Values for content-security-policy-report-only:
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 639
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 411
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 69
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 67
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport 57
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 43
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://firmsites.report-uri.com/r/t/csp/reportOnly 38
default-src https: 'self' *.publishing.service.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk *.dev.gov.uk 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.tax.service.gov.uk www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 29
28
default-src 'self'; img-src *; font-src 'self' https://public-assets.envato-static.com; media-src 'self' https://preview.s3.envato.com https://previews.customer.envatousercontent.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://public-assets.envato-static.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://public-assets.envato-static.com; connect-src 'self' https://waveform.customer.envato.com; report-uri 28
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 21
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; report-uri https://hi.report-uri.io/r/default/csp/reportOnly 18
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://studio.digital.vistaprint.com/csp/report/published 16
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report;  16
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 14
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 14
default-src * 'unsafe-eval' 'unsafe-inline'  data:;report-uri //pointman.alibaba.com/csp?app=ae_default 12
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; report-uri https://ls.getresponse.com/log/csp_report?source=www 12
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 12
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 10
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 9
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 9
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 8
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://draft.blogger.com/cspreport 8
img-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri /lytics/cspreport?api=1 6
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 6
report-uri /report-csp-violation 6
default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src youtube.com youtube-nocookie.com www.google.com www.facebook.com staticxx.facebook.com mc.yandex.ru; connect-src 'self' tomesto.ru wss://api.tomesto.ru api.tomesto.ru www.google-analytics.com stats.g.doubleclick.net *.bugsnag.com api.mixpanel.com mxpnl.net www.facebook.com/tr/ mc.yandex.ru top-fwz1.mail.ru dadata.ru/api/ formgeek.net; font-src 'self' fonts.gstatic.com data:; form-action 'self' www.facebook.com/tr/; img-src 'self' data: https:; manifest-src 'none'; media-src 'self' tomesto.ru *.tomesto.ru; object-src 'self'; plugin-types application/pdf; script-src 'self' 'unsafe-inline' 'unsafe-eval' tomesto.ru *.tomesto.ru www.google-analytics.com d2wy8f7a9ursnm.cloudfront.net mc.yandex.ru connect.facebook.net top-fwz1.mail.ru formgeek.net cdn.mxpnl.com maps.google.com maps.googleapis.com js-agent.newrelic.com bam.nr-data.net dadata.ru/static/; style-src 'self' 'unsafe-inline' tomesto.ru *.tomesto.ru fonts.googleapis.com dadata.ru/static/; worker-src 'none'; report-uri https://api.tomesto.ru/csp_report 6
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=anonweb 5
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 5
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 4
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.facebook.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 4
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 4
default-src 'self'; script-src blob: https://*.ytimg.com https://*.youtube.com https://*.wargaming.net https://*.gcdn.co https://u360.d-bi.fr https://*.adroll.com https://pixel-geo.prfct.co https://s.adroll.com *.wgcdn.co https://tag.marinsm.com https://*.hypercomments.com https://*.cedexis-test.com https://bat.bing.com https://bam.nr-data.net https://*.addthisedge.com https://*.addthis.com https://*.cedexis.com https://*.facebook.net https://*.fastlylb.net https://*.adform.net https://js-agent.newrelic.com http://*.wargaming.net *.google-analytics.com www.google-analytics.com ajax.googleapis.com https://*.google.ru https://*.google.com https://*.criteo.com https://dl.metabar.ru https://*.doubleclick.net https://embedr.flickr.com https://*.fbcdn.net https://*.cloudfront.net *.googleadservices.com *.googletagmanager.com cdn-cm.gcdn.co *.worldoftanks.com https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.gcdn.co http://*.wgcdn.co https://*.wgcdn.co https://static.hypercomments.com https://*.wargaming.net http://*.wargaming.net https://*.fastlylb.net *.worldofwarships.ru *.googleapis.com 'unsafe-inline'; img-src data: * 'self';font-src data: https://*.gcdn.co http://*.wgcdn.co https://*.wgcdn.co https://*.wargaming.net http://*.wargaming.net fonts.gstatic.com https://*.adform.net https://*.fastlylb.net; frame-src https://*.wargaming.net https://static.hypercomments.com https://*.youtube.com https://*.linkedin.com https://*.cedexis.com https://*.cloudfront.net https://*.cedexis-test.com http://*.wargaming.net https://*.doubleclick.net https://*.criteo.com https://*.fbcdn.net https://player.twitch.tv https://embedr.flickr.com https://*.facebook.com https://*.addthis.com https://dl.metabar.ru https://*.hypercomments.com https://*.fastlylb.net *.googletagmanager.com https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.google.com; report-uri https://cspreport.wargaming.net/cspreport; connect-src *.criteo.com *.google-analytics.com https://*.worldofwarships.ru https://*.worldofwarships.asia wss://*.hypercomments.com https://*.hypercomments.com https://*.worldofwarships.com https://*.worldofwarships.eu www.google-analytics.com https://*.cedexis.com https://*.cloudfront.net https://embedr.flickr.com https://*.facebook.com https://*.cedexis-radar.net https://*.addthis.com https://*.fastlylb.net https://*.wargaming.net http://*.wargaming.net https://*.criteo.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr *.googleapis.com 'self'; media-src https://*.wgcdn.co https://*.gcdn.co https://*.adform.net https://worldofwarships.com; object-src https://*.worldofwarships.ru 4
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 4
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://n58to1i9pk.execute-api.eu-west-1.amazonaws.com/prod/sitemailalerts 4
default-src 'unsafe-inline' 'self' freegeoip.net  *.doubleclick.net *.azalead.com api.ipify.org apps.shareholder.com api.company-target.com *.adobedtm.com *.6sc.com *.jabmo.app cdn.pricespider.com *.facebook.net *.cloudfront.net *.zdassets.com *.googleapis.com *.gstatic.com *.youtube.com *.baidu.com https://id.rlcdn.com irtoolhelp.zendesk.com *.q4web.com *.bidr.io myir.com *.myir.com *.linkedin.com secure.adnxs.com s.ytimg.com segments.company-target.com ssl.google-analytics.com *.licdn.com static.zdassets.com *.sa-as.com tag.demandbase.com *.112.2o7.net *.facebook.com *.google.be *.google-analytics.com www.linkedin.com www.pages05.net recaptcha.net widget-mediator.zopim.com; child-src assets.adobedtm.com t.sharethis.com *.doubleclick.net c.sharethis.mgr.consensus.org *.adsrvr.org *.trane.com *.google.com provisx.pivot360.io s7.addthis.com *.hotjar.com *.youtube.com *.facebook.com; connect-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com wss://widget-mediator.zopim.com https://*.c6sc.co http://freegeoip.net https://*.addthis.com *.serving-sys.com hm.baidu.com c.jabmo.app 63di6za7i5.execute-api.eu-west-1.amazonaws.com irvuwsgp07-wcg.na.ds.monsanto.com *.pingdom.net *.vertamedia.com ads.adaptv.advertising.com a.tiles.mapbox.com api.company-target.com api.us-st.smartassistant.com api.ipify.org arosupport.zendesk.com *.jabmo.app *.zdassets.com *.doubleclick.net *.q4web.com *.sirv.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.bootstrapcdn.com 'data:' ms-appx-web://microsoft.microsoftedge; frame-src https://*.adobedtm.com https://*.youtube.com https*.thermoking.com https://s7.addthis.com https://www.googletagmanager.com https://*.trane.com https://*.sharethis.com 'data:' *.doubleclick.net *.consensusu.org *.pmmapads.com digitalagents.in bpb.opendns.com *.zscloud.net *.pmqzads.com *.adsrvr.org *.google.com *.twitter.com https://myir.com https://vars.hotjar.com *.facebook.com ms-appx-web://microsoft.microsoftedge; img-src 'self' 'unsafe-inline' wss://widget-mediator.zopim.com https://id.rlcdn.com https://pixel.quantserve.com https://*.6sc.co 52.13.198.29 35.166.37.182 experu.net https://*.112.2o7.net *.6csc.co *.wikimedia.org http://upload.wikimedia.org https://upload.wikimedia.org *.azalead.com *.mapbox.com www.google-analytics.com www.pages05.net *.digitru.st *.pricespider.com browser-update.org *.swiftype.com *.jquery.com *.doubleclick.net *.kargo.com d1hku7l86oex7s.cloudfront.net https://www.google.com *.lkqd.net *.baidu.com *.linkedin.com *.districm.io *.ytimg.com *.liadm.com *.googleapis.com *.gstatic.com *.adnxs.com *ricdn.com *.youtube.com *.sirv.com *.quantserve.com *.bidr.io *.advertising.com *.company-target.com *.linkedin.com *.smartadserver.com *.rubiconproject.com *.pmqzads.com *.google-analytics.com *.stackadapt.com *.behave.com *.bidswitch.net *.jabmo.app t.co *.twitter.com *.ligadx.com *.teads.tv *.sa-as.com *.crazyegg.com *.yahoo.com *.google.* *.zopim.io us-st3.bucket.s3.amazonaws.com *.facebook.com *.google-analytics.com *.pages05.net *.linkedin.com *.gstatic.com; media-src https://static.zdassets.com; object-src https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.serving-sys.com http://assets.adobedtm.com http://browser-update.org http://hm.baidu.com/hm.js http://contentz.mkt51.net http://script.secure-link.jp http://j.6sc.co http://s7.addthis.com http://rum-static.pingdom.net/prum.min.js http://w.sharethis.com https://ajax.googleapis.com https://*.google.com https://*.google.co.uk https://ad.atdmt.com https://*.google.ca https://apps.shareholder.com https://analytics.twitter.com https://api.mapbox.com https://assets.adobedtm.com https://browser-update.org https://*.azalead.com https://cdn.pricespider.com https://cdnjs.cloudflare.com https://cdn.tt.omtrdc.net https://connect.facebook.net https://code.jquery.com https://gdata.youtube.com https://d22d1xpx4ztuef.cloudfront.net https://googleads.g.doubleclick.net https://hm.baidu.com https://ingersollrand.tt.comtrdc.net https://graph.facebook.com https://js.adsrvr.org https://maps.googleapis.com https://maxcdn.bootstrap.com https://mv.treehousei.com https://partners.arozone.com https://px.ads.linkedin.com https://rules.quantcount.com https://rum-static.pingdom.net https://s7.addthis.com https://s.ytimg.com https://s3.amazonaws.com https://script.crazyegg.com https://script.hotjar.com https://secure.adnxs.com https://snap.licdn.com https://secure.quantserve.com https://secure.perk0mean.com https://*.google-analytics.com https://*.hotjar.com https://static-ads.twitter.com https://static.zdassets.com https://survey.g.doubleclick.net https://stats.sa-as.com https://tag.jabmo.app https://tag.baidu.com https://t.sharethis.com https://tags.srv.stackadapt.com https://v1.addthis.com https://track.pricespider.com https://ws.sharethis.