 1
default-src https://www.google-analytics.com 'self' https://*.akamaihd.net https://*.wistia.com; media-src https: http: ; script-src https://*.wistia.com https://*.wistia.net https://*.cloudflare.com https://*.twimg.com/ https://*.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com; connect-src https://*.akamaihd.net https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.google-analytics.com https://*.doubleclick.net 'self' wss://bitcoingold.org wss://explorer.bitcoingold.org; img-src 'self' https: http: data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.twitter.com https://*.twimg.com; font-src data: https://*.twitter.com 'self' https://themes.googleusercontent.comi https://*.gstatic.com https://*.googleapis.com https://*.w.org; frame-src https://*.wistia.com https://*.wistia.net https://*.twitter.com https://*.doubleclick.net 'self' https://*.facebook.com; object-src 'self' https://*.bitcoingold.org; report-uri https://bitcoingold.org/csp-report/ 1
report-uri http://howtocheckversion.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=e7f69906f9 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://connect.facebook.net https://chat.mcl.de https://ssl.livezilla.net/ https://d10lpsik1i8c69.cloudfront.net; style-src 'self' 'unsafe-inline' https://chat.mcl.de https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net; img-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://media.mcl.stage.s2com.cloud https://media.mcl.test.s2com.cloud https://media.mcl.dev.s2com.cloud https://media.mcl-content.de https://www.facebook.com https://www.google.com https://www.google.de https://chat.mcl.de https://d10lpsik1i8c69.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://pubsub.googleapis.com wss://in.visitors.live wss://visitors.live https://settings.luckyorange.net; font-src 'self' https://fonts.gstatic.com; object-src 'self'; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://www.facebook.com; form-action 'self' https://www.facebook.com; report-uri /csp/report.php; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=log&sessionId=80d411b1d96239ce17f08d712e9ba164100983ba 1
default-src *; style-src *  data: 'unsafe-inline'; img-src *  data:; font-src *  data:; connect-src *; media-src * ; frame-src *;  script-src * data: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dwolla.com dtlilztwypawv.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleads.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.adroll.com *.adnxs.com *.googleadservices.com *.yahoo.com *.bidswitch.net *.twitter.com *.rlcdn.com *.connexity.net static.chartbeat.com *.akamai.net *.optimizely.com *.cdngc.net *.iovation.com pi.pardot.com px.ads.linkedin.com snap.licdn.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com js-agent.newrelic.com bam.nr-data.net s0.wp.com s1.wp.com stats.wp.com widget.intercom.io a.quora.com cdnjs.cloudflare.com js.intercomcdn.com siftscience.com www.linkedin.com data:; style-src 'self' 'unsafe-inline' cdn.dwolla.com fonts.googleapis.com safari-extension://* chrome-extension://*; img-src * data:; font-src * data:; frame-src 'self' *.dwolla.com *.facebook.com *.googletagmanager.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com *.chartbeat.com platform.twitter.com; connect-src 'self' *.optimizely.com *.intercom.io status.g.doubleclick.net api.ipify.org; object-src 'self' *.cdngc.net *.iovation.com cdn.dwolla.com; report-uri /Home/CSPReport 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-qZC3u4xcaaJKkKuj8qaZi2RGgs'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com https://s.ytimg.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1
default-src 'none';child-src https://youtube.com;img-src 'self' data:;script-src 'unsafe-inline' 'self' https://use.fontawesome.com https://platform.twitter.com;style-src 'unsafe-inline' 'self' https://platform.twitter.com;font-src data:;frame-src https://platform.twitter.com https://syndication.twitter.com;object-src 'none'; 1
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self'; object-src 'self'; base-uri 'none'; report-uri https://logs.templarbit.com/csp/3f26e488-101a-4e33-9232-672bddef16c0/reports; 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-f9bae4b8-ba2f-479f-b4f2-3bfe6cc61eab' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-GAoEuUNoKgnraCLNsfriNj8ucCU' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-e22dbd53-ef85-40c6-a645-b61746904ecb' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://openmikes.report-uri.com/r/d/csp/reportOnly 1
default-src * data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-qkhVOhC9dFyPgvhqE48q2hvZg'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-y7Q1JcSG8y6FnEm3kUO1UwRIJRM'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.firebaseio.com ajax.googleapis.com *.thevillages.com www.googletagmanager.com api.usersnap.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' *.thevillages.com; media-src 'self'; frame-src 'self' *.firebaseio.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.firebaseio.com *.thevillages.com; 1
default-src 'self' https://*.idc.com https://*.insideidc.com; script-src about: 'unsafe-inline' 'unsafe-eval' 'self' https://*.idc.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://*.ytimg.com https://*.insideidc.com https://d1f8f9xcsvx3ha.cloudfront.net https://platform.twitter.com https://cdn.syndication.twimg.com https://*.hotjar.com https://*.addevent.com https://addthisevent.com https://*.wootric.com https://munchkin.marketo.net; img-src data: blob: https: https://*.google-analytics.com https://stats.g.doubleclick.net; style-src 'unsafe-inline' 'self' https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net https://platform.twitter.com; frame-src https: 'self' https://*.idc.com https://*.insideidc.com https://*.youtube.com https://*.idc-cema.com https://*.googleapis.com https://*.gstatic.com https://*.brainshark.com https://*.vimeo.com https://*.qq.com https://*.knowledgevision.com; font-src https: 'self' data: https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net; connect-src 'self' https://*.idc.com https://*.insideidc.com https://*.onfastspring.com https://*.hotjar.com wss://*.hotjar.com https://*.google-analytics.com https://stats.g.doubleclick.net https://wootric-eligibility.herokuapp.com https://081-atc-910.mktoresp.com; report-uri https://idcqa.report-uri.com/r/default/csp/reportOnly; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net *.jquery.com https://*.jquery.com https://jquery.com *.addthis.com https://*.addthis.com https://addthis.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com *.publisherconsole.appspot.com https://*.publisherconsole.appspot.com https://publisherconsole.appspot.com *.mc.yandex.ru https://*.mc.yandex.ru https://mc.yandex.ru *.softobase.com https://*.softobase.com https://softobase.com *.google.com https://*.google.com https://google.com *.youtube.com https://*.youtube.com https://youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com *.gstatic.com https://*.gstatic.com https://gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net https://* *.disquscdn.com *.softobase.com softobase.com fonts.googleapis.com *.addthis.com *.softobase.com https://*.softobase.com https://softobase.com *.youtube.com https://*.youtube.com https://youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com *.gstatic.com https://*.gstatic.com https://gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net data: * img.youtube.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net mediastream: *; report-uri /csp 1
script-src https://www.myprotein.bg https://m.myprotein.bg 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.bg/cspReport.txt; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; report-uri https://www.czarymary.pl/kh/csp_report.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ymadam.net *.yandex.ru https://yandex.ru https://docdoc.ru https://cdn.docdoc.ru https://w.docdoc.ru https://adservice.google.md http://docdoc.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yandex.st *.yandex.st https://yandex.st https://*.yandex.st https://*.yandex.ua yastatic.net https://yastatic.net yandexadexchange.net *.yandexadexchange.net *.google.com https://*.google.ru https://*.google.com https://*.google.com.ua https://*.google.kz https://*.google.az *.liveinternet.ru *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.googlesyndication.com googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googlezip.net *.yadro.ru https://*.yadro.ru *.youtube.com https://*.youtube.com http://*.mail.ru http://img.imgsmail.ru http://*.cloudflare.com http://r.mradx.net http://*.adriver.ru http://*.adfox.ru *.facebook.net vk.com *.vk.com https://vk.com http://*.buzzoola.com https://*.buzzoola.com http://*.weborama.fr http://*.facetz.net http://*.exe.bid http://*.tns-counter.ru mc.yandex.kz *.luxupcdnc.com mc.yandex.by *.yandex.net googletagservices.com *.yahoo.com goo.gl google-analytics.com; report-uri https://ymadam.net/csp-manager/tracker.php 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; frame-src https: 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.google.com *.maps.google.com maps.googleapis.com https://fonts.googleapis.com https://googleadservices.com https://maps.gstatic.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.hotjar.com *.twitter.com *.youtube.com https://c.imedia.cz img-src data: object-src 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
report-uri //report-csp-violation 1
script-src https://www.thehut.de https://m.thehut.de 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.thehut.de/cspReport.txt; 1
connect-src 'self' hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com; default-src 'self' *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net; frame-src 'self' www.youtube.com *.flashtalking.com *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net; object-src 'none'; style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net;  script-src 'self'  'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com s.ytimg.com ds-aksb-a.akamaihd.net d10lpsik1i8c69.cloudfront.net maps.googleapis.com fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net  *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com cx.atdmt.com maps.googleapis.com lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; report-uri https://hbfcomau.report-uri.com/r/d/csp/reportOnly 1
default-src https:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';img-src https: data: blob:;font-src https: data:;connect-src 'self' https: blob:;report-uri /csp-report 1
script-src https://www.myprotein.dk https://m.myprotein.dk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.dk/cspReport.txt; 1
script-src 'self' 'unsafe-inline' http://www.gstatic.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.intercomcdn.com https://www.googletagmanager.com https://*.mxpnl.com https://*.intercom.io https://*.polyfill.io https://*.stripe.com 'nonce-YejkXyB5IhUQGPoKRtK9p'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self'; report-uri /api/__cspreport__ 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' syndication.twitter.com; script-src js.tyrol.tl 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.tyrol.tl css.tyrol.tl www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.tyrol.tl js.tyrol.tl; font-src css.tyrol.tl; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php 1