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.sc.pages05.net https://www.youtube.com https://www.linkedin.com https://www.youtube.com; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' 'self' 'data:' https://tags.srv.stackadapt.com https://v1.addthisedge.com https://script.hotjar.com https://adservice.google.com http://23.43.91.238.6080 http://ds.serving-sys.com http://pixel.quantserve.com http://j.6sc.co http://w.sharethis.com http://script.crazyegg.com https://ad.atdmt.com http://www.google-analytics.com https://ajax.googleapis.com https://adservice.google.ca https://apps.shareholder.com https://analytics.twitter.com https://api.docodoco.jp https://apps.shareholder.com https://assets.adobedtm.com https://browser-update.org https://*.azalead.com https://cdn.azaleadn.com https://cdn.pricespider.com https://cdnjs.cloudflare.com https://cdn.tt.omtrdc.net https://code.jquery.com https://connect.facebook.net https://d22d1xpx4ztuef.cloudfront.net https://gdata.youtube.com https://gateway.zscloud.net https://hm.baidu.com https://graph.facebook.com https://googleads.g.doubleclick.net https://j.6sc.co https://*.mythermoking.com https://ingersollrand.tt.omtrdc.net https://maps.googleapis.com https://locate.pricespider.com https://js.adsrvr.org https://maxcdn.bootstrapcdn.com https://mv.treehousei.com https://*.arozone.com https://platform.twitter.com https://px.ads.linkedin.com https://rules.quantcount.com https://rum-static.pingdom.com https://rum-static.pingdom.net https://s.ytimg.com https://script.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/ https://s7.addthis.com https://secure.perk0mean.com https://secure.adnxs.com https://secure.quantserve.com https://static.ads-twitter.com https://static.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.zdassets.com https://stats.sa-as.com https://survey.g.doubleclick.net https://tag.demandbase.com https://tag.jabmo.app https://tag.baidu.com https://www.google.com https://v1.addthis.com https://www.track.pricespider.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.linkedin.com https://www.sc.pages05.net https://www.gstatic.com https://www.recaptcha.net https://www.youtube.com; style-src 'unsafe-inline' 'self' http://fonts.googleapis.com https://cdn.rawgit.com https://cdn.pricespider.com https://fonts.googleapis.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://s.swiftypecdn.com https://mv.treehousei.com https://netdna.bootstrapcdn.com https://ws.sharethis.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' 'self' http://fonts.googleapis.com https://cdn.pricespider.com https://api.mapbox.com https://cdn.rawgit.com https://code.jquery.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://mv.treehousei.com https://netdna.bootstrapcdn.com https://pwm.image.trendmicro.com https://s.pmmapads.com https://s.pmqzads.com https://s.swiftypecdn.com https://scripts.sirv.com https://ws.sharethis.com; report-uri https://ingersollrand.report-uri.com/r/d/csp/reportOnly 4
default-src 'self' 4
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 4
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://1yl2eds5mhyzuzjhwlcikwnp.httpschecker.net/report 4
report-uri https://sentry.pressly.xyz/api/66/csp-report/?sentry_key=d0e35ce9d59a42b8b1ec472c0792de84; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 4
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src https: data:; report-uri https://csp.archant.co.uk/report 4
script-src 'unsafe-eval' 'unsafe-inline' https://* ; frame-ancestors 'self' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-experimental 3
frame-ancestors 'self'; report-uri /beacon/csp.php 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 3
block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 3
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_17 3
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 3
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://fivethirtyeight.report-uri.io/r/default/csp/reportOnly 3
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com; 3
default-src 'self' *.kinstacdn.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.typekit.net; script-src 'self' 'unsafe-inline' *; form-action 'self' *.kinstacdn.com; frame-ancestors 'self' *.kinstacdn.com; style-src 'self' *.kinstacdn.com; img-src 'self' *.kinstacdn.com *; connect-src 'self' *; font-src 'self' use.typekit.net; frame-src 'self' *.youtube.com; report-uri https://drift.report-uri.com/r/d/csp/reportOnly 3
default-src https: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self'; report-uri /csp/report/; 3
default-src *.cloud.mail.ru *.clob.mail.ru *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com ; script-src 'unsafe-inline' 'unsafe-eval' *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.yandex.ru *.odnoklassniki.ru odnoklassniki.ru *.ok.ru ok.ru *.scorecardresearch.com www.google-analytics.com www.googletagmanager.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; img-src data: *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; font-src data: cloud.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; frame-src *.mail.ru *.datacloudmail.ru *.cldmail.ru docs.mail.ru *.officeapps.live.com *.mradx.net; object-src data: blob: https://*; report-uri https://cspreport.mail.ru/cloud/; worker-src blob: *.mail.ru; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3
default-src https: blob:; connect-src https: wss:; img-src https: data:; font-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; report-uri /csp-violation-endpoint/ 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp_report.php 3
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 2
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'none'; report-uri /csp_logger/; 2
default-src ms-appx-web: data: blob: webviewprogressproxy: ws: wss: https: 'unsafe-inline' 'unsafe-eval'; font-src data: https: blob:; img-src http: https: data: blob: android-webview-video-poster: android-webview:; script-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; media-src data: https: blob:; report-uri https://felix.data.tm-awx.com/cspReport 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
block-all-mixed-content; report-uri https://www.wp.pl/v1/csplog 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=cmscache 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; report-uri https://www.argos.co.uk/logging-api/2/security 2
policy 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.pinterest.com https://at.iocnt.net https://cdn.onthe.io https://cdn.syndication.twimg.com https://connect.facebook.net https://js.pusher.com https://pinpoll.com https://platform.instagram.com https://platform.twitter.com https://script-at.iocnt.net https://secure.widget.cloud.opta.net https://static.cleverpush.com https://tagmanager.google.com https://tools.pinpoll.com https://tt.onthe.io https://www.google-analytics.com https://www.googletagmanager.com https://www.instagram.com https://www.riddle.com https://kurier.mediakey.at https://cdn.tinypass.com https://id.tinypass.com https://experience.tinypass.com https://emeter-uat.mppapi.io https://6345355.fls.doubleclick.net https://a.teads.tv https://ad.360yield.com https://ad.doubleclick.net https://ad.yieldlab.net https://ad1.adfarm1.adition.com https://ad3.adfarm1.adition.com https://adservice.google.at https://adservice.google.com https://adservice.google.de https://asn.advolution.de https://at.f11-ads.com https://bs.serving-sys.com https://cdn.ampproject.org https://cdn.content-garden.com https://cdn.digitru.st https://ced-ns.sascdn.com https://ced.sascdn.com https://cm.g.doubleclick.net https://code.createjs.com https://code.jquery.com https://creatives-cached.yoc.com https://creatives.yoc.com https://dsp.adfarm1.adition.com https://dt.adsafeprotected.com https://ec-ns.sascdn.com https://geo.moatads.com https://googleads4.g.doubleclick.net https://image6.pubmatic.com https://imagesrv.adition.com https://imasdk.googleapis.com https://log.outbrainimg.com https://mb.moatads.com https://mv.outbrain.com https://odb.outbrain.com https://pagead2.googlesyndication.com https://pixel.adsafeprotected.com https://prg.smartadserver.com https://px.moatads.com https://s.vi-serve.com https://s.visx.net https://s0.2mdn.net https://s1.adform.net https://s248.meetrics.net https://s248.mxcdn.net https://s8t.teads.tv https://secure-ds.serving-sys.com https://securepubads.g.doubleclick.net https://simage4.pubmatic.com https://smart.styria-digital.com https://static.adsafeprotected.com https://static.kurier.at https://streaming.grm-pro.com https://studio-t.teads.tv https://sync.teads.tv https://t.teads.tv https://t.visx.net https://tpc.googlesyndication.com https://track.adform.net https://widgets.outbrain.com https://www.google.com https://www.googletagservices.com https://z.moatads.com; object-src 'none'; worker-src 'self' blob:; report-uri https://csp.telekurier.at/reportOnly 2
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 2
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
default-src 'self' ; img-src * data: ; script-src 'self' www.google-analytics.com ssl.google-analytics.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 2
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
connect-src 'self' *.ee.co.uk ee.co.uk *.kaspersky-labs.com ee-outage.s3.amazonaws.com everythingeverywhere.tt.omtrdc.net *.google-analytics.com *.doubleclick.net *.google.com *.online-metrix.net https://*.lpsnmedia.net *.demdex.net *.criteo.net *.criteo.com ee-tagging.s3.amazonaws.com *.liveperson.net *.tt.omtrdc.net *.tags.tiqcdn.com t.co https://*.facebook.com https://*.facebook.net http://bat.bing.com https://ee-dtp-static.s3.amazonaws.com *.twitter.com *.reevoo.com *.ads-twitter.com http://static.queue-it.net https://*.gstatic.com http://*.googleadservices.com;default-src 'self' ee.co.uk *.ee.co.uk https://*.gstatic.com https://*.lpsnmedia.net;frame-src 'self' *.ee.co.uk ee.co.uk http://dis.eu.criteo.com *.doubleclick.net https://*.lpsnmedia.net *.demdex.net *.criteo.net *.criteo.com *.google.com *.similartech.com https://s3.amazonaws.com https://*.facebook.com https://*.facebook.net;img-src 'self' *.ee.co.uk ee.co.uk *.google.com http://bat.bing.com t.co https://ee-tagging.s3.amazonaws.com http://pixel.quantserve.com *.google-analytics.com *.doubleclick.net https://*.facebook.com https://beacon.krxd.net *.kaspersky-labs.com *.online-metrix.net *.reevoo.com *.criteo.net *.criteo.com *.demdex.net https://ee-dtp-static.s3.amazonaws.com http://ee-tagging.s3.amazonaws.com https://www.googletagmanager.com *.google.com https://*.gstatic.com https://*.online-metrix.net http://ee-redspot-devices-prod.s3-website-eu-west-1.amazonaws.com https://*.lpsnmedia.net https://*.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ee.co.uk ee.co.uk *.doubleclick.net http://track.uniqodo.com *.criteo.net *.criteo.com *.tt.omtrdc.net https://*.facebook.net *.liveperson.net *.tags.tiqcdn.com ee-tagging.s3.amazonaws.com https://ee-dtp-static.s3.amazonaws.com *.twitter.com http://bat.bing.com *.demdex.net https://*.cloudfront.net http://www.googleadservices.com *.quantserve.com *.google-analytics.com *.reevoo.com *.liveperson.net *.lpsnmedia.net static.ads-twitter.com static.queue-it.net eeuk.queueit.net *.google.com https://*.gstatic.com *.ads-twitter.com https://*.googleapis.com https://s3.amazonaws.com https://www.googletagmanager.com *.similartech.com http://bat.bing.com;style-src 'self' 'unsafe-inline' *.ee.co.uk ee.co.uk *.reevoo.com ee-tagging.s3.amazonaws.com *.kaspersky-labs.com https://*.googleapis.com *.similartech.com;  report-uri https://1720a10za5.execute-api.eu-west-1.amazonaws.com/csp 2
default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 2
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com use.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 2
connect-src 'self' logx.optimizely.com *.optimizely.com *.maginfrastructure.com www.google-analytics.com capture.trackjs.com www.facebook.com stats.g.doubleclick.net *.holidayextras.co.uk serve.vdopia.com/adserver/html5/inwapads https://*.hotjar.com:* wss://*.hotjar.com performance.typekit.net https://ssp.lkqd.net/ad *.springserve.com vid.pubmatic.com adservice.google.com google.com/csi https://evtvpaid.bfmio.com reachms.bfmio.com/getmu ads.contextweb.com/TagPublish/getvideo.aspx s3-eu-west-1.amazonaws.com/live-climate;frame-src 'self' *.optimizely.com *.fls.doubleclick.net vars.hotjar.com www.googletagmanager.com www.facebook.com www.thetrainline.com www.google.com servedby.flashtalking.com airporttransfers.eastmidlandsairport.com ebooker.arrowprivatehire.co.uk www.rentalcars.com airporttransfers.manchesterairport.co.uk travelmoney.travelex.co.uk imasdk.googleapis.com/js/core/bridge3.274.0_en.html vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com;img-src 'self' cdn.optimizely.com assets.live.web.maginfrastructure.com live-webadmin-media.s3.amazonaws.com live-mag-web-assets.s3.eu-west-1.amazonaws.com test-webadmin-media.s3.amazonaws.com s3-eu-west-1.amazonaws.com www.google-analytics.com nova.collect.igodigital.com www.facebook.com usage.trackjs.com p.typekit.net mag-retail-media-live.s3.amazonaws.com bat.bing.com pixel.quantserve.com *.g.doubleclick.net t.co www.google.com www.google.co.uk *.cpx.to *.adnxs.com *.avocet.io p.travelsmarter.net image2.pubmatic.com scontent.cdinstagram.com tag.yieldoptimizer.com idsync.rlcdc.com pixel.rubiconproject.com ad.yieldlab.net/m tag.adaraanalytics.com rtb.gumgum.com/usersync ik.imagekit.io i.ytimg.com www.google.ie www.googletagmanager.com about: data: vcc-eu2.8x8.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.optimizely.com https://www.googletagmanager.com www.googletagservices.com www.google-analytics.com www.google.com cdn.trackjs.com static.hotjar.com script.hotjar.com 10959453.collect.igodigital.com/collect.js cdn3.optimizely.com connect.facebook.net tag.yieldoptimizer.com use.typekit.net inpref.s3.amazonaws.com securepubads.g.doubleclick.net platform.twitter.com *.cpx.to rules.quantcount.com static.ads-twitter.com analytics.twitter.com www.gstatic.com adservice.google.co.uk adservice.google.com secure.quantserve.com bat.bing.com *.doubleclick.net www.googleadservices.com vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com https://www.youtube.com https://s.ytimg.com;style-src 'self' 'unsafe-inline' static.tacdn.com www.surveygizmo.eu fonts.googleapis.com data:; report-uri https://webevo.report-uri.com/r/d/csp/reportOnly 2
report-uri https://danfoss-webex-csp-prodblue.azurewebsites.net/api/ContentSecurityPolicy/;base-uri 'none';default-src 'none';font-src 'self' https://www.sfdcstatic.com https://sfdcstatic.com https://use.typekit.net https://fonts.gstatic.com https://login.alibaba-inc.com;frame-ancestors 'self';img-src 'self' https://p.typekit.net https://i.ytimg.com https://nova.collect.igodigital.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.danfoss.com https://maps.googleapis.com https://maps.gstatic.com data: blob: https://www.facebook.com/tr about https://www.gstatic.com https://eu2.sabacloud.com https://*.googleapis.com https://dk1.siteimprove.com/ https://api.map.baidu.com https://*.bdstatic.com http://files.danfoss.com https://translate.google.com/;manifest-src 'self';frame-src https://policy.app.cookieinformation.com https://www.youtube.com https://player.youku.com https://v.qq.com https://vars.hotjar.com https://www.youtube-nocookie.com/;connect-src 'self' https://maps.googleapis.com https://*.danfoss.com https://dc.services.visualstudio.com https://in.hotjar.com https://performance.typekit.net https://siteintercept.qualtrics.com https://consent.app.cookieinformation.com/api/consent https://*.bf.dynatrace.com https://danfosswebexprodblueapicdn.azureedge.net https://danfoss-locationapi.azurewebsites.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://use.typekit.net https://*.cookieinformation.com https://www.googletagmanager.com https://7231896.collect.igodigital.com https://*.hotjar.com https://siteimproveanalytics.com https://az416426.vo.msecnd.net https://*.pardot.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.danfoss.com https://sjs.bizographics.com https://px.ads.linkedin.com https://zn0k7rnozrtvg1fnh-danfoss.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://maps.googleapis.com https://www.connect.facebook.com/ https://api.map.baidu.com;style-src 'self' 'unsafe-inline' 'report-sample' https://use.typekit.net https://fonts.googleapis.com https://translate.googleapis.com/translate_static/css/translateelement.css; 2
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 2
default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 2
default-src 'self'; style-src 'self' 'unsafe-inline' ws1.postescanada-canadapost.ca tpc.googlesyndication.com creator.zmags.com fonts.googleapis.com cdn1.lavieenrose.com cdn1.bikinivillage.com snapwidget.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.zopim.com static.hotjar.com script.hotjar.com *.rfihub.net *.rfihub.com cdn.districtm.ca secure.adnxs.com libs.na.bambora.com *.postescanada-canadapost.ca amik.postaffiliatepro.com snapwidget.com cdn1.lavieenrose.com cdn1.bikinivillage.com s7.addthis.com m.addthisedge.com m.addthis.com maps.googleapis.com creator.zmags.com c.zmags.com www.google-analytics.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com d.impactradius-event.com www.googletagmanager.com pixel.adacado.com js-agent.newrelic.com bam.nr-data.net secure.quantserve.com rules.quantcount.com; font-src data: 'self' *.zopim.com fonts.gstatic.com cdn1.lavieenrose.com cdn1.bikinivillage.com; img-src data: 'self' www.google.nl www.google.fr www.google.com www.google.ca www.google-analytics.com www.gstatic.com gstatic.com maps.gstatic.com www.googltagmanager.com maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net dmx.districtm.ca secure.adnxs.com cdn.na.bambora.com www.addthis.com m.addthis.com *.zopim.com *.zopim.io creator.zmags.com c.zmags.com ws1.postescanada-canadapost.ca *.bikinivillage.com *.lavieenrose.com connect.facebook.net www.facebook.com static.hotjar.com script.hotjar.com vars.hotjar.com insights.hotjar.com pixel.quantserve.com; frame-src 'self' 'unsafe-eval' *.rfihub.com vars.hotjar.com libs.na.bambora.com *.lavieenrose.com gsa://onpageload *.doubleclick.net player.vimeo.com connect.facebook.net snapwidget.com www.facebook.com s7.addthis.com bid.g.doubleclick.net; connect-src 'self' wss://*.zopim.com insights.hotjar.com wss://*.hotjar.com www.google.com www.google.ca *.zopim.com ws1.postescanada-canadapost.ca *.zmags.com stats.g.doubleclick.net s7.addthis.com m.addthis.com www.google-analytics.com; media-src 'self' *.zopim.com; report-uri /csp-report; 2
block-all-mixed-content; frame-ancestors 'self'; report-uri https://sentry.exponea.com/api/11/csp-report/?sentry_key=7635aced4522486797170a2ad4502b33 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /i/csp-report 2
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://consent.cookiebot.com/uc.js https://consent.cookiebot.com/97d3b191-ad18-48f5-80ae-d62b3aea1449/cc.js https://consentcdn.cookiebot.com/consentconfig/97d3b191-ad18-48f5-80ae-d62b3aea1449/state.js https://consent.cookiebot.com/b5074936-b18e-4414-88f2-8de62ed0b7c9/cc.js https://consentcdn.cookiebot.com/consentconfig/b5074936-b18e-4414-88f2-8de62ed0b7c9/state.js https://consent.cookiebot.com/6354fd3d-924e-434a-955c-43d3db73e62d/cc.js https://consentcdn.cookiebot.com/consentconfig/6354fd3d-924e-434a-955c-43d3db73e62d/state.js http://w.usabilla.com/8f9054bf779b.js http://w.usabilla.com/cbf59fb24a0a.js http://w.usabilla.com/6feb7f1df1ac.js http://w.usabilla.com/99158a893ac6.js https://chat.vanlanschot.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://sjs.bizographics.com https://bat.bing.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.linkedin.com/px https://px.ads.linkedin.com https://www.googleadservices.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://chat.vanlanschot.nl;img-src 'self' https://www.google-analytics.com https://insights.hotjar.com https://static.hotjar.com http://static.hotjar.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://stats.g.doubleclick.net https://pixel.mathtag.com/event/ https://cx.atdmt.com https://www.facebook.com/tr https://bat.bing.com https://pixel.rubiconproject.com https://beleggingsinformatie.vanlanschot.nl https://*.cloudfront.net data: https://www.google.com https://www.google.nl https://www.google.be https://www.google.ch;frame-src 'self' https://chat.vanlanschot.nl https://player.vimeo.com https://vars.hotjar.com https://www.google.com https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/' https://consentcdn.cookiebot.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com https://static.hotjar.com http://static.hotjar.com;connect-src 'self' https://chat.vanlanschot.nl http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net;child-src 'self' https://vars.hotjar.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/api2 2
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; report-uri /service/csp-report 2
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.intele.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.intele.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se data:;media-src https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.intele.com https://fonts.googleapis.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 2
default-src * 'unsafe-inline' 'unsafe-eval' https:;  img-src * 'self' https: data: blob:;  font-src * 'self' https: data:; media-src * 'self' https: data:; script-src * https: data: 'unsafe-inline' 'unsafe-eval'; child-src * https: blob: data:; report-uri /api/sitecore/CSP/SecurityReport; 2
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://wasabipublicity.report-uri.com/r/d/csp/wizard 2
frame-src 'self' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://adm.lcl https://u.ua https://u.lcl https://ukraine.lcl https://login.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://www.google.com https://www.google.com.ua https://www.google-analytics.com https://stats.g.doubleclick.net; connect-src https://adm.tools https://adm.lcl https://www.ukraine.com.ua https://cdn.ukraine.com.ua:3001 https://login.tools wss://cdn.ukraine.com.ua:3001 https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; report-uri https://sentry.alboweb.nl/api/90/csp-report/?sentry_key=50677694228d4eb4befdcf33b750247d; 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2