script-src *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net c.imedia.cz *.hotjar.com tagmanager.google.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' tagmanager.google.com cdnjs.cloudflare.com fonts.googleapis.com; report-uri /csp 1
default-src 'self'; report-uri https://codeo.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=labuznik 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=metroh&d=2019-04-23 1
default-src 'self' https:; connect-src 'self' https: *.pusher.com *.addthis.com ws://*.pusher.com *.olark.com; font-src 'self' https: data: *.olark.com; frame-src 'self' https: *.addthis.com *.olark.com; img-src 'self' https: data: *.olark.com *.google-analytics.com stats.sa-as.com *.bing.com; object-src 'none'; script-src 'self' https: *.google.com *.pusher.com 'unsafe-eval' *.addthisedge.com *.addthis.com *.olark.com 'unsafe-inline' *.googletagmanager.com *.google-analytics.com js.bizographics.com *.bing.com stats.sa-as.com; style-src 'self' https: 'unsafe-inline' *.olark.com; worker-src 'self' *.olark.com; report-uri https://energymarketexchange.com/report_csp_violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 
data:; report-uri /csp-report 1
default-src 'self'; img-src 'self' ssl.tonewheelgeneral.com www.tonewheelgeneral.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' www.tonewheelgeneral.com ssl.tonewheelgeneral.com tonewheelgeneral.com js_fns.js ajax.googleapis.com http://code.jquery.com/jquery-3.3.1.js;  font-src 'self' ssl.tonewheelgeneral.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com *.tonewheelgeneral.com; report-uri http://www.tonewheelgeneral.com/csp-report.php; 1
default-src * data: android-webview-video-poster:; script-src 'self' tomhess.net 'unsafe-inline' 'unsafe-eval' *.facebook.net *.facebook.com facebook.com *.marinsm.com pixel-geo.prfct.co *.google.com *.google-analytics.com *.g.doubleclick.net *.googleadservices.com *.twitter.com *.jwpcdn.com *.smartlook.com *.olark.com *.ampproject.org *.authorize.net www.genbook.com *.zingchart.com *.calendly.com polyfill.io cdn.jsdelivr.net; style-src 'self' tomhess.net 'unsafe-inline' *.googleapis.com *.olark.com *.fontawesome.com *.zingchart.com; connect-src 'self' tomhess.net *.facebook.net *.facebook.com facebook.com *.marinsm.com pixel-geo.prfct.co *.google.com *.google-analytics.com *.g.doubleclick.net *.googleadservices.com *.twitter.com *.jwpcdn.com *.smartlook.com *.olark.com *.calendly.com; 1
default-src 'self' blob: https://*.zopim.com https://www.eigenhaard.nl; connect-src 'self' http://api.pro6pp.nl https://api.pro6pp.nl wss://*.zopim.com https://*.zopim.com https://*.google-analytics.com wss://*.hotjar.com/ https://*.hotjar.com https://cdnjs.cloudflare.com https://*.googleapis.com; frame-src 'self' https://sdn.sitecore.net https://*.zopim.com https://*.youtube.com https://eigenhaard.bbvms.com https://*.hotjar.com; font-src 'self' data: https://*.zopim.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: blob: https://*.zopim.com https://*.zopim.io https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.google-analytics.com https://www.facebook.com https://*.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js-agent.newrelic.com https://bam.nr-data.net http://*.zopim.com  https://*.zopim.com https://*.gstatic.com https://*.google.com https://*.google.nl http://*.google.com http://*.google.nl https://*.googleapis.com https://*.google-analytics.com https://api.pro6pp.nl https://script.crazyegg.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-ancestors 'self'; base-uri https://www.eigenhaard.nl;  report-uri /ul_reporting/csp-report.aspx 1
form-action www.facebook.com; frame-src www.facebook.com www.youtube.com disqus.com; script-src-elem 'self' js-agent.newrelic.com bam.nr-data.net analytics.twitter.com ajax.googleapis.com www.googletagmanager.com s3.amazonaws.com connect.facebook.net us1.siteimprove.com www.google-analytics.com static.ads-twitter.com 'unsafe-inline'; img-src 'self' t.co us1.siteimprove.com www.facebook.com www.google-analytics.com www.google.com stats.g.doubleclick.net cartodb.s3.amazonaws.com cartocdn-gusc.global.ssl.fastly.net a.tiles.mapbox.com; style-src-elem 'self' 'unsafe-inline'; font-src 'self'; style-src-attr 'unsafe-inline'; report-uri https://fordfoundation.report-uri.com/r/d/csp/wizard 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com *.gstatic.com www.youtube.com *.paypal.com *.facebook.net *.epay.bg *.google-analytics.com *.googleadservices.com *.intercom.io *.google.bg *.neterra.net *.facebook.com *.intercomcdn.com *.neterra.tv blob: https:; worker-src blob:; img-src *.intercomassets.com *.dismagic.com *.media-imdb.com *.facebook.com *.google-analytics.com *.neterra.tv *.neterra.net *.doubleclick.net 'self' data: *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' *.intercomcdn.com data:; media-src 'self' *.neterra.tv blob:; connect-src neterra.tv *.neterra.tv *.intercom.io *.intercomcdn.com connect.facebook.net *.google-analytics.com *.doubleclick.net www.facebook.com wss:; report-uri /csp/csp.php; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.maryno.net *.vk.com vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.parastorage.com *.getsale.io *.youtube.com fonts.gstatic.com *.ytimg.com; img-src 'self' data:  *.maryno.net *.vk.com vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.parastorage.com *.getsale.io; connect-src https: wss: *.maryno.net *.vk.com *.jivosite.com *.yandex.ru *.google-analytics.com *.getsale.io; upgrade-insecure-requests; report-uri https://sentry.maryno.net/api/14/csp-report/?sentry_key=79209ab7e939495bba7b8d83b14909d9 1
script-src https://www.mioskincare.co.uk https://m.mioskincare.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.mioskincare.co.uk/cspReport.txt; 1
script-src https://www.lookfantastic.com.au https://m.lookfantastic.com.au 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.com.au/cspReport.txt; 1
default-src 'self'; block-all-mixed-content; connect-src 'self' https://api.rollbar.com https://www.facebook.com/tr/ https://www.google-analytics.com https://secure.helpscout.net https://api.ipify.org; font-src 'self' data: https://cdn.weddybird.com https://fonts.gstatic.com; frame-src 'self' https://djtflbt20bdde.cloudfront.net *; img-src 'self' data: https://weddybird.com https://cdn.weddybird.com https://cdn.pndsrv.net *; media-src 'self' https://djtflbt20bdde.cloudfront.net *; object-src 'self' https://djtflbt20bdde.cloudfront.net *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://d12wqas9hcki3z.cloudfront.net https://djtflbt20bdde.cloudfront.net; report-uri /csp/report 1
default-src 'none'; img-src 'self' data: https://static.localcoinswap.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://insights.hotjar.com https://static.hotjar.com; font-src 'self' data: https://static.localcoinswap.com https://fonts.gstatic.com https://static.hotjar.com; script-src 'self' https://localcoinswap.com https://static.localcoinswap.com https://maps.googleapis.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.localcoinswap.com https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' wss://localcoinswap.com https://www.facebook.com/tr/ https://maps.google.com https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://www.google.com https://vars.hotjar.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://static.localcoinswap.com; report-uri https://localcoinswap.com/report-csp-violation/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  data: *.tnb.com *.scene7.com abbcloud.blob.core.windows.net *.abb.com *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.macromedia.com *.partcommunity.com *.tnb.ca *.vanlien.com *.vanlien.be *.vanlien.nl *.youtube.com *.paypal.com tnblnx3.tnb.com code.jquery.com googleads.g.doubleclick.net *.googleadservices.com 4817075.fls.doubleclick.net *.google.com *.google.nl *.google.be *.google-analytics.com *.api4load.com *.facebook.net *.facebook.com *.fedex.com *.ups.com *.rlcarriers.com *.cl3ver.com 199.120.203.191; report-uri https://www-public.tnb.com/cspr/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https://search.architexturez.in; report-uri https://search.architexturez.in 1
script-src https://www.lookfantastic.dk https://m.lookfantastic.dk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.dk/cspReport.txt; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://www.googletagmanager.com https://platform.twitter.com https://www.googleadservices.com https://*.hotjar.com https://www.google.com https://*.doubleclick.net https://*.twimg.com https://depth-security.disqus.com https://*.disquscdn.com https://*.addthis.com https://disqus.com https://*.addthisedge.com http://*.addthis.com https://graph.facebook.com https://www.linkedin.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://*.disquscdn.com; img-src 'self' data: https://www.google.com https://maps.googleapis.com https://*.twimg.com https://www.google-analytics.com https://*.doubleclick.net https://*.twitter.com https://cdn.viglink.com https://*.gstatic.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://syndication.twitter.com https://insights.hotjar.com https://links.services.disqus.com https://m.addthis.com; frame-src 'self' https://*.twitter.com https://vars.hotjar.com https://disqus.com https://s7.addthis.com https://*.doubleclick.net; form-action 'self' https://*.twitter.com ; block-all-mixed-content; report-uri https://depthsecurity.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.goldwingdocs.com *.google.com *.google.ca *.google.co.uk *.google.fi *.google.de *.amazon-adsystem.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.gstatic.com *.googletagservices.com;  style-src 'self' 'unsafe-inline'; img-src * data; font-src * data; child-src *; connect-src *; report-uri /reportcsp.asp; 1
default-src 'self'; script-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src * data: ; font-src 'self' https://fonts.gstatic.com ;  report-uri https://linickx.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.hk&source%5Bsection%5D=brochure&source%5Buuid%5D=d83c97837f17270fb5e9bed2519a9e3a 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-dvIj29ibpd0i0xmaNZGwn3J4yc'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://*.aol.com https://www.aol.co.uk https://www.aol.de;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com;media-src https://*.ah.yahoo.com;report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'self' 'unsafe-eval' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://pr.comet.yahoo.com 'nonce-Dzby548ELeIcxUZqbjSAJNv2ETzFpKTIv1iu6NpxjITbIigb' ;style-src * 'unsafe-inline' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artinamericamagazine.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/css; img-src 'self' https://www.google-analytics.com/collect; font-src 'self' https://fonts.gstatic.com; report-uri https://multimediasolutions.report-uri.io/r/default/csp/reportOnly 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' http://sandbox.cosmobucci.com/logs/ http://sandbox.cosmobucci.com/sidekiq/ http://sandbox.cosmobucci.com/mini-profiler-resources/ http://sandbox.cosmobucci.com/assets/ http://sandbox.cosmobucci.com/brotli_asset/ http://sandbox.cosmobucci.com/extra-locales/ http://sandbox.cosmobucci.com/highlight-js/ http://sandbox.cosmobucci.com/javascripts/ http://sandbox.cosmobucci.com/plugins/ http://sandbox.cosmobucci.com/theme-javascripts/ http://sandbox.cosmobucci.com/svg-sprite/; worker-src 'self' blob:; report-uri http://sandbox.cosmobucci.com/csp_reports 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https: res://edgehtml.dll content.etilize.com use.typekit.net static.oktopost.com okt.to www.wufoo.com secure.wufoo.com analytics.clickdimensions.com maps.googleapis.com livestream.com code.createjs.com; style-src 'self' 'unsafe-inline' maps.googleapis.com fonts.googleapis.com; img-src 'self' http: https: www.dandh.com www.dandh.ca content.etilize.com p.typekit.net analytics.clickdimensions.com maps.googleapis.com maps.gstatic.com data: about:; font-src 'self' https: use.typekit.net fonts.gstatic.com data:; frame-src 'self' https: content.etilize.com dandh.wufoo.com analytics.clickdimensions.com www.youtube.com livestream.com; connect-src 'self' javascript performance.typekit.net; default-src 'self'; report-uri https://192.168.1.22/CspReporting/api/Report; 1
report-uri https://sentry.io/api/1318134/security/?sentry_key=180a5bb8e9f14da280c79e29fca852e9 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-M2JIJI4SljmNYL3qkscADWTMkA8'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://support.stnhost.com/csp/record-bad-https.php 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 1
default-src 'unsafe-inline' 'unsafe-eval' https: http: blob: filesystem: data:; report-uri https://echo.deltafactory.biz/csp/ipdotcom 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-xvyK2ADsfoVJNxpcmUfhgOYMh8' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-13ie8zsoIddTneXFKtOqvxMwXCo'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
report-uri CSP_URL; manifest-src 'self'; default-src 'self' fonts.googleapis.com; child-src 'self'; worker-src 'self'; media-src 'self' https://*.intercomcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.madkudu.com https://*.gstatic.com https://*.googleapis.com https://*.bootstrapcdn.com https://*.fontawesome.com; img-src 'self' https://*.madkudu.com https://*.intercomcdn.com https://*.intercomassets.com https://*.slack-edge.com https://www.facebook.com https://www.google-analytics.com https://track.hubspot.com https://heapanalytics.com https://*.quora.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.madkudu.com https://*.segment.com https://*.intercom.io https://*.usemessages.com https://*.intercomcdn.com https://*.stripe.com wss://*.intercom.io https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.optimizely.com https://unpkg.com https://js.chilipiper.com/marketing.js https://*.hotjar.com https://js.hs-analytics.net https://snap.licdn.com https://js.hs-scripts.com https://*.linkedin.com https://*.heapanalytics.com https://*.quora.com; frame-src 'self' https://*.stripe.com https://*.google.com https://www.youtube.com https://vars.hotjar.com; font-src 'self' https://*.intercomcdn.com https://*.gstatic.com data: https://*.bootstrapcdn.com https://*.fontawesome.com; connect-src 'self' https://*.madkudu.com https://*.intercom.io https://*.segment.io https://*.intercomcdn.com wss://*.intercom.io https://*.rollbar.com https://cdn.segment.com https://in.hotjar.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://uvbshvgaro0wreus1xk28aaq.httpschecker.net/report 1
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com ajax.googleapis.com cdn.cloud.techsmith.com *.google.com *.screencast.com *.youtube.com *.multiviewinc.com *.google-analytics.com; object-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com cdn.cloud.techsmith.com youtube.com *.mailchimp.com; img-src 'self' 'unsafe-inline' *.screencast.com *.youtube.com *.google-analytics.com; media-src 'self' 'unsafe-inline' *.screencast.com *.youtube.com; frame-src 'self' 'unsafe-inline' *.screencast.com *.youtube.com ms-appx-web://microsoft.microsoftedge ms-appx-web://; frame-ancestors 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' 'unsafe-inline' *.screencast.com *.youtube.com *.google-analytics.com; report-uri /report-csp-violation 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-8c5b6afc-4cf4-4a87-bafa-8764c80856a2' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
script-src 'strict-dynamic' 'nonce-OTFqlnwDyYgXulk2xUDooJard5mmFzNt' 'report-sample' 'unsafe-eval' 'unsafe-inline'  https:; object-src 'none'; base-uri 'none'; report-uri https://2992bde6ad0fcd23e8e1194ddc9ae1ea.report-uri.com/r/d/csp/reportOnly; 1
default-src * data: blob:; child-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' 'self'; style-src https: 'unsafe-inline'; object-src https: 'unsafe-inline'; report-uri https://broadlyproxy.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; connect-src 'self'; font-src 'self' data:; frame-src 'self' https://go.pardot.com https://www.youtube.com; img-src 'self' data: https://scontent.cdninstagram.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://www.youtube.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://pi.pardot.com https://translate.google.com https://translate.googleapis.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; worker-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.ad adservice.google.ae adservice.google.al adservice.google.al adservice.google.at adservice.google.az adservice.google.be adservice.google.bg adservice.google.bj adservice.google.bs adservice.google.bt adservice.google.ca adservice.google.ch adservice.google.cl adservice.google.cm adservice.google.co.ao adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.ls adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.ug adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com adservice.google.com.af adservice.google.com.ag adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.bz adservice.google.com.co adservice.google.com.cu adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.na adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vc adservice.google.com.vn adservice.google.cv adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gg adservice.google.gp adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.je adservice.google.jo adservice.google.kg adservice.google.kg adservice.google.ki adservice.google.kz adservice.google.la adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.mn adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.nl adservice.google.no adservice.google.pl adservice.google.ps adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.rw adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tg adservice.google.tm adservice.google.tn adservice.google.tt adservice.google.vu assets.pinterest.com cdnjs.cloudflare.com checkout.stripe.com log.pinterest.com pagead2.googlesyndication.com tpc.googlesyndication.com www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com www.recaptcha.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; frame-src 'self' checkout.stripe.com googleads.g.doubleclick.net tpc.googlesyndication.com www.google.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' checkout.stripe.com csi.gstatic.com pagead2.googlesyndication.com sentry.io www.google-analytics.com; img-src 'self' data: www.google.ad www.google.ae www.google.at www.google.be www.google.ca www.google.ch www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.mz www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.co.zm www.google.com.ar www.google.com.au www.google.com.bh www.google.com.br www.google.com.co www.google.com.hk www.google.com.lb www.google.com.mx www.google.com.my www.google.com.om www.google.com.ph www.google.com.qa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gp www.google.gr www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.kz www.google.lu www.google.lv www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sm www.google.tl www.google.tt cdnjs.cloudflare.com *.stripe.com csi.gstatic.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com; manifest-src 'self'; media-src 'self'; report-uri https://shockwavesound.report-uri.com/r/d/csp/wizard 1
report-uri https://sentry.pressly.xyz/api/66/csp-report/?sentry_key=d0e35ce9d59a42b8b1ec472c0792de84; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-61FpGSM5HOr1GL3L7dwmzH5ZM' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ajax.aspnetcdn.com use.typekit.com platform.twitter.com cdn.syndication.twimg.com web103.reachmee.com ssl.google-analytics.com s.webtrends.com statse.webtrendslive.com ssl.webserviceaward.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com platform.twitter.com ssl.webserviceaward.com; img-src 'self' data: about: ajax.googleapis.com	platform.twitter.com syndication.twitter.com pbs.twimg.com p.typekit.net statse.webtrendslive.com hm.webtrends.com ssl.webserviceaward.com; font-src 'self' data: fonts.gstatic.com use.typekit.com; connect-src 'self' performance.typekit.net; media-src 'self'; object-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com platform.twitter.com syndication.twitter.com cws.huginonline.com inpublic.globenewswire.com web103.reachmee.com; report-uri /csp-report; 1
default-src 'self'; connect-src 'self' https://api.sbab.se https://www.google-analytics.com https://*.doubleclick.net https://in.hotjar.com https://www.googleapis.com https://*.visualwebsiteoptimizer.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://bloggen.sbab.se; frame-src https://www.youtube.com https://*.rfihub.com https://syndication.twitter.com https://platform.twitter.com https://embed.bambuser.com https://in.hotjar.com https://vars.hotjar.com https://service.force.com; img-src 'self' https://syndication.twitter.com https://bilder.hemnet.se https://platform.twitter.com https://*.twimg.com https://www.sbab.se https://bloggen.sbab.se https://i.ytimg.com https://aa.agkn.com https://ads.yahoo.com https://simage2.pubmatic.com https://*.g.doubleclick.net https://us-u.openx.net https://www.google.com https://*.rfihub.com https://d.agkn.com https://dev.visualwebsiteoptimizer.com https://dsum-sec.casalemedia.com https://ib.adnxs.com https://o.adtriba.com https://pixel.rubiconproject.com https://soma.smaato.net https://sync.search.spotxchange.com https://tapestry.tapad.com https://www.facebook.com https://*.google-analytics.com https://www.google.* https://*.googlesyndication.com https://x.bidswitch.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://track.adform.net https://www.googleadservices.com https://platform.twitter.com https://cdn.syndication.twimg.com https://bloggen.sbab.se https://s.ytimg.com https://a.rfihub.com/idr.js https://c1.rfihub.net/js/tc.min.js https://cdn.adtriba.com/v2/adtriba.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/677988019016414 https://dev.visualwebsiteoptimizer.com https://*.hotjar.com https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://ssl.google-analytics.com https://service.force.com https://*.salesforceliveagent.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com http://fonts.googleapis.com https://bloggen.sbab.se https://maxcdn.bootstrapcdn.com https://bloggen.sbab.se/wp-content/themes/wpex-luxmag_1.0 https://bloggen.sbab.se/wp-content/themes/wpex-luxmag_1.0/css/ https://service.force.com; report-uri https://sbab.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src * 'unsafe-inline' 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-MIqed2cp4rJuv3DbS0dOK7nJVSg'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://d3js.org https://www.googleadservices.com https://checkout.stripe.com https://js.stripe.com translate.google.com *.googleapis.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com *.bootstrapcdn.com *.intercom.io *.intercomcdn.com *.cloudflare.com *.jquery.com; style-src 'self' 'unsafe-inline' https://checkout.stripe.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com; img-src 'self' https: data: 'sha256-MjthglVWXKZvfTNEVfexw1BvrAiHDO4au5hKG3qNF7o='; media-src 'self' https://js.intercomcdn.com; connect-src 'self' https://auth.logit.io https://api.logit.io https://checkout.stripe.com https://js.stripe.com translate.googleapis.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src https://checkout.stripe.com https://js.stripe.com www.googletagmanager.com; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com *.bootstrapcdn.com *.intercomcdn.com *.fontawesome.com; object-src 'none'; form-action 'self'; report-uri https://logit.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://td9xntasxybzj1cwbnu73cda.httpschecker.net/report 1