default-src 'self'; connect-src 'self' blob: https://*.video-cdn.net; font-src 'self' https://*.video-cdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.video-cdn.net https://www.youtube.com; img-src 'self' data: https://viegade01.wt-eu02.net https://viega01.webtrekk.net https://*.video-cdn.net https://maps.gstatic.com https://*.googleapis.com; media-src 'self' https://videocdn-blob-1.akamaized.net https://videocdnvod1-vh.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.video-cdn.net https://www.youtube.com https://s.ytimg.com https://maps.googleapis.com https://e.issuu.com https://responder.wt-safetag.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net; plugin-types application/pdf 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 2
default-src 'self' data: 'unsafe-inline' f.bongo4u.com; script-src 'self' data: 'unsafe-inline' f.bongo4u.com blob: 'unsafe-eval' *.google.com *.gstatic.com www.google-analytics.com ajax.googleapis.com *.googleusercontent.com *.googleadservices.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com *.amazonaws.com/downloads.mailchimp.com/ cdnjs.cloudflare.com *.jquery.com; connect-src 'self' data: 'unsafe-inline' f.bongo4u.com comments.emerge2.com util.emerge2.com www.google-analytics.com *.doubleclick.net *.facebook.com; frame-src 'self' data: 'unsafe-inline' f.bongo4u.com *.google.com *.google.ca *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.ecomadviewer.com *.castlecommunications.ca *.chameleonpower.com *.timbertech.com *.adobe.com; object-src 'self' data: 'unsafe-inline' f.bongo4u.com  blob: *.apple.com *.macromedia.com; img-src https: data: blob:; media-src https:; style-src 'self' data: 'unsafe-inline' f.bongo4u.com *.google.com fonts.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com; font-src 'self' data: 'unsafe-inline' f.bongo4u.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.joinhoney.com/fonts/; report-uri https://util.emerge2.com/report_uri_api.php; 2
default-src https: 2
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 2
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tpj.report-uri.io/r/default/csp/reportOnly 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 2
script-src 'self' 'unsafe-inline' data: https://*.doubleclick.net/ https://ad.atdmt.com/ https://bat.bing.com/ https://code.jquery.com/ https://connect.facebook.net/ https://f.vimeocdn.com/ https://img.en25.com/ https://js-agent.newrelic.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://tracker.marinsm.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://s1659.t.eloqua.com/ https://sjs.bizographics.com https://j.6sc.co/ https://px.ads.linkedin.com https://analytics.twitter.com https://www.linkedin.com https://bam.nr-data.net https://tag.demandbase.com https://*.company-target.com https://*.bidr.io https://*.rlcdn.com https://pcdnscwx01-maxyilfdpln5c.azureedge.net https://gateway.zscaler.net; report-uri https://scwx.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self'; font-src https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com; report-uri https://jenoptik.report-uri.io/r/default/csp/reportOnly 2
default-src https:; connect-src https:; object-src https:; media-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; frame-src https:; frame-ancestors https:; report-uri /csp-report 2
default-src wss://* 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://cdn.ampproject.org/ https://user14333.clients-cdnnow.ru/ https://user16641.clients-cdnnow.ru/ https://user23047.clients-cdnnow.ru/ https://user27913.clients-cdnnow.ru/ https://user35893.clients-cdnnow.ru/ https://user48309.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://user62472.clients-cdnnow.ru/ https://user63905.clients-cdnnow.ru/ https://user91230.clients-cdnnow.ru/ http://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://fonts.googleapis.com/ https://cdn-ca.jivosite.com/ https://cdn-cis.jivosite.com/ https://cdn-fr.jivosite.com/ https://code.jivosite.com/ https://err.jivosite.com/ https://files.jivosite.com/ https://telemetry.jivosite.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://www.moneta.ru/ https://pergo-shop.ru/ https://securepay.tinkoff.ru/ https://vk.com/ https://mc.yandex.ru/ https://money.yandex.ru/;base-uri  'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://user27913.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://cdn-ca.jivosite.com/ https://cdn-cis.jivosite.com/ https://cdn-fr.jivosite.com/;child-src 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://bid.g.doubleclick.net/ https://staticxx.facebook.com/ https://www.facebook.com/ https://www.google.com/ https://www.googletagmanager.com/ https://cdn-ca.jivosite.com/ https://cdn-cis.jivosite.com/ https://cdn-fr.jivosite.com/ https://code.jivosite.com/ https://ucads-cdn.ucweb.com/ https://vk.com/ https://api-maps.yandex.ru/ https://mc.yandex.ru/ https://www.youtube.com/;connect-src wss://* 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://cdn.ampproject.org/ https://user14333.clients-cdnnow.ru/ https://user27913.clients-cdnnow.ru/ https://user35893.clients-cdnnow.ru/ https://user48309.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://user57800.clients-cdnnow.ru/ https://user62472.clients-cdnnow.ru/ https://user63905.clients-cdnnow.ru/ https://user91230.clients-cdnnow.ru/ https://suggestions.dadata.ru/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://cdn-ca.jivosite.com/ https://cdn-cis.jivosite.com/ https://cdn-fr.jivosite.com/ https://code.jivosite.com/ https://code3.jivosite.com/ https://err.jivosite.com/ https://code.jquery.com/ https://gjtrack.ucweb.com/ https://plugin.ucads.ucweb.com/ https://api-maps.yandex.ru/ https://mc.yandex.by/ https://mc.yandex.fr/ https://mc.yandex.kz/ https://mc.yandex.ru/ https://mc.yandex.ua/ https://taxi-routeinfo.taxi.yandex.net/ https://yandex.ru/;font-src data: 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://user14333.clients-cdnnow.ru/ https://user16641.clients-cdnnow.ru/ https://user27913.clients-cdnnow.ru/ https://user35893.clients-cdnnow.ru/ https://user48309.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://user57800.clients-cdnnow.ru/ https://user62472.clients-cdnnow.ru/ https://user63905.clients-cdnnow.ru/ https://user91230.clients-cdnnow.ru/ https://fonts.gstatic.com/ https://yastatic.net/;form-action 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://www.facebook.com/ https://www.payanyway.ru/ https://securepay.tinkoff.ru/ https://mc.yandex.ru/ https://money.yandex.ru/;img-src data: 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://user14333.clients-cdnnow.ru/ https://user16641.clients-cdnnow.ru/ https://user23047.clients-cdnnow.ru/ https://user27913.clients-cdnnow.ru/ https://user35893.clients-cdnnow.ru/ https://user48309.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://user57800.clients-cdnnow.ru/ https://user62472.clients-cdnnow.ru/ https://user63905.clients-cdnnow.ru/ https://user91230.clients-cdnnow.ru/ https://www.google.co.uk/ https://www.google.com.ua/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.by/ https://www.google.com/ https://www.google.de/ https://www.google.ge/ https://www.google.ru/ http://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.gravatar.com/ https://www.gstatic.com/ https://cdn-cis.jivosite.com/ https://files.jivosite.com/ https://www.moneta.ru/ http://pergo-shop.ru/ https://pergo-shop.ru/ https://api-maps.yandex.ru/ https://core-jams-rdr.maps.yandex.net/ https://mc.yandex.ru/ https://static-maps.yandex.ru/ https://vec01.maps.yandex.net/ https://vec02.maps.yandex.net/ https://vec03.maps.yandex.net/ https://vec04.maps.yandex.net/ https://yandex.ru/ https://img.youtube.com/;media-src 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://cdn-ca.jivosite.com/ https://cdn-cis.jivosite.com/ https://cdn-fr.jivosite.com/ https://code.jivosite.com/;object-src 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/;script-src 'unsafe-inline' 'unsafe-eval' 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://cdn.ampproject.org/ https://user14333.clients-cdnnow.ru/ https://user23047.clients-cdnnow.ru/ https://user27913.clients-cdnnow.ru/ https://user35893.clients-cdnnow.ru/ https://user48309.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://user57800.clients-cdnnow.ru/ https://user62472.clients-cdnnow.ru/ https://user63905.clients-cdnnow.ru/ https://user91230.clients-cdnnow.ru/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.google.com/ http://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://cdn-ca.jivosite.com/ https://cdn-cis.jivosite.com/ https://cdn-fr.jivosite.com/ https://code.jivosite.com/ https://telemetry.jivosite.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://pergo-shop.ru/ https://img.ucweb.com/ https://ucads-cdn.ucweb.com/ https://vk.com/ https://api-maps.yandex.ru/ https://core-jams-rdr.maps.yandex.net/ https://mc.yandex.ru/ https://suggest-maps.yandex.ru/ https://vec01.maps.yandex.net/ https://vec02.maps.yandex.net/ https://vec03.maps.yandex.net/ https://vec04.maps.yandex.net/ https://yastatic.net/;script-src-elem 'unsafe-inline';script-src-attr 'unsafe-inline';style-src 'unsafe-inline' 'unsafe-eval' 'self' http://dobrovar-shop.ru/ https://dobrovar-shop.ru/ http://*.dobrovar-shop.ru/ https://*.dobrovar-shop.ru/ https://user14333.clients-cdnnow.ru/ https://user23047.clients-cdnnow.ru/ https://user27913.clients-cdnnow.ru/ https://user35893.clients-cdnnow.ru/ https://user48309.clients-cdnnow.ru/ https://user57335.clients-cdnnow.ru/ https://user57800.clients-cdnnow.ru/ https://user62472.clients-cdnnow.ru/ https://user63905.clients-cdnnow.ru/ https://user91230.clients-cdnnow.ru/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/;style-src-elem 'unsafe-inline';style-src-attr 'unsafe-inline'; report-uri /csp/ 2
default-src 'self'; 2
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=09up759eluera&partner=; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=45976a8d073fdfd0cf33cc2eb6a4093a 1
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 1
default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 1