default-src 'none'; script-src 'self' 'report-sample' https://cdn.innocraft.cloud https://www.youtube.com https://connect.facebook.net https://admin.typeform.com; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://thecorrespondent.innocraft.cloud https://i.ytimg.com; font-src 'self'; connect-src 'self' https://campaign.thecorrespondent.com https://thecorrespondent.innocraft.cloud https://sentry.io; media-src 'self'; child-src https://youtube.com https://www.youtube.com https://player.vimeo.com https://staticxx.facebook.com https://platform.twitter.com https://media.mtvnservices.com https://thecorrespondent.typeform.com; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com https://staticxx.facebook.com https://platform.twitter.com https://media.mtvnservices.com https://thecorrespondent.typeform.com; manifest-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; report-uri https://correspondent.report-uri.com/r/d/csp/reportOnly; block-all-mixed-content 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://www.google.com cdnjs.cloudflare.com code.highcharts.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; report-uri https://www.haigekassa.ee/report-uri/reportOnly 1
default-src 'self'; report-uri /report/content 1
child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' bearshares.com https://cdn.bearsharesimages.com https://images.bearshares.com https://bearsharesimages.com https://api1.bearshares.com https://api.bearshares.com api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; script-src 'unsafe-inline' https: http: 'unsafe-eval' https://www.gstatic.com ; report-uri /csp-violation/ 1
default-src 'self' *.callbackhunter.com callbackhunter.com ws://callbackhunter.com wss://callbackhunter.com https://mc.yandex.ru https://fonts.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.ru *.facebook.com https://*.facebook.com https://ajax.googleapis.com *.youtube.com https://youtube.com; img-src 'self' data: *.callbackhunter.com callbackhunter.com vk.com https://vk.com t.co https://mc.yandex.ru *.google-analytics.com https://www.google-analytics.com https://analytics.twitter.com *.facebook.com https://*.facebook.com https://*.google.com https://*.google.ru https://*.doubleclick.net *.adroll.com https://*.adroll.com https://pixel.rubiconproject.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net; style-src 'self' 'unsafe-inline' *.callbackhunter.com callbackhunter.com *.googleapis.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.callbackhunter.com callbackhunter.com *.vimeocdn.com vk.com mc.yandex.ru https://mc.yandex.ru *.googleadservices.com *.google-analytics.com https://www.google-analytics.com *.twitter.com https://*.twitter.com *.facebook.net https://connect.facebook.net *.adroll.com https://*.adroll.com https://ajax.googleapis.com *.oneretarget.com https://*.oneretarget.com; child-src 'self' *.callbackhunter.com callbackhunter.com *.vimeo.com *.youtube.com https://youtube.com *.youtube-nocookie.com https://youtube-nocookie.com googleads.g.doubleclick.net *.google.com *.google.ru; report-uri /csp/index 1
frame-ancestors 'self' ;font-src 'self' https://fonts.gstatic.com https://webfonts.zohostatic.com https://static.ecorebates.com https://ajax.googleapis.com https://github.com data: ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com; report-uri /CSP-report; 1
default-src http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https: 'self' data:; script-src https: 'unsafe-inline' 'self' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self';report-uri https://invbg.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://maps.googleapis.com https://platform.twitter.com; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://ajax.googleapis.com; img-src 'self' data: android-webview-video-poster: android-webview: https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://maps.gstatic.com https://csi.gstatic.com https://www.gstatic.com https://*.tile.openstreetmap.org https://www.youtube.com https://img.youtube.com https://i.ytimg.com https://m.youtube.com https://s.w.org https://theme.co https://www.gravatar.com https://syndication.twitter.com https://www.google.com https://www.google.ro https://www.google.co.uk https://www.google.dz https://www.google.com.ua https://www.google.co.in https://www.google.be https://www.google.com.tr https://www.google.com.br https://www.google.nl https://www.google.fr https://www.google.de https://www.google.ee https://www.google.es https://www.google.co.jp https://www.google.pl https://www.google.gr https://www.google.it https://www.google.dk https://www.google.lt https://www.google.pt https://www.google.mk https://www.google.lv https://www.google.com.ph https://www.google.by https://www.google.com.ar https://www.google.tn https://www.google.se https://www.google.com.pe https://www.google.sk https://www.google.si https://www.google.bg https://www.google.ge https://www.google.ae https://www.google.cz https://www.google.ch https://www.google.hu https://www.google.com.tw https://www.google.co.za https://www.google.ca https://www.google.co.th https://www.google.com.my https://www.google.at https://www.google.com.au https://www.google.ru https://www.google.co.il https://www.google.com.sa https://www.google.com.qa https://www.google.com.eg https://www.google.co.id https://www.google.com.co https://www.google.co.ke https://www.google.co.nz https://www.google.rs https://www.google.am https://www.google.co.uz https://www.google.cn https://www.google.mu https://www.google.com.af https://www.google.co.ma https://www.google.com.ec https://www.google.fi https://www.google.sn https://www.google.kz https://www.google.com.mt https://www.google.cl https://www.google.com.vn https://www.google.ie https://www.google.com.gt https://www.google.com.kw https://www.google.com.mx https://www.google.ba https://www.google.com.cu https://www.google.com.pk https://www.google.com.hk https://www.google.co.kr https://www.google.no https://www.google.me https://www.google.hr https://www.google.sr https://www.google.com.bh https://www.google.jo https://www.google.com.kh https://www.google.iq https://www.google.com.sg https://www.google.com.bd https://www.google.md https://www.google.al https://www.google.com.uy https://www.google.mv https://www.google.bt https://www.google.mn https://www.google.com.cy https://www.google.com.ng https://www.google.com.mm https://www.google.lu https://www.google.lk https://www.google.com.np https://www.google.com.gi https://www.google.fm https://www.google.ga https://www.google.az https://www.google.com.ly https://www.google.co.ve https://www.google.com.om https://www.google.co.cr https://www.google.gl https://www.google.com.bo https://www.google.is https://www.google.hn https://www.google.com.gh https://www.google.tm https://www.google.co.ug https://www.google.la https://www.google.com.bz https://www.google.co.ao https://www.google.com.pa https://www.google.mg https://www.google.cm https://www.google.com.jm https://www.google.co.zw https://www.google.com.do https://www.google.tg https://www.google.com.sv; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://syndication.twitter.com; media-src 'self' ; object-src 'self' ; child-src 'self' https://bid.g.doubleclick.net https://m.youtube.com https://www.youtube.com https://downloads.temptingbrands.com https://www.googletagmanager.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://bid.g.doubleclick.net https://m.youtube.com https://www.youtube.com https://downloads.temptingbrands.com https://www.googletagmanager.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com; report-uri https://cb-reporting.services.getactivationkey.com; 1
script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net 'unsafe-inline' 'self'; default-src 'none'; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'unsafe-inline' https://use.typekit.net; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://use.typekit.net https://themes.googleusercontent.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
default-src 'self'; connect-src https://*.tawk.to wss://*.tawk.to 'self'; font-src https://*.tawk.to https://*.gstatic.com https://*.googleapis.com data: 'self'; frame-src https://*.tawk.to 'self'; img-src * data:; script-src https://www.google-analytics.com https://www.googletagmanager.com https://*.tawk.to https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdn.jsdelivr.net https://*.googleapis.com 'unsafe-inline' 'self'; report-uri /lift/content-security-policy-report 1
script-src https://www.myprotein.ae https://m.myprotein.ae 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.ae/cspReport.txt; 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com; img-src 'self' https://* * data:; script-src 'self' https://*.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://cdn.jsdelivr.net https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://media2.supermagnete.hu https://www.supermagnete.hu 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.hu https://www.supermagnete.hu 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; report-to https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
script-src https://www.lookfantastic.co.in https://m.lookfantastic.co.in 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.lookfantastic.co.in/cspReport.txt; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com *.jivosite.com; frame-src 'self' https://www.google.com https://www.youtube.com www.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.jivosite.com; img-src 'self' counter.yadro.ru *.jivosite.com *.amazonaws.com  https://yastatic.net data: *.gravatar.com; media-src *.jivosite.com; connect-src 'self' wss://*.jivosite.com; report-uri /csp-report.php 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/private/csp-report 1
default-src https: wss://paperless.com.ua 'self' wss://channelapi.liqpay.ua; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data: 'self' blob:; font-src https: data: 'self'; report-uri /api/csp 1
default-src * data: blob:;script-src 'self' *.vk.com *.mail.ru s.ytimg.com platform.twitter.com cdn.syndication.twimg.com www.instagram.com connect.facebook.net telegram.org *.yandex.ru *.google-analytics.com *.youtube.com *.google.com google.com *.googleapis.com *.vkpartner.ru *.moatads.com *.gstatic.com *.google.ru securepubads.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.vk-cdn.net 'unsafe-inline' 'unsafe-eval' blob:;style-src vk.com *.vk.com platform.twitter.com *.googleapis.com 'self' 'unsafe-inline';report-uri /csp 1
script-src https://www.mybag.com https://m.mybag.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://dyn-beacon.akamaized.net https://fp.zenaps.com; report-uri https://www.mybag.com/cspReport.txt; 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; frame-ancestors 'none'; manifest-src 'self'; script-src 'self'; style-src 'self'; connect-src 'self'; prefetch-src 'self'; form-action 'self'; img-src 'self' data: *.tile.openstreetmap.org *.tile.osm.org; report-uri https://biciklijade.report-uri.com/r/d/csp/reportOnly;  1
script-src 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.vestum.ru api-maps.yandex.ru www.google-analytics.com ulogin.ru *.maps.yandex.net; report-uri https://data.vestum.ru/csp/ 1
script-src 'self' https://cdnjs.cloudflare.com https://static.woopra.com https://www.woopra.com https://code.jquery.com https://cdn.rawgit.com https://api.mapbox.com 'nonce-EPHyXv2thTvwKmzd'; img-src 'self' data: https://video.figure.nz https://api.mapbox.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com; default-src 'self'; worker-src blob:; style-src 'self' 'unsafe-inline' https://api.mapbox.com; media-src https://video.figure.nz; connect-src 'self' https://video.figure.nz https://a.tiles.mapbox.com https://api.rollbar.com; font-src 'self' data:; report-uri https://figurenz.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://translate.google.com https://translate.googleapis.com https://bat.bing.com https://m.addthis.com https://widget.intercom.io  https://app.intercom.io https://js.intercomcdn.com https://platform-api.sharethis.com https://m.addthisedge.com https://buttons-config.sharethis.com https://s7.addthis.com https://inlinemanual.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://code.jquery.com https://cdn.syndication.twimg.com https://stackpath.bootstrapcdn.com; style-src-elem * 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://translate.googleapis.com https://translate.googleapis.com/* https://translate.google.com https://platform-api.sharethis.com https://widget.intercom.io https://code.jquery.com https://js.intercomcdn.com https://connect.facebook.net; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://platform.twitter.com https://ton.twimg.com; connect-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://twitter.com https://firebasestorage.googleapis.com https://staticxx.facebook.com https://www.facebook.com https://c.sharethis.mgr.consensu.org https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com; object-src 'none'; media-src * 'unsafe-inline'; report-uri api/v1/public/reports 1
object-src 'none'; script-src 'nonce-55d15c9949db3c8f872a7ff845055559347ba305' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'none'; report-uri https://proviso.report-uri.com/r/default/csp/reportOnly 1
default-src 'self' *.vic.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://*.monsido.com https://*.monsido.com http://*.google-analytics.com https://*.google-analytics.com http://*.google.com https://*.google.com http://*.cloudflare.com https://*.cloudflare.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://*.cloudfront.net https://*.cloudfront.net http://*.vic.gov.au https://*.vic.gov.au https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://cdn.rawgit.com http://cdn.rawgit.com; style-src 'self' 'unsafe-inline' *.hotjar.com:* *.monsido.com *.cloudflare.com *.cloudfront.net *.vic.gov.au; img-src 'self' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.monsido.com https://*.monsido.com http://*.cloudflare.com https://*.cloudflare.com http://*.cloudfront.net https://*.cloudfront.net http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://*.vic.gov.au https://*.vic.gov.au data: https://raw.githubusercontent.com http://raw.githubusercontent.com https://cdn.rawgit.com http://cdn.rawgit.com https://caretaker-vic-gov.s3-ap-southeast-2.amazonaws.com; frame-src 'self' 'unsafe-inline' https://*.infogram.com:* http://*.infogram.com:* http://*.google.com https://*.google.com http://*.vic.gov.au https://*.vic.gov.au http://*.youtube.com https://*.youtube.com http://*.vimeo.com https://*.vimeo.com http://*.hotjar.com:* https://*.hotjar.com:*; font-src 'self' *.vic.gov.au http://*.hotjar.com https://*.hotjar.com fonts.google.com data:;; connect-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.monsido.com https://*.monsido.com http://*.google-analytics.com https://*.google-analytics.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net http://*.vic.gov.au https://*.vic.gov.au wss://ws5.hotjar.com/api/v1/client/ws https://drwgdblqzrfiz.cloudfront.net; report-uri /report-csp-violation 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; style-src 'unsafe-inline' https:; img-src data: about: https:; font-src data: https:; form-action 'self' https:; block-all-mixed-content; report-uri https://travelonbags.report-uri.com/r/d/csp/reportOnly; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' safari-ukraina.com www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.yandex.ru metrika.yandex.ua mc.yandex.ru yastatic.net www.googleadservices.com googleads.g.doubleclick.net d31j93rd8oukbv.cloudfront.net mc.webvisor.org maps.googleapis.com *.jivosite.com *.privatbank.ua www.youtube.com s.ytimg.com *.ampproject.org https://static.mailerlite.com cdn.jsdelivr.net; default-src 'self' *.jivosite.com; frame-src *.safari-ukraina.com vkontakte.ru yastatic.net www.facebook.com vk.com api-maps.yandex.ru bid.g.doubleclick.net www.youtube.com *.google.com cdn.jivosite.com cdn-cis.jivosite.com https://static.mailerlite.com; img-src *.safari-ukraina.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 informer.yandex.ru www.google.com mc.yandex.ru www.google.com.ua googleads.g.doubleclick.net mc.webvisor.org csi.gstatic.com maps.googleapis.com maps.gstatic.com twemoji.maxcdn.com s3-eu-west-1.amazonaws.com ymetrica.com i.ytimg.com; style-src 'unsafe-inline' 'self' safari-ukraina.com fonts.googleapis.com https://static.mailerlite.com; report-uri http://csp.safari-ukraina.com; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 api.maps.yandex.ru mc.webvisor.org *.jivosite.com ymetrica.com wss://chat.jivosite.com wss://chat4-1.jivosite.com *.ampproject.org stats.g.doubleclick.net www.google.com www.google.com.ua; object-src 'self' www.youtube.com; font-src 'self' fonts.gstatic.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.adform.net *.au.dk *.aucdn.dk *.cloudflare.com *.cloudfront.net *.crazyegg.com *.createsend1.com *.facebook.com *.facebook.net *.findvej.dk *.gefionau.dk *.google-analytics.com *.google.com *.google.dk *.googleapis.com *.googletagmanager.com *.gstatic.com *.instagram.com *.inviewmap.com *.livescribe.com *.mathjax.org *.pingdom.net *.siteimprove.com *.slideshare.net *.stakbogladen.dk *.statsbiblioteket.dk *.storify.com *.twimg.com *.twitter.com *.vimeo.com *.yahooapis.com *.youtu.be *.youtube.com 130.225.20.241 130.226.173.136 77.66.112.46 shoutbox.widget.me siteimproveanalytics.com *.cludo.com www2.dmu.dk unpkg.com *.usabilla.com *.doubleclick.net; img-src 'self' data: *; report-uri /csp-rapport/csp-rapport.php?i=i28v2 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-pHswnRudwVALBUwBXjQ85dNgLeQ' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' https://horizon.stellar.org https://lobstr.zendesk.com/ https://static.lobstr.co https://ekr.zdassets.com/ https://www.google-analytics.com/j/collect;img-src 'self' data: https://chart.googleapis.com https://www.google-analytics.com https://www.gstatic.com/ https://static.lobstr.co https://www.accountkit.com/impressions/ 'nonce-0e9e1058db771c194cb51a3cf84d4aada02e830b3637ba380d957dfcb8f00dac';script-src 'self' https://assets.zendesk.com/ https://www.google.com/recaptcha/api.js https://static.lobstr.co https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha https://sdk.accountkit.com https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.20.1/moment.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/stellar-sdk/0.8.2/stellar-sdk.js https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.js https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.2/Chart.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/select2.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://static.zdassets.com/ 'sha384-LMHfJG/ukr2uiCFgAPvbzJxMSpvX9y9N0+7q/moXJEsB8/FGe60N2egv9cN7FZwD' 'sha256-ZOU9Cifcx5CbBqtaHmfTXDOiu98uFSKeaz2sWew9Qdw=' 'sha256-w7i/pu53gTCiQigcsFuNHZm8/cYEqKDOqW6pOXfJsvs=' 'sha256-3VWJlawzWi90JSy0kBobG+oIAI6yDwut4CR2EObiWJ0=' 'sha256-k8Kx+oSRaLZ+X7/r67j0Mow6bzS2pemyX++9YAOg3BU=' 'nonce-0e9e1058db771c194cb51a3cf84d4aada02e830b3637ba380d957dfcb8f00dac';style-src 'unsafe-inline' https://static.lobstr.co https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jqueryui/1/themes/flick/jquery-ui.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/css/select2.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css;frame-src 'self' https://www.google.com 'nonce-0e9e1058db771c194cb51a3cf84d4aada02e830b3637ba380d957dfcb8f00dac';font-src 'self' https://static.lobstr.co https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'nonce-0e9e1058db771c194cb51a3cf84d4aada02e830b3637ba380d957dfcb8f00dac';base-uri 'self';object-src 'none';report-uri /csp-manager/report/ 1
default-src 'self'; script-src *bam.nr-data.net, *js-agent.newrelic.com, *ajax.googleapis.com, *ajax.googleapis.com, *html5shiv.googlecode.com, *ie7-js.googlecode.com, *.googletagmanager.com; style-src *static.hotjar.com, *ajax.googleapis.com, *.google.com, *.step.org; img-src *step.org, *.google.com, *.google-analytics.com, *.googleapis.com, *clients1.google.com, *ws.sharethis.com; report-uri /report-csp-violation 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://diybeautyforum.com/logs/ https://diybeautyforum.com/sidekiq/ https://diybeautyforum.com/mini-profiler-resources/ https://diybeautyforum.com/assets/ https://diybeautyforum.com/brotli_asset/ https://diybeautyforum.com/extra-locales/ https://diybeautyforum.com/highlight-js/ https://diybeautyforum.com/javascripts/ https://diybeautyforum.com/plugins/ https://diybeautyforum.com/theme-javascripts/ https://diybeautyforum.com/svg-sprite/ https://www.google-analytics.com/analytics.js pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js; worker-src 'self' blob:; report-uri https://diybeautyforum.com/csp_reports 1
child-src 'self' blob:		https://www.google.com/recaptcha/		maps.google.com		www.googletagmanager.com		player.vimeo.com		www.hirebridge.com	;	connect-src 'self'		*.caymanchem.com	;	font-src 'self'		cdnjs.cloudflare.com		maxcdn.bootstrapcdn.com	;	img-src 'self' data:		 *.caymanchem.com		stats.g.doubleclick.net		www.google-analytics.com	;	media-src 'self'		vimeo.com	;	script-src 'self' 'unsafe-eval' 'unsafe-inline'		*.caymanchem.com		ajax.googleapis.com		cdn.datatables.net		cdnjs.cloudflare.com		cdn.jsdeliver.net		code.jquery.com		https://www.google.com/jsapi		https://www.google.com/recaptcha/api.js		https://www.google.com/uds/		https://www.googletagmanager.com/gtm.js		maxcdn.bootstrapcdn.com		use.fontawesome.com		vimeo.com		www.google-analytics.com		www.googletagmanager.com		www.gstatic.com	;	style-src 'self' 'unsafe-inline'		https://ajax.googleapis.com/		https://www.google.com/uds/		cdn.datatables.net		maxcdn.bootstrapcdn.com	;	default-src 'self' blob:	; 1