frame-src data: *.yandex.ru yastatic.net awaps.yandex.ru awaps.yandex.net yandexadexchange.net *.yandexadexchange.net api-maps.yandex.ru blob: mc.yandex.ru 'self' media.adrcdn.com *.kinopoisk.ru auth.kinopoisk.ru *.mds.yandex.net tickets.widget.kinopoisk.ru widget.tickets.yandex.ru  forms.yandex.ru *.yandex.net player.vimeo.com yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.net www.youtube.com; script-src 'unsafe-eval' ads.adfox.ru an.yandex.ru yastatic.net mc.yandex.ru 'unsafe-inline' api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz 'self' *.adfox.ru *.adfox.yandex.ru auth.kinopoisk.ru https://ott.kinopoisk.ru:3001 sso.kinopoisk.ru sso.passport.yandex.ru tickets.widget.kinopoisk.ru widget.tickets.yandex.ru  forms.yandex.ru *.kinopoisk.ru *.yandex.net yandex.st *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.net *.yastatic.net; style-src 'unsafe-inline' yastatic.net blob: 'self' auth.kinopoisk.ru *.kinopoisk.ru *.yandex.net yandex.st yandex.ru *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.net; img-src 'self' data: an.yandex.ru favicon.yandex.net avatars-fast.yandex.net 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru yandex.ru yastatic.net mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ru mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru media.adrcdn.com *.adrcntr.com amc.yandex.ru avatars.mdst.yandex.net avatars.mds.yandex.net awaps.yandex.net awaps.yandex.ru rest-api.bannerstorage.yandex.net ext.captcha.yandex.net *.cdn.yandex.net mc.kinopoisk.ru st.kinopoisk.ru st.kp.yandex.net storage.mds.yandex.net ceditor.setka.io sso.kinopoisk.ru sso.passport.yandex.ru https://static-maps.yandex.ru www.tns-counter.ru ar.tns-counter.ru web-metrica.yandex.ru imeem.com *.kinopoisk.ru samsung.com *.yandex.net yandex.st *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.net; media-src *.yandex.net yastatic.net *.adfox.ru *.adfox.yandex.ru *.cdn.yandex.net 'self'; connect-src 'self' yastatic.net mc.yandex.ru an.yandex.ru strm.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz mc.admetrica.ru *.adfox.ru *.adfox.yandex.ru csp.yandex.net http-check-headers.yandex.ru jstracer.yandex.ru *.kinopoisk.ru ott-widget.yandex.ru api.passport.yandex.ru sentry.iddqd.yandex.net static-mon.yandex.net yandex.ru forms.yandex.ru *.yandex.net yandex.st *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.net; child-src api-maps.yandex.ru blob: mc.yandex.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com; default-src 'none'; font-src 'self' *.adfox.ru *.adfox.yandex.ru yastatic.net *.kinopoisk.ru *.yandex.net yandex.st yandex.ru *.yandex.ru *.yandex.by *.yandex.ua *.yandex.kz yandex.net; form-action 'self' forms.yandex.ru; object-src 'self' *.adfox.ru *.adfox.yandex.ru rest-api.bannerstorage.yandex.net betastatic.yandex.net storage.mds.yandex.net *.kinopoisk.ru *.yandex.net vesti.ru vimeo.com; manifest-src 'self' *.kinopoisk.ru *.yandex.net yandex.net yastatic.net *.yastatic.net; report-uri https://csp.yandex.net/csp?from=kinopoisk; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval';report-uri https://asia-northeast1-kakaku-csp-report.cloudfunctions.net/CSPReportFunc; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www.webmd.com/cspreporting/csp-violation-rpt 1
frame-ancestors  'self'; style-src 'unsafe-inline' 'self' https://icm.aexp-static.com/; script-src https://assets.adobedtm.com/ 'unsafe-inline' 'self' https://*.aexp-static.com https://nexus.ensighten.com/ https://accdn.lpsnmedia.net/ https://*.americanexpress.com https://*.liveperson.net 'unsafe-eval'; object-src  'none'; report-uri https://csp.tsrs.cloud/r/6574ce1f3e15915d127c9c92c0276acd02a8849f; img-src https://*.google.com https://www.facebook.com/ https://www.aexp-static.com/ https://secure.adnxs.com/ 'self' https://www.googleadservices.com/ https://*.doubleclick.net https://bat.bing.com/ https://pt.ispot.tv/ data:; form-action https://*.americanexpress.com; frame-src https://aexp.demdex.net/ https://*.americanexpress.com https://lpcdn.lpsnmedia.net/; connect-src https://aeopprodvip.acxiom.com/ https://www.aexp-static.com/ https://dpm.demdex.net/ https://*.americanexpress.com; base-uri  'none'; font-src 'self' https://www.aexp-static.com/; media-src  'none'; worker-src  'none';  1
img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 1
report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://reveal.clearbit.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=143-9332740-6265250:rid=QSS0V0SKPRBSRT3666ME:sn=www.audible.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; media-src http: https: data: blob:; report-uri https://abccsp.report-uri.com/r/t/csp/reportOnly 1
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=sph&d=2019-08-23 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
default-src https: data: ; script-src https: data: 'unsafe-inline' 'unsafe-eval' ; style-src https: data: 'unsafe-inline' 'unsafe-eval' ; object-src 'none' ; plugin-types 'none' ; report-uri /csp-report/http-v1/24209aecbd43bbdbe8de464bb4879c54 1
block-all-mixed-content ; report-uri /csp-report 1
frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 1
default-src 'self'; script-src 'self' 'nonce-2c90965e-1555-47b7-aa14-62416537b6d9' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://*.dynamicyield.com https://*.salecycle.com https://*.fls.doubleclick.net https://dev.appboy.com https://www.facebook.com https://service.force.com https://ct.pinterest.com https://bid.g.doubleclick.net https://videos.contentful.com https://www.youtube.com https://*.api.bazaarvoice.com https://sentry.io https://videos.ctfassets.net https://*.akstat.io https://*.perimeterx.net https://*.urbanoutfitters.com https://www.google-analytics.com https://api.bazaarvoice.com https://d16fk4ms6rqz1v.cloudfront.net https://*.akamaihd.net https://*.rewardstyle.com https://urbanoutfitters.secure.force.com https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://*.myunidays.com https://www.myregistry.com https://core.conversant.mgr.consensu.org https://tracking.crealytics.com https://*.scene7.com https://*.cs23.force.com https://*.attn.tv https://freepeople.wufoo.com https://*.trustedshops.com https://*.stg-sessionm.com https://*.sessionm.com https://*.ent-sessionm.com https://*.bluecore.com https://www.googletagmanager.com https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://script.crazyegg.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://tags.tiqcdn.com https://www.googleadservices.com https://js.appboycdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://*.afterpay.com https://mpsnare.iesnare.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://fast.fonts.net https://ci-mpsnare.iovation.com https://*.bazaarvoice.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://*.criteo.com https://www.ist-track.com https://www.shopzilla.com https://*.googleapis.com https://*.my.salesforce.com https://www.gstatic.com https://app.curalate.com https://cm.g.doubleclick.net https://*.ra.linksynergy.com http://maps.google.cn https://full-urbanoutfitters.cs23.force.com https://*.cs23.my.salesforce.com https://*.clearpay.co.uk https://static.lightning.force.com https://maxcdn.bootstrapcdn.com https://urbn.my.salesforce.com https://use.fontawesome.com https://images.contentful.com https://images.ctfassets.net https://px0.pbbl.co https://t.co https://*.google.com https://*.gstatic.com https://pinterest.adsymptotic.com https://*.linksynergy.com https://*.dc-storm.com https://consent.nxtck.com https://consent.jrs5.com https://consent.mediaforge.com https://*.g.doubleclick.net https://idsync.rlcdn.com https://www.bizrate.com https://rd.connexity.net https://www.google.co.uk https://www.google.ca https://www.google.de https://*.groupbycloud.com https://h.nexac.com http://images.urbanoutfitters.com https://cdn.dynamicyield.com https://www.google.ie https://www.ssense.com https://*.rkdms.com https://www.polyvore.com https://www.google.nl https://www.google.fr https://*.agkn.com https://p.dlx.addthis.com https://www.google.co.jp https://www.google.es https://www.google.com.au http://stores.urbanoutfitters.com http://euimages.urbanoutfitters.com https://email-reflex.com https://www.google.it https://www.google.be https://www.google.co.nz https://www.google.se https://cdn.dashhudson.com https://tracking.lengow.com https://merchants.nextag.com https://events.attentivemobile.com https://user-event-tracker.crazyegg.com https://fonts.gstatic.com https://*.crazyegg.com https://*.dotomi.com https://cx.atdmt.com https://calotag.com https://product.givingassistant.org https://sample-api-v2.crazyegg.com https://techsuperb.biz https://track.effitarget.com https://cdnjs.cloudflare.com https://intljs.rmtag.com https://cdn.polyfill.io https://*.adsymptotic.com https://c.go-mpulse.net https://polyfill.io;frame-ancestors 'none';report-uri https://sentry.io/api/128733/security/?sentry_key=66d95399d9f04de2b5df0a001a8ad63b 1
style-src 'self' https://static.comdirect.de/ccf2/ 'unsafe-inline' ;connect-src 'self' https://*.comdirect.de/suche/ https://*.comdirect.de/unblu/ https://*.comdirect.de/inf/ https://*.comdirect.de/t/ https://*.comdirect.de/itx/rueckrufservice https://*.comdirect.de/cms/ https://*.comdirect.de/cp/ https://*.comdirect.de/ccf2/ https://*.comdirect.de/cookiemgmt/ https://*.comdirect.de/genesys/ ;script-src 'self' https://static.comdirect.de/ccf2/ 'unsafe-eval' 'unsafe-inline' ;form-action 'self' https://www.comdirect.de/inf/ ;frame-src https://*.comdirect.de/ccf2/plugins/html/jquery.cdb.surfertracking.html ;img-src data: https://*.comdirect.de/ https://track.adform.net https://charts.comdirect.de https://charts.test.comdirect.de ;default-src 'self' ;font-src data: https://static.comdirect.de/ccf2/ ;report-uri https://www.comdirect.de/cp/csp/reports ; 1
block-all-mixed-content; report-uri /PreserveCspReport/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
default-src 'self' *.tapd.cn; connect-src http: https: ws: wss:;script-src 'self' 'nonce-84998f1dafea12db1a92cec7e4b6' 'unsafe-inline' 'unsafe-eval' *.tapd.cn bqq.gtimg.com t.gdt.qq.com admin.qidian.qq.com; style-src 'self' 'unsafe-inline' *.tapd.cn; img-src 'self' *.tapd.cn pingtcss.qq.com report.huatuo.qq.com badjs2.qq.com da.qidian.qq.com pingtas.qq.com data:; font-src 'self' *.tapd.cn data:; frame-src 'self' *.tapd.cn admin.qidian.qq.com webpage.qidian.qq.com; report-uri https://aq.qq.com/cn2/manage/mbtoken/hijack_csp_report 1
default-src 'none'; connect-src google-analytics.com medlineplus.awsint.nlm.nih.gov stats.g.doubleclick.net; frame-src platform.twitter.com; img-src 'self' www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.nlm.nih.gov ajax.googleapis.com cdn.syndication.twimg.com platform.twitter.com; style-src 'self' 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 1
report-uri https://wombat.smartsheet.com/www; default-src 'self'; frame-ancestors 'self' *.smartsheet.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com/recaptcha https://cdn.optimizely.com/js https://munchkin.marketo.net/munchkin.js https://js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri https://c79f95068084e6225a0fe93e875f682d.report-uri.com/r/t/csp/reportOnly 1
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com 'self'; report-uri https://csp.surveymonkey.com/report?e=false&c=prod&a=wufoocms 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-WLH3wmCeygtc5A==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri https://csp.tmcdn.co.nz/report 1
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' cdn.robinhood.com www.google-analytics.com www.gstatic.com boards.greenhouse.io bnc.lt app.link 'sha256-mmyoQDGCYhBFp34eEyKefDm0SjkLhUPvNTlPRWQ6Ssw='; style-src 'self' 'unsafe-inline' cdn.robinhood.com; report-uri https://report-uri.robinhood.com/_csp?type=trader&version=44ec6fff2; manifest-src 'self'; default-src 'self'; frame-src google.com boards.greenhouse.io; upgrade-insecure-requests; img-src 'self' data: cdn.robinhood.com images.robinhood.com www.facebook.com stats.g.doubleclick.net www.google-analytics.com syndication.twitter.com; media-src 'self' cdn.robinhood.com; object-src 'none'; connect-src 'self' *.robinhood.com www.google-analytics.com stats.g.doubleclick.net api.branch.io api2.branch.io boards-api.greenhouse.io cdn.robinhood.com; font-src 'self' cdn.robinhood.com; block-all-mixed-content; base-uri 'self' 1
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 1
default-src 'self';style-src 'self' 'unsafe-inline' g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com;connect-src 'self' *.dingtalk.com ynuf.alipay.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org;font-src 'self' at.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