default-src 'self' https: data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.eerstekamer.nl https://translate.googleapis.com https://ssl.p.jwpcdn.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.eerstekamer.nl; report-uri /cgi-bin/asnh.cgi/0000000/c/cspreport 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com; font-src 'self' fonts.gstatic.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com 'unsafe-inline' 'sha256-UVd1bfzbP7xrxtJSDHp//V/fO0IkNJkciQP0yeBrIPw=' 'sha256-sjHn4TEpK5Mg0DnixdVitXRrBEVkwGriDPnccbpj+Nw='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://application-logging.connectholland.nl/api/2/csp-report/?sentry_key=3a6a15101ed14a5b96645510c953fd5d 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src wss: https: 1
default-src 'none'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com; img-src data: blob: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; frame-ancestors 'self'; report-uri https://www.linkedin.com/lite/contentsecurity?f=ms 1
script-src https://www.myprotein.com.sg https://m.myprotein.com.sg 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.com.sg/cspReport.txt; 1
default-src 'self' https://www.derm101.com; connect-src 'self' www.staging3.derm101.com https://*.addthis.com https://*.mouseflow.com https://plugin.ucads.ucweb.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.derm101.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://www.derm101.com; frame-src 'self' https://*.google.com https://*.vimeo.com https://derm101.mdpress.com https://derm101sar.azurewebsites.net https://s7.addthis.com https://www.derm101.com; child-src 'self' https://*.google.com https://*.vimeo.com https://derm101.mdpress.com https://derm101sar.azurewebsites.net https://s7.addthis.com https://www.derm101.com; img-src 'self' data: https: https://www.derm101.com; media-src 'self' https://www.derm101.com; object-src 'self' https://www.derm101.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addthis.com https://*.google.com https://*.gstatic.com https://ajax.aspnetcdn.com https://cdn.mouseflow.com https://m.addthis.com https://m.addthisedge.com https://s7.addthis.com https://www.google-analytics.com https://www.derm101.com; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com www.staging3.derm101.com https://www.derm101.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src *; frame-src *; font-src *; connect-src * 'unsafe-inline'; report-uri /admin/config/system/seckit/csp-report 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://plt1le3fmlpnruqbyz3v0887.httpschecker.net/report; report-to https://plt1le3fmlpnruqbyz3v0887.httpschecker.net/report 1
default-src 'none' ; frame-ancestors 'none' ; base-uri 'none' ; connect-src 'self' 'unsafe-inline' https: ; script-src 'self' 'unsafe-inline' https: ; style-src 'self' 'unsafe-inline' https: ; img-src 'self' data: https: ; font-src 'self' https: ; form-action 'self' https://*.easypay.bg ; report-uri https://www.easypay.bg/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.google.com/ http://www.google-analytics.com http://dnn506yrbagrg.cloudfront.net http://fonts.googleapis.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://siteimproveanalytics.com/ https://siteimproveanalytics.com/ https://fonts.gstatic.com/ http://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com/ https://www.google.com/ http://www.google-analytics.com http://dnn506yrbagrg.cloudfront.net http://fonts.googleapis.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://siteimproveanalytics.com/ https://siteimproveanalytics.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/; font-src 'self' http://fonts.googleapis.com/ https://fonts.googleapis.com/ http://fonts.gstatic.com/ https://fonts.gstatic.com/; object-src 'self'; frame-src 'self' https://www.google.com/ https://player.vimeo.com/; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/enforce 1
style-src https://*.btrll.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=2vmb13hebtnl5&partner=; 1
default-src self; report-uri //report-csp-violation 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src pagead2.googlesyndication.com stats.g.doubleclick.net kraken.rambler.ru counter.yadro.ru mc.yandex.ru stats.g.doubleclick.net ssl.google-analytics.com favicon.yandex.net yastatic.net  avatars-fast.yandex.net avatars.mds.yandex.net an.yandex.ru vk.com hron-prostatit.ru data: blob:; font-src fonts.gstatic.com https: data:; report-uri /csp-report 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-rfWgDa57zDtdcvRh1ZbYtINDlEk'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://use.fontawesome.com; script-src-elem 'self' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src 'self' https://cdn.rawgit.com https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline' 1
default-src 'self'; 1
default-src 'self' https://yastatic.net https://adservice.google.com/ https://adservice.google.ru/ https://adservice.google.lv/; connect-src 'self' wss://b-1.journali.st https://mc.yandex.ru/ https://mc.yandex.kz/ https://an.yandex.ru https://www.google-analytics.com https://mc.yandex.fr https://mc.yandex.by https://yastatic.net https://pushdata.sendpulse.com:4434 wss://b-1.journali.st/ wss://b-2.journali.st/; frame-src 'self' https://web.facebook.com/ https://staticxx.facebook.com https://www.facebook.com/ https://m.facebook.com/ https://m.vk.com https://googleads.g.doubleclick.net/ https://www.youtube.com https://yastatic.net https://www.google.com https://vk.com https://login.vk.com https://api-maps.yandex.ru https://mc.yandex.ru; script-src 'self' https://connect.facebook.net https://www.google-analytics.com/ https://www.googletagservices.com https://pagead2.googlesyndication.com/ https://adservice.google.ru/ https://adservice.google.com/ https://www.googletagmanager.com/ https://mc.yandex.ru/ https://cdn.sendpulse.com https://an.yandex.ru https://journali.st https://ajax.googleapis.com https://yastatic.net https://vk.com https://api-maps.yandex.ru https://www.google.com https://www.gstatic.com https://*.maps.yandex.net https://lrs.maps.yandex.net https://informer.yandex.ru https://apis.google.com https://site.yandex.net https://yandex.ru https://clck.yandex.ru wss://b-1.journali.st/ wss://b-2.journali.st/ http://www.googletagservices.com/ 'unsafe-eval' 'unsafe-inline' data: 'self'; font-src 'self' https://fonts.gstatic.com/ data: 'self'; style-src 'self' https://cdn.sendpulse.com https://fonts.googleapis.com https://yastatic.net 'unsafe-inline'; img-src 'self' http://i.ytimg.com/ https://*.googleusercontent.com/ https://www.facebook.com https://pagead2.googlesyndication.com https://www.google-analytics.com/ https://images-onepick-opensocial.googleusercontent.com/ https://stats.g.doubleclick.net/ https://www.google.com/ https://s-1.journalist.im/ https://www.google.ru/ https://mc.yandex.ru/ https://cdn.sendpulse.com https://www.googletagmanager.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://informer.yandex.ru https://site.yandex.net https://counter.yadro.ru https://yandex.ru https://favicon.yandex.net https://an.yandex.ru https://avatars.mds.yandex.net https://*.maps.yandex.net https://api-maps.yandex.ru https://vk.com https://www.gravatar.com https://modx.com http://modxcms.com http://modx.com http://modx.s3.amazonaws.com https://yastatic.net https://www.tns-counter.ru https://clck.yandex.ru data: 'self' https://mc.yandex.ru/ blob: 'self'; child-src 'self'; upgrade-insecure-requests; report-uri /csp/report.php 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelmoney.co.nz:*; frame-ancestors *.calypso.net.au *.travelmoney.co.nz; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://pmjsulxvuv1wvuwvesziy6jt.httpschecker.net/report 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-934ecce4-6bd6-4709-a75d-1f6a36b9f240' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-Xpccp66QZfBupPtDaArV35c51Y'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
report-uri https://opencad.report-uri.com/r/d/csp/wizard 1
block-all-mixed-content; report-uri https://us2.nimblecommerce.com/csp-violation.action 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-izHDFCj0nWguQtb2VzmMyZjI' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com cdn.mytime.gl; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.mytime.gl fonts.googleapis.com; img-src 'self' https:; media-src 'self'; frame-src 'none'; font-src 'self' https:; connect-src 'self'; report-uri https://mytime.report-uri.com/r/d/csp/reportOnly 1
default-src 'unsafe-inline' 'self' www.informatiweb.net us.informatiweb.net www.informatiweb-pro.net us.informatiweb-pro.net *.doubleclick.net www.google-analytics.com fonts.googleapis.com *.gstatic.com static.digidip.net informatiweb-pro.digidip.net pagead2.googlesyndication.com connect.facebook.net *.twitter.com *.google.com *.google.be *.facebook.com *.disqus.com *.disquscdn.com disqus.com googletagservices.com 1
script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src 'self' https: data:; frame-ancestors 'none' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.nz&source%5Bsection%5D=brochure&source%5Buuid%5D=d79cd749f2fd3388bb10649ab37f982a 1
default-src 'unsafe-inline' 'self' https://web-rooms.co.nz https://*.web-rooms.com https://*.web-rooms.co.nz https://code.jquery.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.raxcdn.com https://*.rackcdn.com https://www.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://web-rooms.co.nz https://*.web-rooms.com https://*.web-rooms.co.nz https://code.jquery.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.raxcdn.com https://*.rackcdn.com https://www.google-analytics.com; media-src *; img-src 'unsafe-inline' data: 'self' https://web-rooms.co.nz https://*.web-rooms.com https://*.web-rooms.co.nz https://code.jquery.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.raxcdn.com https://*.rackcdn.com https://www.google-analytics.com; report-uri https://web-rooms.co.nz/CspReport.asp 1
default-src https:; connect-src https:; object-src https:; media-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-src https:; frame-ancestors https:; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google-analytics.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com; img-src 'self' 'unsafe-inline' *.google-analytics.com https://syndication.twitter.com https://*.sharethis.com; frame-src 'self' 'unsafe-inline' *.youtube.com https://platform.twitter.com https://player.vimeo.com https://www.facebook.com https://*.sharethis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; report-uri /report-csp-violation 1
base-uri 'self'; object-src 'self' ; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.vhub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://vhub.org https://www.dropbox.com https://graph.facebook.com ; default-src 'self' https://*.vhub.org https://*.vhub.aws.hubzero.org; font-src 'self' https://fonts.gstatic.com data: safari-extension: chrome-extension: ; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://*.vhub.org https://*.vhub.aws.hubzero.org  https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com ; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com  https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com ; report-uri https://help.hubzero.org/csp-cms.php; report-to cms 1
script-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.braintreegateway.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