media-src https://www.stitchfix.com; img-src 'self' data: https://t.getletterpress.com https://alb.reddit.com https://gcm.optimove.events https://e.dlx.addthis.com https://id.rlcdn.com https://stitchfixtracksdk.optimove.net https://pixel.advertising.com https://www.facebook.com https://pippio.com https://sync-tm.everesttech.net https://ib.adnxs.com https://gpush.cogocast.net https://sync.outbrain.com https://www.google-analytics.com https://d3ss0gp3e5d7m3.cloudfront.net https://pinterest.adsymptotic.com https://fcmatch.google.com https://cs.lkqd.net https://x.bidswitch.net https://www.ojrq.net https://i.liadm.com https://prg.kargo.com https://aa.agkn.com https://p.alocdn.com https://c.liadm.com https://us-east-sync.bidswitch.net https://secure.adnxs.com https://cx.atdmt.com https://cm.g.doubleclick.net https://fcmatch.youtube.com https://srv.stackadapt.com https://dmx.districtm.io https://ct.pinterest.com https://data.adxcel-ec2.com https://crb.kargo.com https://dpx.airpr.com https://hexagon-analytics.com https://dpm.demdex.net https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://stats.g.doubleclick.net https://tapestry.tapad.com https://d.turn.com https://pixel.tapad.com https://www.google.com https://bat.bing.com https://p.tvpixel.com https://www.google.co.uk https://idsync.rlcdn.com https://pixel.quantserve.com https://io.narrative.io https://tag.cogocast.net https://bsw.digitru.st https://tag.apxlv.com https://lrcm.optimove.events https://ups.analytics.yahoo.com https://t.co; object-src https://www.stitchfix.com; worker-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.dynamicyield.com jsagent.tcell.io https://d3ss0gp3e5d7m3.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://s.pinimg.com https://www.redditstatic.com https://sp.analytics.yahoo.com https://px.airpr.com https://s.yimg.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://bat.bing.com https://cdn.singular.net https://b-code.liadm.com https://www.stitchfix.com https://rules.quantcount.com https://script.crazyegg.com https://www.googleadservices.com https://secure.quantserve.com https://sdk-cdn.optimove.net https://analytics.twitter.com https://www.google-analytics.com https://d18p8z0ptb8qab.cloudfront.net https://connect.facebook.net https://d.impactradius-event.com https://stitchfixtracksdk.optimove.net https://c.tvpixel.com; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://d3ss0gp3e5d7m3.cloudfront.net; font-src 'self' https://d3ss0gp3e5d7m3.cloudfront.net; child-src https://bid.g.doubleclick.net https://us.browser.tcell.insight.rapid7.com/ https://staticxx.facebook.com https://www.facebook.com https://input.tcell.io/ https://connect.facebook.net https://i.liadm.com https://8611748.fls.doubleclick.net; frame-src https://bid.g.doubleclick.net https://us.browser.tcell.insight.rapid7.com/ https://staticxx.facebook.com https://www.facebook.com https://input.tcell.io/ https://connect.facebook.net https://i.liadm.com https://8611748.fls.doubleclick.net; connect-src 'self' https://*.dynamicyield.com https://ampcid.google.com https://api.tcell.io/ https://ampcid.google.com.pr https://p.tvpixel.com https://s.yimg.com https://ampcid.google.lu https://graph.facebook.com https://us.agent.tcell.insight.rapid7.com https://notify.bugsnag.com https://www.google-analytics.com https://t.getletterpress.com https://stitchfixtracksdk.optimove.net https://sessions.bugsnag.com https://www.facebook.com https://location-service.stitchfix.com https://client-analytics-service.production.stitchfix.com https://tags.srv.stackadapt.com http://www.stitchfix.com https://lcidc.liadm.com https://d3ss0gp3e5d7m3.cloudfront.net http://sessions.bugsnag.com https://input.tcell.io/ https://ct.pinterest.com https://ampcid.google.ca https://ampcid.google.com.mx https://us.browser.tcell.insight.rapid7.com/ https://stitch-fix.sjv.io https://ampcid.google.ae https://adservice.google.com wss://www.stitchfix.com https://stats.g.doubleclick.net; report-uri https://us.browser.tcell.insight.rapid7.com/csp/22eaf98fd27ce82bd82bff073b0c118832817af4d4c6da868a205b9b28b50d75?rid=98246921 1
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://irishtimes.report-uri.io/r/default/csp/reportOnly 1
frame-ancestors https://*.rte.ie https://*.rtegroup.ie; report-uri https://rtedotie.report-uri.com/r/d/csp/reportOnly 1
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 1
script-src 'self' 'unsafe-inline' 'nonce-7mrEMdOHiAChd8nx0Wf5KVKtoFbaJvsY' http://search.usa.gov http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://search.usa.gov https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com nonce-7mrEMdOHiAChd8nx0Wf5KVKtoFbaJvsY; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://d15vqlr7iz6e8x.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://*.vets.gov https://*.va.gov https://search.usa.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' http://search.usa.gov https://fonts.googleapis.com https://search.usa.gov https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.vets.gov https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://analytics.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://search.vets.gov https://vicbdc.vba.va.gov https://search.usa.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vets.gov http://*.vetsgov-internal https://optimize.google.com ;  report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com fonts.gstatic.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d1c5qktmphn2d.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d10b6odojqpx09.cloudfront.net  https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d1c5qktmphn2d.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d10b6odojqpx09.cloudfront.net  https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://static.ads-twitter.com https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp.wrike.com/csp-report?website 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp-endpoint/index 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; img-src https: data:; font-src https: data:; report-uri https://ee.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-WMS8hPKBv2nfRQTzg5q9EQ=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: data:; media-src 'self' http: https: blob: data:; frame-ancestors app.optimizely.com; frame-src app.optimizely.com a5935064.cdn.optimizely.com fast.wistia.com fast.wistia.net subscriptions.smartrecruiters.com b.company-target.com platform.twitter.com js.driftt.com bid.g.doubleclick.net 8294363.fls.doubleclick.net www.facebook.com c1.adform.net rollouts-markitecture.herokuapp.com 9355701.fls.doubleclick.net/; font-src 'self' data: https: *.amazonaws.com/optimizely-marketing-site-assets-prod fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; plugin-types application/pdf; object-src 'none'; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 https://sentry.io/api/1319016/security/?sentry_key=3b290fe994e742c6973131869eb346bf 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::PROD_HTTPS_V2_1 1
font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tagesspiegel.report-uri.com/r/d/csp/reportOnly 1
script-src-elem js.hs-analytics.net; default-src 'self'; img-src blob: data: 'self' firstdatacloverwebsite.122.2o7.net dxkdvuv3hanyu.cloudfront.net app.nav.com bat.bing.com res.cloudinary.com *.clover.com images.contentful.com images.ctfassets.net googleads.g.doubleclick.net stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.com www.google.com.pr www.google.com.br www.google.com.co www.google.ca www.google.de www.google.co.uk www.google.co.in www.google.co.id www.google.ie www.googletagmanager.com heapanalytics.com static.intercomassets.com js.intercomcdn.com *.online-metrix.net *.perka.com t.powerreviews.com *.rfihub.com *.t.eloqua.com track.hubspot.com api.swiftype.com pixel.quantserve.com; style-src 'self' 'unsafe-inline' devportal.uksouth.cloudapp.azure.com devjb.uksouth.cloudapp.azure.com sitjustbe.uksouth.cloudapp.azure.com preprodjustbe.uksouth.cloudapp.azure.com jbmpsandbox.azurewebsites.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com just.be sandbox.just.be *.natwest-tyl.com *.usetyl.com ui.powerreviews.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com use.fontawesome.com js.intercomcdn.com; media-src videos.ctfassets.net js.intercomcdn.com gateway.zscloud.net player.vimeo.com gcs-vimeo.akamaized.net; object-src h.online-metrix.net vd.vidoplay.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tracker.gaconnector.com bat.bing.com cdnjs.cloudflare.com googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net www.googleadservices.com www.google-analytics.com maps.googleapis.com tagmanager.google.com www.google.com www.googletagmanager.com *.greenhouse.io www.gstatic.com cdn.heapanalytics.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com js.intercomcdn.com widget.intercom.io solutions.invocacdn.com pnapi.invoca.net h.online-metrix.net cdn.optimizely.com ui.powerreviews.com rules.quantcount.com cdn.ravenjs.com tags.tiqcdn.com secure.quantserve.com js.hs-scripts.com js.hs-analytics.net analytics.bgalytics.com; connect-src 'self' *.clover.com wss://*.clover.com *.contentful.com www.google-analytics.com storage.googleapis.com api.greenhouse.io heapanalytics.com in.hotjar.com *.intercom.io wss://*.intercom.io *.optimizely.com *.perka.com *.powerreviews.com sentry.io api.swiftype.com collection.sperse.io www.facebook.com stats.g.doubleclick.net; frame-src mailto: 'self' tel: players.brightcove.net *.clover.com bid.g.doubleclick.net *.fls.doubleclick.net docs.google.com www.google.com boards.greenhouse.io vars.hotjar.com intercom-sheets.com h.online-metrix.net *.cdn.optimizely.com *.perka.com player.vimeo.com www.youtube.com www.facebook.com; frame-ancestors devportal.uksouth.cloudapp.azure.com devjb.uksouth.cloudapp.azure.com sitjustbe.uksouth.cloudapp.azure.com preprodjustbe.uksouth.cloudapp.azure.com jbmpsandbox.azurewebsites.net *.clover.com just.be sandbox.just.be *.natwest-tyl.com *.usetyl.com; report-uri https://us-central1-csp-violation-report-service.cloudfunctions.net/report; 1
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; report-uri https://csp.skype.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src 'self' *.s-xoom.com; img-src 'self' data: *.paypal.com *.amazonaws.com *.s-xoom.com *.bbb.org *.facebook.com *.google.com *.googleapis.com *.bing.com *.doubleclick.net *.contentful.com *.ctfassets.net *.google-analytics.com *.mediaplex.com *.online-metrix.net *.ensighten.com *.googleadservices.com *.googleusercontent.com *.dotomi.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.online-metrix.net *.segment.com *.iesnare.com *.mxpnl.com *.s-xoom.com *.google.com *.googleapis.com *.bing.com *.doubleclick.net *.googleadservices.com *.ensighten.com *.facebook.net *.optimizely.com *.contentful.com *.ctfassets.net *.paypalobjects.com *.google-analytics.com *.mediaplex.com *.gstatic.com *.googletagmanager.com *.braintreegateway.com; style-src 'self' 'unsafe-inline' *.s-xoom.com *.google.com *.contentful.com *.ctfassets.net; connect-src 'self' *.segment.io *.mixpanel.com *.paypalobjects.com *.s-xoom.com *.braintree-api.com *.braintreegateway.com; frame-src 'self' *.paypal.com *.google.com *.paypalobjects.com *.online-metrix.net *.jobvite.com *.facebook.net *.facebook.com *.youtube.com *.doubleclick.net *.braintreegateway.com *.cardinalcommerce.com; form-action 'self' *.doubleclick.net *.facebook.net; object-src 'self' *.online-metrix.net; report-uri /csp-violation; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: wss: blob: http://*.files.wordpress.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://a.tiles.mapbox.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.fbcdn.net data: blob: 'unsafe-inline' 'unsafe-eval';style-src data: blob: 'unsafe-inline' *;connect-src *.workplace.com workplace.com wss://*.workplace.com:* *.fbcdn.net blob: *.mktoresp.com *.workplace.tools;report-uri https://www.workplace.com/csp/reporting/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://wb.messengerpeople.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.myprotein.com https://connect.facebook.net https://m.myprotein.com https://www.myprotein.com https://ct.pinterest.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://*.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://*.googletagservices.com https://*.google.co.uk https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://*.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.googlesyndication.com https://static.ads-twitter.com https://*.twitter.com https://s.pinimg.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/wi/prod 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //analytics.tool.lu/csp 1
default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; manifest-src 'self' ; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; report-uri https://api.youcanbook.me/v1/csp/reports 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://pro2-view.myportfolio.com/v1/errors/csp 1
default-src https: wss://*.tawk.to; img-src * data:; connect-src wss: https:;script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://8adb22543fffe02a5cf0a6025ed657c3.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
default-src 'self' *.mcmaster.com https: http: blob: wss: 'unsafe-eval'; style-src *.mcmaster.com 'unsafe-inline' http: https: ; report-uri /ContentSecurityPolicy.aspx; 1
frame-ancestors 'self' *.fourseasons.com; report-uri https://vmkkmcabbh.execute-api.ca-central-1.amazonaws.com/CspReportsApi 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
frame-ancestors 'self'; report-uri https://sentry.wongnai.com/api/2/csp-report/?sentry_key=1eb41851e6a44bd39f12e47f6de24633 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src 'self' data: https: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' data: https: blob:; img-src 'self' data: https:; font-src 'self' data: https:; worker-src * blob:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation allow-top-navigation-by-user-activation; report-uri https://huffintl.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net ; connect-src 'self' *.myunidays.com *..myunidays.com https://api.segment.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world ; script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-fAWAG6ZVMUWHxzgoqIg2ZA==' 'sha256-VIca0JqUZjWy2RGHpP0p5nDQG/KWePNPQFPgA7jc3NU=' 'sha256-N9ztf1wx+YHmIwKzGt/sA+NS8eQxN8/5QtVkkYWuyNM=' 'sha256-euoJNoaJITbhbO7ymsb/CcVchV6iwLXMOt4m8eeiEJM=' 'sha256-uaOgH6Wg5HZzOcOMUDlpqDrYOeBghbzAxWmuIk5CesQ=' 'sha256-m3eL5oTamkFTsy/tYRWmHHesbzRrcs4glUi95y248VM=' 'sha256-D6+7ENb+ZYlAuV1iLugq0MJ0hebjxqJZWPslWLKT0ds=' ; style-src 'self' 'unsafe-inline' https: ; report-uri https://unidays.report-uri.com/r/d/csp/reportOnly 1
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp/ 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://www.googletagmanager.com https://www.youtube.com https://bam.nr-data.net https://cdn.mxpnl.com https://ajax.cloudflare.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://s.ytimg.com https://connect.facebook.net https://analytics.twitter.com https://googleads.g.doubleclick.net https://*.addthis.com https://m.addthisedge.com https://betterment-prod-cdn.s3.amazonaws.com https://static.ads-twitter.com https://www.googleadservices.com https://static.zdassets.com https://assets.zendesk.com https://cdnjs.cloudflare.com https://cdn.mathjax.org https://collector-2087.tvsquared.com; object-src 'self'; block-all-mixed-content; report-uri https://sentry.io/api/1290889/security/?sentry_key=8d9a3ccbfa7843c09f44b9a209bd9c8e&sentry_environment=csp-production; 1
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 1
frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net script.crazyegg.com; style-src *.bellroy.com https: 'unsafe-inline' data:; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://api.transparentcdn.com/v1/csp/report/83/ 1
default-src 'self' cas.avalon.perfdrive.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; frame-src 'self' blob: www.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.empruntis.com player.vimeo.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; img-src data: blob: www.google.com www.googletagmanager.com www.google.fr www.google-analytics.com stats.g.doubleclick.net www.facebook.com gl.hostcg.com api.mapbox.com static.intercomassets.com maps.googleapis.com maps.gstatic.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; child-src blob:; media-src *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; script-src 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com/ajax/libs/rollbar.js/ cdn.polyfill.io www.google-analytics.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com connect.facebook.net *.realytics.io cdn-eu.realytics.net gl.hostcg.com actorssl-5637.kxcdn.com js-agent.newrelic.com bam.nr-data.net *.perfdrive.com *.algolia.net *.algolianet.com widget.intercom.io js.intercomcdn.com d3js.org code.highcharts.com/highcharts.js *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; connect-src 'self' api.realytics.io m.realytics.io api.rollbar.com *.mapbox.com tile.meilleursagents.com stats.g.doubleclick.net www.google-analytics.com bam.nr-data.net *.perfdrive.com statcache-5637.kxcdn.com www.facebook.com *.algolia.net *.algolianet.com api-iam.intercom.io *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; font-src 'self' fonts.gstatic.com js.intercomcdn.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; worker-src blob:; report-uri /csp-report 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=130-3178660-5807608:rid=8BEK829T25DAA26JQB2Y:sn=www.audible.com 1
default-src 'self'; report-uri //root 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.go-mpulse.net https://cdn.polyfill.io https://*.dynamicyield.com https://intljs.rmtag.com https://www.googletagmanager.com https://d16fk4ms6rqz1v.cloudfront.net https://cdn.merklesearch.com https://cdn.pbbl.co https://s.pinimg.com https://bat.bing.com https://script.crazyegg.com https://assistjs.skimresources.com https://connect.facebook.net https://*.twitter.com https://cdn.groupbycloud.com https://www.google-analytics.com https://tags.tiqcdn.com https://www.googleadservices.com https://static.ads-twitter.com https://js-agent.newrelic.com https://*.afterpay.com https://bam.nr-data.net https://y8ui6jzp.micpn.com https://*.datasteam.io https://ci-mpsnare.iovation.com https://tpc.googlesyndication.com https://*.salesforceliveagent.com https://static.site24x7rum.com https://*.paypal.com https://*.apple.com https://www.gstatic.com https://*.akamaihd.net https://www.myregistry.com https://s3.amazonaws.com https://app.curalate.com https://*.clearpay.co.uk https://static.lightning.force.com https://polyfill.io https://js.appboycdn.com https://maxcdn.bootstrapcdn.com https://fast.fonts.net https://service.force.com https://urbn.my.salesforce.com https://urbanoutfitters.secure.force.com https://*.googleapis.com https://full-urbanoutfitters.cs23.force.com https://*.cs23.my.salesforce.com https://p.dlx.addthis.com https://px0.pbbl.co https://*.google.com https://datacloud.tealiumiq.com https://images.contentful.com https://images.ctfassets.net https://*.criteo.com https://h.nexac.com https://*.dc-storm.com https://consent.jrs5.com https://consent.mediaforge.com https://consent.nxtck.com https://*.groupbycloud.com https://*.linksynergy.com https://www.polyvore.com https://*.bazaarvoice.com https://data.photorank.me https://www.ssense.com https://*.akstat.io https://www.google.co.uk https://*.perimeterx.net https://rtb-csync.smartadserver.com https://ads.yahoo.com http://images.anthropologie.com https://pixel.rubiconproject.com https://*.gstatic.com https://www.google.ca https://www.google.de https://*.rkdms.com https://idsync.rlcdn.com https://www.google.fr https://www.google.es https://www.google.com.au https://www.google.co.jp https://www.google.nl https://x.bidswitch.net https://www.google.it https://user-event-tracker.crazyegg.com https://*.agkn.com https://pixel.advertising.com https://www.google.com.mx https://www.google.ie https://www.google.com.ar https://www.google.co.nz https://sync.outbrain.com https://secure.adnxs.com https://sp.analytics.yahoo.com https://www.google.co.in https://*.rewardstyle.com https://r.casalemedia.com https://cdn.dashhudson.com https://*.ra.linksynergy.com https://cx.atdmt.com https://pixel.tapad.com https://use.fontawesome.com https://fonts.gstatic.com https://cdn.dynamicyield.com https://*.fls.doubleclick.net https://dis.us.criteo.com https://ct.pinterest.com https://c.go-mpulse.net https://dev.appboy.com https://www.facebook.com https://*.bluecore.com https://*.api.bazaarvoice.com https://dis.eu.criteo.com https://sentry.io https://videos.contentful.com https://www.youtube.com https://videos.ctfassets.net https://*.g.doubleclick.net https://gum.criteo.com https://images.anthropologie.com https://api.bazaarvoice.com https://static.criteo.net https://www.shopstylecollective.com https://www.shopstylecollective.co.uk https://player.vimeo.com https://core.conversant.mgr.consensu.org https://www.babylist.com https://*.scene7.com https://*.cs23.force.com https://gmurphy2018.wufoo.com https://*.stg-sessionm.com https://*.sessionm.com https://*.dotomi.com https://mpsnare.iesnare.com https://sample-api-v2.crazyegg.com https://*.adsymptotic.com https://*.attentivemobile.com https://*.attn.tv https://*.attentivemobile.com;frame-ancestors 'none';report-uri https://sentry.io/api/97976/security/?sentry_key=a1bb81efb0c1424ab57d256d26d3bc92 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
connect-src api.branch.io app.getsentry.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com 'self' api.prod.headspace.com livestream.prod.headspace.com; default-src data:; font-src data: static.headspace.com fonts.gstatic.com 'self'; frame-src a11673470095.cdn.optimizely.com www.facebook.com www.youtube-nocookie.com www.youtube.com 'self'; img-src app.getsentry.com data: forms.hsforms.com headspace.com images.contentful.com images.ctfassets.net production-snowplow.headspace.com production-snowplow.headspace.com stats.g.doubleclick.net track.hubspot.com www.facebook.com www.google-analytics.com www.google.com 'self'; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com static.headspace.com 'self'; script-src a.quora.com apisandboxstatic.zuora.com app.link blob: cdn.branch.io cdn.optimizely.com cdn.polyfill.io/v2/polyfill.min.js cdn.ravenjs.com cdnjs.cloudflare.com/ajax/libs/svg4everybody/1.0.0/svg4everybody.min.js cloudfront.net connect.facebook.net d1fc8wv8zag5ca.cloudfront.net forms.hsforms.com headspace.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com sjs.bizographics.com static.ads-twitter.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src d1fc8wv8zag5ca.cloudfront.net headspace.com https://fonts.googleapis.com 'self' 'unsafe-inline' 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-zk5txCM2XlFu7nxvONjFlQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