default-src 'self' *.bearingworks.com; connect-src 'self' *.bearingworks.com http://*.twitter.com https://*.twitter.com; font-src 'self' *.bearingworks.com http://*.gstatic.com https://*.gstatic.com http://*.googleapis.com https://*.googleapis.com data:; child-src 'self' *.bearingworks.com http://*.facebook.com https://*.facebook.com http://*.twitter.com https://*.twitter.com http://*.google.com https://*.google.com http://*.pinterest.com https://*.pinterest.com javascript:; frame-src 'self' *.bearingworks.com http://*.braintreegateway.com https://*.braintreegateway.com http://*.facebook.com https://*.facebook.com http://*.twitter.com https://*.twitter.com http://*.google.com https://*.google.com http://*.pinterest.com https://*.pinterest.com javascript:; img-src 'self' *.bearingworks.com http://*.pinterest.com https://*.pinterest.com http://*.pinimg.com https://*.pinimg.com https://*.twitter.com https://*.facebook.com http://*.gstatic.com https://*.pinimg.com http://*.googleapis.com https://*.googleapis.com http://*.google-analytics.com https://*.google-analytics.com data:; media-src 'self' *.bearingworks.com; object-src 'self' *.bearingworks.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-032eb4650c3132bea783cac9c646ede81e0b2266' 'nonce-b1e55468d58c080411d3dc856092535106d55b90' 'nonce-6939bf68deffcff2fc923f823a05c0d812762752' *.bearingworks.com http://*.google-analytics.com https://*.google-analytics.com http://*.braintreegateway.com https://*.braintreegateway.com http://*.facebook.com https://*.facebook.com http://*.facebook.net https://*.facebook.net http://*.twitter.com https://*.twitter.com http://*.google.com https://*.google.com http://*.gstatic.com https://*.gstatic.com http://*.googleapis.com https://*.googleapis.com http://*.pinterest.com https://*.pinterest.com; style-src 'unsafe-inline' 'self' *.bearingworks.com http://*.gstatic.com https://*.gstatic.com http://*.googleapis.com https://*.googleapis.com; report-uri /csp 1
default-src 'self'; script-src 'self' 'nonce-8b8fdc28-58f1-44ab-813d-26c9d5c1410b' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com:*; frame-ancestors *.calypso.net.au *.flightcentre.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-FHvKZaedCg5WoER2kwRhvnswSQ' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.sharethis.com  *.sharethis.mgr.consensu.org; script-src 'self' 'unsafe-inline' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.newrelic.com *.nr-data.net *.aviary.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.adobedtm.com 'unsafe-eval' *.bizographics.com *.mookie1.com *.licdn.com *.google-analytics.com meetingsimagined.com *.tiqcdn.com *.linkedin.com *.mookie1.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.typography.com *.aviary.com *.sharethis.com; img-src 'self' *.meetingsimagined.com:* *.marriott.com meetingsimagined.com *.google-analytics.com *.linkedin.com *.sharethis.com; frame-src 'self' *.tiqcdn.com *.sharethis.com; font-src * data:; report-uri /admin/config/system/seckit/csp-report 1
base-uri 'self'; object-src 'self' http://*.tiles.virtualearth.net https://fpdownload.adobe.com http://dev.virtualearth.net https://swatshare-dev.rcac.purdue.edu; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.mygeohub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://mygeohub.org https://www.dropbox.com https://graph.facebook.com http://*.virtualearth.net https://geoserver.rcac.purdue.edu http://dev.virtualearth.net; default-src 'self' https://*.mygeohub.org https://*.mygeohub.aws.hubzero.org; font-src 'self' https://fonts.gstatic.com data: safari-extension: chrome-extension: https://maxcdn.bootstrapcdn.com; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://*.mygeohub.org https://*.mygeohub.aws.hubzero.org  https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com ; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com  https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://*.virtualearth.net https://cdn.jsdelivr.net https://geoserver.rcac.purdue.edu https://freegeoip.net swatshare-dev.rcac.purdue.edu https://cdnjs.cloudflare.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; report-uri https://help.hubzero.org/csp-cms.php; report-to cms 1
default-src http:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.uk:*; frame-ancestors *.calypso.net.au *.flightcentre.co.uk; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
report-uri https://csp.archant.co.uk/report; default-src https: 'unsafe-inline' 'unsafe-eval'; 1
report-uri /api/app-info/csp-report; default-src 'self'; img-src 'self' data: https://*.paymeservice.com; script-src 'self' 'unsafe-inline' static.apiary.io api.apiary.io assets.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.user1st.info/ https://*.sessionstack.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://*.zendesk.com wss://*.zendesk.com ws://admin.isracard-global.com https://admin.isracard-global.com https://*.paymeservice.com https://*.sessionstack.com; frame-src 'self' jsapi.apiary.io https://*.paymeservice.com https://ng.paymeservice.com https://preprod.paymeservice.com https://*.user1st.info/ https://www.google.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com http://nullpoint.owox.com *.intexpool.ua *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.doubleclick.net *.google.com.ua *.facebook.net *.binotel.com; default-src 'self' *.gstatic.com; frame-src vkontakte.ru www.facebook.com vk.com *.intexpool.ua *.youtube.com *.google.com *.doubleclick.net *.google.com.ua *.googleapis.com *.gstatic.com *.addthis.com; img-src *.multichannel.demo.owox.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.intexpool.ua ssl.gstatic.com *.yandex.ru *.doubleclick.net *.google.com *.google.com.ua *.yandex.ua *.googleapis.com *.gstatic.com *.facebook.com; style-src 'unsafe-inline' 'self' *.intexpool.ua *.googleapis.com *.gstatic.com; report-uri https://csp.intexpool.ua; connect-src 'self' *.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 *.intime.ua *.addthis.com *.google.com *.google.com.ua; object-src 'self' www.youtube.com *.googleapis.com *.gstatic.com; 1
frame-src https://*.stripe.com https://*.sharethis.mgr.consensu.org https://*.google.com https://*.cmptch.com 'self' http://*.twitter.com http://*.sharethis.com https://*.hsforms.com https://*.wistia.com https://*.youtube.com https://intercom-sheets.com https://*.googletagmanager.com https://*.sharethis.com https://*.hubspot.com https://*.wistia.net https://*.twitter.com; img-src https://*.google-analytics.com https://*.google.co.id https://*.google.ca https://*.google.com.au https://*.zscalertwo.net https://*.gstatic.com https://*.intercomcdn.com https://*.amazonaws.com https://*.google.ch https://*.ssl.cf3.rackcdn.com https://*.s3.amazonaws.com https://heapanalytics.com https://*.facebook.com https://*.google.be https://*.googletagmanager.com https://*.wistia.net https://*.google.com.eg https://*.google.co.uk https://*.google.it https://intercom.help https://*.akamaihd.net https://*.g.doubleclick.net https://*.googleusercontent.com https://*.google.es https://*.google.pl https://*.wistia.com https://*.google.co.in http://*.sharethis.com https://*.google.com.ph data: http://*.cloudfront.net https://*.google.fr https://*.hsforms.net https://*.pexels.com https://*.google.co.zm https://*.google.com.pe http://*.facebook.com https://*.google.co.nz https://*.google.lv https://*.google.com 'self' https://*.google.com.pk https://*.fbsbx.com https://*.google.co.il https://*.google.ee https://*.google.com.sg https://*.google.nl http://*.gstatic.com https://*.wsimg.com https://*.google.com.ua https://*.google.se http://*.cloudinary.com https://*.cloudinary.com https://*.google.je http://*.google-analytics.com https://*.stripe.com https://*.zscloud.net https://*.google.ie https://*.google.de https://*.google.ae https://*.intercomassets.com https://*.cloudfront.net https://*.ssl.cf1.rackcdn.com https://*.sharethis.com https://*.licdn.com https://*.hubspot.com http://*.googleusercontent.com; object-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_0e4cd86bdba94e8aaf01ded88e79dbc3; media-src https://*.gstatic.com https://*.intercomcdn.com https://*.akamaihd.net http://*.gstatic.com 'self'; script-src-elem 'self'; script-src https://*.google-analytics.com http://*.hs-analytics.net https://*.zscalertwo.net https://*.gstatic.com https://*.newrelic.com https://*.intercomcdn.com https://*.cmptch.com https://*.nr-data.net https://*.googletagmanager.com https://*.wistia.net https://*.hs-scripts.com https://*.wistia.com https://*.heapanalytics.com https://*.getapp.com http://*.heapanalytics.com https://*.hsforms.com http://*.sharethis.com data: https://*.hs-analytics.net http://*.cloudfront.net https://*.capterra.com https://*.hsforms.net https://*.twitter.com https://*.googleadservices.com https://*.google.com 'self' http://*.gstatic.com https://*.hsleadflows.net 'unsafe-inline' http://*.google-analytics.com http://*.hs-scripts.com https://*.stripe.com https://*.zscloud.net wss://*.intercom.io https://*.intercom.io http://*.twitter.com 'unsafe-eval' https://*.cloudfront.net https://*.sharethis.com https://*.hubspot.com; style-src https://*.googleapis.com https://*.zscloud.net https://*.google.com 'self' http://*.sharethis.com https://*.cloudfront.net http://*.cloudfront.net https://*.sharethis.com https://*.wistia.net 'unsafe-inline'; child-src 'self'; connect-src https://*.google-analytics.com https://*.hs-growth-metrics.com https://*.litix.io https://*.g.doubleclick.net http://*.google-analytics.com wss://*.intercom.io https://*.intercom.io 'self' https://*.intercomcdn.com http://*.sharethis.com https://*.wistia.com https://heapanalytics.com https://*.sharethis.com https://*.hubspot.com; default-src 'self'; manifest-src 'self'; worker-src 'self'; font-src https://*.joinhoney.com https://*.googleusercontent.com https://*.gstatic.com https://*.intercomcdn.com 'self' http://*.gstatic.com https://*.cloudfront.net data: http://*.cloudfront.net http://*.googleusercontent.com 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-87hH7S6xSdqdOg3KpYiKKfNmIw'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/ 1
default-src 'self'; base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://lifedirect.co.nz https://*.lifedirect.co.nz https://cdn.ravenjs.com https://sentry.io https://*.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://*.g.doubleclick.net https://munchkin.marketo.net https://script.hotjar.com https://static.hotjar.com https://*.google.com https://*.google.co.nz https://*.google.com.au https://connect.facebook.net https://flex.msn.com https://d3f5l8ze0o4j2m.cloudfront.net https://*.krxd.net; connect-src 'self' *.lifedirect.co.nz lifedirect.co.nz sentry.io *.mktoresp.com *.google.com *.google.co.nz *.google-analytics.com *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.krxd.net; style-src 'self' 'unsafe-inline'; img-src 'self' https://lifedirect.co.nz https://*.lifedirect.co.nz https://tmda.tmcdn.co.nz https://*.google.com https://*.google.co.nz https://*.google.com.au https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://ad.yieldmanager.com https://*.livechatinc.com https://livechat.s3.amazonaws.com https://www.facebook.com https://*.krxd.net https://static.hotjar.com https://d3f5l8ze0o4j2m.cloudfront.net data: https://*.lifedirect.co.nz; font-src 'self' https://cdn.livechatinc.com https://www.googletagmanager.com https://themes.googleusercontent.com https://static.hotjar.com; frame-src 'self' https://secure.livechatinc.com https://vars.hotjar.com https://*.krxd.net https://*.doubleclick.net https://www.googletagmanager.com https://flex.msn.com  https://d3f5l8ze0o4j2m.cloudfront.net https://app.pinnaclelife.co.nz/lifedirect/funeral;  media-src 'self' https://*.lifedirect.co.nz https://*.livechatinc.com; block-all-mixed-content; report-uri /api/ContentSecurityPolicyReport; 1
default-src https://xref.com script-src https://sandbox.xref.com https://xref.com https://xref-wagtail.s3.amazonaws.com https://www.googletagmanager.com frame-src  https://fast.wistia.com style-src  https://fonts.googleapis.com img-src  https://xref-wagtail.s3.amazonaws.com/* 1
default-src 'self' https://www.viewpointmag.com; require-sri-for script 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' *.yandex.ru; style-src https: 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src https: data: fonts.googleapis.com; child-src https: www.youtube.com; report-uri /csp-report 1
script-src 'self' 'unsafe-eval' https://img.imgsmail.ru https://*.mail.ru https://ok.ru https://www.google-analytics.com https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.jivosite.com/ https://code.jivosite.com/script/widget/ https://telemetry.jivosite.com/w https://mail-ru.bitrix24.ru/bitrix/js/crm/form_loader.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://vk.com/js/api/openapi.js https://biz-landings-static.hb.bizmrg.com 'nonce-WH2wWjKO5hpLPtsr'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://biz-landings-static.hb.bizmrg.com; report-uri https://cspreport.mail.ru/; default-src 'self'; frame-src https://account.mail.ru https://www.google.com/recaptcha/ https://mail-ru.bitrix24.ru/pub/form.php https://www.facebook.com/; img-src 'self' https://counter.yadro.ru https://*.mail.ru https://*.imgsmail.ru/ https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.google.ru/ads/ga-audiences https://www.tns-counter.ru https://r.mradx.net/ https://stats.g.doubleclick.net/r/collect https://www.facebook.com/tr/ https://vk.com/rtrg https://biz-landings-static.hb.bizmrg.com; media-src https://*.jivosite.com/sounds/; connect-src 'self' https://portal.mail.ru https://bar.love.mail.ru https://top-fwz1.mail.ru https://auth.mail.ru https://code.jivosite.com/script/widget/config/ wss://*.jivosite.com/ https://*.jivosite.com/ping https://stats.g.doubleclick.net/j/collect https://biz-landings-static.hb.bizmrg.com; font-src 'self' https://fonts.gstatic.com https://biz-landings-static.hb.bizmrg.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google.com/jsapi https://ssl.google-analytics.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn.jsdelivr.net/webshim/ https://www.youtube.com/iframe_api https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/ https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.de https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com http://kendo.cdn.telerik.com https://pbs.twimg.com; media-src 'self' https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/; frame-src data: https://berenberg-staging.factsheetslive.com https://www.berenberg.de/my_templates/ https://www.youtube.com; child-src https://www.youtube.com; connect-src 'self' https://karriere.berenberg.de; report-uri https://bego.report-uri.io/r/default/csp/reportOnly 1
default-src https:; base-uri 'none'; form-action 'self' https://cf.gob.pe; frame-ancestors 'self' https://cf.gob.pe; img-src 'self' https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://www.gstatic.com/images/ https://cf.gob.pe; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' https: https://cf.gob.pe 'nonce-PNqoGu7wHbGOEGIkIJYcQJ1ekVtQ7fgyWsbAddhQWO6kyRt1p3L57JnfMSTgPdOyC1VhiiLWRgYsLDyRNDxfJZ8lT94Pn3WTHUOpRbqw9ZxRswKmz5v31UkrV7IpyQuW'; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/themes/base/jquery-ui.css https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cf.gob.pe 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: http://img.chaos-online.ru http://static-cdn.jtvnw.net http://www.twitch.tv; font-src https: data:; report-uri /csp-report 1
script-src https://www.myprotein.co.th https://m.myprotein.co.th 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.co.th/cspReport.txt; 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.doubleclick.net data:; connect-src 'self'; report-uri https://deuxhuithuit.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1
script-src https://www.myprotein.com.my https://m.myprotein.com.my 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/ https://translate.googleapis.com; report-uri https://www.myprotein.com.my/cspReport.txt; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com 'unsafe-eval' 'nonce-6x2ROoiscdejjoCVQSzilZsRWI'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' shopshap.ru *.shopshap.ru; connect-src 'self' shopshap.ru *.shopshap.ru https://yandex.ru mc.yandex.ua https://mc.yandex.fr http://*.mc.yandex.ua https://*.mc.yandex.ua *.yandex.ua *.doubleclick.net https://*.doubleclick.net *.googlesyndication.com https://*.googlesyndication.com *.google-analytics.com https://*.google-analytics.com google-analytics.com https://google-analytics.com youtube.com https://youtube.com ytimg.com https://ytimg.com mc.yandex.ru http://*.mc.yandex.ru https://*.mc.yandex.ru *.yandex.ru https://*.yandex.ru *.youtube.com https://*.youtube.com *.ytimg.com https://*.ytimg.com; font-src 'self' shopshap.ru *.shopshap.ru *.yastatic.net https://*.yastatic.net *.doubleclick.net https://*.doubleclick.net *.bootstrapcdn.com https://*.bootstrapcdn.com *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com; frame-src 'self' shopshap.ru *.shopshap.ru *.twitter.com https://*.twitter.com *.googletagmanager.com https://*.googletagmanager.com *.metabar.ru https://*.metabar.ru *.doubleclick.net https://*.doubleclick.net *.facebook.com https://*.facebook.com *.facebook.net https://*.facebook.net *.google.com https://*.google.com *.googleadservices.com https://*.googleadservices.com *.googlesyndication.com https://*.googlesyndication.com vk.com https://vk.com yastatic.net https://yastatic.net youtube.com https://youtube.com ytimg.com https://ytimg.com *.vk.com https://*.vk.com *.yandex.ru https://*.yandex.ru *.youtube-nocookie.com https://*.youtube-nocookie.com *.youtube.com https://*.youtube.com *.ytimg.com https://*.ytimg.com; img-src 'self' shopshap.ru *.shopshap.ru *.twitter.com https://*.twitter.com *.youtube.com https://*.youtube.com *.cdek.ru/ https://*.cdek.ru/ *.google.co.uz https://*.google.co.uz *.google.com.sg https://*.google.com.sg *.googletagmanager.com https://*.googletagmanager.com datewiki.ru *.datewiki.ru *.google.az https://*.google.az *.google.pl https://*.google.pl *.google.ee https://*.google.ee *.google.lt https://*.google.lt *.google.nl https://*.google.nl *.google.ro https://*.google.ro *.google.fr https://*.google.fr *.google.it https://*.google.it *.google.am https://*.google.am *.google.ca https://*.google.ca *.google.be https://*.google.be *.google.lv https://*.google.lv *.google.si https://*.google.si *.google.gr https://*.google.gr *.google.co.uk https://*.google.co.uk gdeposylka.ru *.gdeposylka.ru *.doubleclick.net https://*.doubleclick.net *.google.com.br https://*.google.com.br http://qrcoder.ru *.google.kg https://*.google.kg *.google.by https://*.google.by *.google.com.om https://*.google.com.om *.google.es https://*.google.es *.google.de https://*.google.de *.google.md https://*.google.md *.googletagmanager.com https://*.googletagmanager.com *.google.kz https://*.google.kz *.google.com.ua https://*.google.com.ua *.google.ru https://*.google.ru *.google.com https://*.google.com data: *.doubleclick.net https://*.doubleclick.net *.facebook.com https://*.facebook.com *.google-analytics.com https://*.google-analytics.com *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.gravatar.com https://*.gravatar.com *.gstatic.com https://*.gstatic.com google-analytics.com https://google-analytics.com vk.com https://vk.com yandex.ru https://yandex.ru yastatic.net https://yastatic.net *.mail.ru https://*.mail.ru *.rambler.ru https://*.rambler.ru *.vk.com https://*.vk.com *.w.org https://*.w.org *.yadro.ru https://*.yadro.ru *.yandex.net https://*.yandex.net *.yandex.ru https://*.yandex.ru *.ytimg.com https://*.ytimg.com; object-src 'self' shopshap.ru *.shopshap.ru *.doubleclick.net https://*.doubleclick.net *.ggpht.com https://*.ggpht.com *.googlesyndication.com https://*.googlesyndication.com *.gstatic.com https://*.gstatic.com *.youtube.com https://*.youtube.com ytimg.com https://ytimg.com *.macromedia.com https://*.macromedia.com *.yandex.ru https://*.yandex.ru *.youtube.com https://*.youtube.com *.ytimg.com https://*.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' shopshap.ru *.shopshap.ru api-maps.yandex.ru *.googleapis.com https://*.googleapis.com https://api-maps.yandex.ru *.twitter.com https://*.twitter.com *.bootstrapcdn.com https://*.bootstrapcdn.com *.cloudflare.com https://*.cloudflare.com *.googleadservices.com https://*.googleadservices.com *.googletagmanager.com https://*.googletagmanager.com *.doubleclick.net https://*.doubleclick.net *.facebook.com https://*.facebook.com *.facebook.net https://*.facebook.net *.google-analytics.com https://*.google-analytics.com *.google.com https://*.google.com *.googlesyndication.com https://*.googlesyndication.com *.gstatic.com https://*.gstatic.com google-analytics.com https://google-analytics.com vk.com https://vk.com yandex.net https://yandex.net yandex.ru https://yandex.ru yandex.st https://yandex.st yastatic.net https://yastatic.net *.mail.ru https://*.mail.ru *.rambler.ru https://*.rambler.ru *.vk.com https://*.vk.com *.yadro.ru https://*.yadro.ru *.yandex.net https://*.yandex.net *.yandex.ru https://*.yandex.ru; style-src 'self' 'unsafe-inline' shopshap.ru *.shopshap.ru *.googlesyndication.com https://*.googlesyndication.com *.bootstrapcdn.com https://*.bootstrapcdn.com *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru; report-uri https://shopshap.ru/index.php?route=error/error_log/csp_log; 1
script-src 'report-sample' 'nonce-XqpYGEX1Azawuh4QjvIy6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport 1
report-uri /_/csp-reports 1
default-src wss://* 'none';base-uri  'self' http://formusical.ru/ https://formusical.ru/ http://*.formusical.ru/ https://*.formusical.ru/;font-src 'self' http://formusical.ru/ https://formusical.ru/ http://*.formusical.ru/ https://*.formusical.ru/;form-action 'self' http://formusical.ru/ https://formusical.ru/ http://*.formusical.ru/ https://*.formusical.ru/;img-src data: 'self' http://formusical.ru/ https://formusical.ru/ http://*.formusical.ru/ https://*.formusical.ru/;script-src 'unsafe-inline' 'unsafe-eval' 'self' http://formusical.ru/ https://formusical.ru/ http://*.formusical.ru/ https://*.formusical.ru/;style-src 'unsafe-inline' 'unsafe-eval' 'self' http://formusical.ru/ https://formusical.ru/ http://*.formusical.ru/ https://*.formusical.ru/; report-uri /csp/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.jsdelivr.net platform.twitter.com traffic7.helponclick.com cdn.syndication.twimg.com js-agent.newrelic.com syndication.twitter.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.twitter.com *.twimg.com; img-src 'self' lh6.googleusercontent.com play.google.com *.twitter.com *.twimg.com data:; media-src 'self' ; frame-src livingcircular.veolia.com platform.twitter.com www.livingcircular.veolia.com syndication.twitter.com; font-src 'self' themes.googleusercontent.com cdn.jsdelivr.net; report-uri /admin/config/system/seckit/csp-report 1