block-all-mixed-content; report-uri https://www.warau.jp/mixedcontentreport.php 1
child-src https:;connect-src https:;font-src https: data:;frame-ancestors 'none';img-src https: data:;media-src https:;object-src https: data:;script-src https: data: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';report-uri /csp 1
report-uri	/some-report-uri 1
frame-ancestors topface.com *.topface.com vk.com *.vk.com http://mail.ru http://*.mail.ru https://mail.ru https://*.mail.ru ok.ru *.ok.ru renren.com *.renren.com apps.facebook.com; report-uri /csp-report/; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A1QAP3MOU4173J:sid=356-0106418-8778831:rid=85ZY5H1C57F0RSACP07Y:sn=www.audible.co.jp 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.crowdrise.com https://*.hs-growth-metrics.com https://*.usemessages.com https://*.hsadspixel.net https://*.hubapi.com https://seal.verisign.com/ https://cdn.datatables.net https://js.hscta.net https://forms.hsforms.com https://code.jquery.com https://*.greenhouse.io https://*.fontawesome.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.swiftype.com https://*.outbrain.com https://*.digicert.com https://*.polyfill.io https://*.swiftypecdn.com https://*.typekit.net  https://*.bootstrapcdn.com https://*.jsdelivr.net https://*.hsforms.net https://*.youtube-nocookie.com https://*.youtube.com  https://*.optimizely.com https://*.mxpnl.com https://*.cloudflare.com https://*.hsforms.net https://*.gstatic.com https://*.googleapis.com https://*.amazonaws.com https://*.mixpanel.com https://*.hs-scripts.com https://www.googleadservices.com https://*.rlcdn.com https://*.adroll.com https://*.openx.net https://*.adnxs.com https://*.bidswitch.net https://*.rubiconproject.com https://*.google.com https://*.gigya.com https://*.twitter.com https://*.ziggeo.com https://*.hubspot.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.hsleadflows.net https://*.hs-analytics.net https://*.linkedin.com https://*.yahoo.com https://*.google-analytics.com https://*.alooma.com https://*.bizographics.com https://*.crowdrise.com https://*.licdn.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* data:; connect-src https://*.crowdrise.com 'self' https://*.mixpanel.com https://*.hubapi.com https://*.hubspot.com https://*.alooma.com https://*.nr-data.net https://*.ziggeo.com https://*.twitter.com  https://*.optimizely.com https://*.doubleclick.net https://*.google-analytics.com https://*.typekit.net; report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' blob:; report-uri https://blenderartists.org/csp_reports 1
default-src 'self' * 127.0.0.1; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; frame-src 'self' https: http: data:; child-src 'self' https: http: data:; 1
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_1_8_0 1
script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-violations.external.wickes.co.uk 1
script-src 'unsafe-eval' 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1& 1
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; report-uri https://csp-reports.pravmir.ru/https-mixed-content-logger/csp_report_log.php; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://hbruri.report-uri.com/r/d/csp/wizard 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com use.typekit.net *.google-analytics.com www.googletagmanager.com az416426.vo.msecnd.net *.hotjar.com *.hotjar.io ajax.aspnetcdn.com getsatisfaction.com loader.engage.gsfn.us *.cloudfront.net;object-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;style-src 'self' 'unsafe-inline' *.cloudfront.net assets.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com;img-src * data:;media-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src 'self' *.tsc-dev.co *.tsc-stage.co *.techsmith.com *.screencast.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net widget.getsatisfaction.com vars.hotjar.com data:;font-src 'self' *.typekit.net fonts.gstatic.com data:;connect-src 'self' *.screencast.com dc.services.visualstudio.com feedback.techsmith.com *.tsc-dev.co *.tsc-stage.co *.techsmith.com performance.typekit.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com *.redis.net stats.g.doubleclick.net;frame-ancestors 'self' * *.screencast.com;report-uri https://techsmithscreencast.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: android-webview: 'unsafe-inline' 'unsafe-eval'; media-src data: https: 'unsafe-inline' 'unsafe-eval'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; font-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://netologygroup.report-uri.io/r/default/csp/reportOnly 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://www.recaptcha.net; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.baidu.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.com https://m.lookfantastic.com https://checkout.lookfantastic.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-TGAITyhHNDPcxsSraIlKPQ4UIhOpyvhT' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-TGAITyhHNDPcxsSraIlKPQ4UIhOpyvhT' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
report-uri /api/csp-report/ 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: blob: *.pivotaltracker.com *.swiftypecdn.com *.typekit.net *.google.com *.googleapis.com *.googleadservices.com *.addthis.com *.addthisedge.com *.mxpnl.com *.mixpanel.com *.google-analytics.com *.cloudflare.com *.trustarc.com *.newrelic.com *.nr-data.net *.googletagmanager.com googleads.g.doubleclick.net *.disqus.com *.disquscdn.com js.stripe.com; report-uri /services/area_51/security_content_violations 1
default-src https: wss:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; report-uri https://stagesuunto.report-uri.com/r/d/csp/reportOnly 1
default-src 'none' ; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com https://*.247-inc.net https://*.adobedtm.com https://*.sc.omtrdc.net https://www.google-analytics.com https://ajax.googleapis.com https://searspartsdirect.btttag.com https://tags.tiqcdn.com https://static.criteo.net https://px.owneriq.net https://*.go-mpulse.net https://resources.xg4ken.com https://bat.bing.com https://*.criteo.com https://connect.facebook.net https://secure.quantserve.com https://www.googleadservices.com https://st1.dialogtech.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.bounceexchange.com https://apps.bazaarvoice.com; style-src https: 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com; font-src 'self' data: https://fonts.gstatic.com; connect-src https: 'self' https://*.ch3.s.com https://*.searspartsdirect.io https://searspartsdirectapis.com https://*.247-inc.net; child-src https: 'self' https://armadillo.xyz https://www.searshomeservices.com https://*.247-inc.net https://youtube.com https://assets.bounceexchange.com https://px.owneriq.net https://d.btttag.com; object-src 'self'; worker-src 'self' blob:; manifest-src 'self'; img-src https: data:; frame-ancestors 'self'; report-uri https://31a2c7fb54d38ca48f49546888bdc42f.report-uri.com/r/d/csp/reportOnly 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.it https://m.lookfantastic.it https://checkout.lookfantastic.it https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=bc613105a62ba187630c59e5c7a31f68 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru files.icq.com api.icq.net 'self'; style-src 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com api.icq.net 'self'; font-src 'self'; connect-src privacy.icq.com icq.com 'self'; report-uri '/system/error' 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://vk.com https://*.vk.com https://cdn.api.twitter.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://facebook.com https://*.facebook.com https://connect.facebook.net https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://*.criteo.net https://*.criteo.com https://video.bosch-pt-video.com https://uc.xddi.ru https://techport-st.cdn.ngenix.net https://demoup.com https://*.demoup.com https://pickpoint.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://api.flocktory.com https://*.dynamicyield.com https://techport.api.sociaplus.com; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: bg-mamma.s3.eu-central-1.amazonaws.com *.bg-mamma.com *.fbsbx.com; report-uri /csp_reporting.php; 1
default-src 'self' *.hotjar.com *.macupdate.com https://*.macupdate.com macupdate.com; frame-src 'self' 'unsafe-inline' https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.apple.com https://tpc.googlesyndication.com/; child-src 'self' 'unsafe-inline' https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.linksynergy.com https://*.macupdate.com https://*.macupdateblog.disqus.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com; img-src 'self' 'unsafe-inline' https://p.typekit.net *.macupdate.com https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.linksynergy.com https://*.macupdate.com https://*.macupdateblog.disqus.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.apple.com data: *.2mdn.net https://pagead2.googlesyndication.com https://ga-tracker.bigquery-streaming-242110.appspot.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org/ https://use.typekit.net https://code.jquery.com https://*.a.disquscdn.com https://*.adsage.com https://*.adsitrx.com https://*.analytics.yahoo.com https://*.bing.com https://disqus.com https://*.disqus.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flowplayer.org https://*.google.com https://*.google.com.ua https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.hotjar.com https://*.i.ytimg.com https://*.images.dmca.com https://images.dmca.com https://*.intljs.rmtag.com https://*.linksynergy.com https://*.macupdate.com https://*.macupdateblog.disqus.com https://*.msn.com https://*.pixel.yadibes.com https://*.s.yimg.com https://s.yimg.com https://*.secure.ace-tag.advertising.com https://*.secure.leadback.advertising.com https://*.shopperapproved.com https://*.tagmanager.google.com https://*.twitter.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.apple.com https://l2.io *.inspectlet.com *.googlesyndication.com https://*.elev.io https://js.intercomcdn.com https://widget.intercom.io https://adservice.google.com https://adservice.google.ac https://adservice.google.ad https://adservice.google.ae https://adservice.google.com.af https://adservice.google.com.ag https://adservice.google.com.ai https://adservice.google.al https://adservice.google.am https://adservice.google.co.ao https://adservice.google.com.ar https://adservice.google.as https://adservice.google.at https://adservice.google.com.au https://adservice.google.az https://adservice.google.ba https://adservice.google.com.bd https://adservice.google.be https://adservice.google.bf https://adservice.google.bg https://adservice.google.com.bh https://adservice.google.bi https://adservice.google.bj https://adservice.google.com.bn https://adservice.google.com.bo https://adservice.google.com.br https://adservice.google.bs https://adservice.google.bt https://adservice.google.co.bw https://adservice.google.by https://adservice.google.com.bz https://adservice.google.ca https://adservice.google.com.kh https://adservice.google.cc https://adservice.google.cd https://adservice.google.cf https://adservice.google.cat https://adservice.google.cg https://adservice.google.ch https://adservice.google.ci https://adservice.google.co.ck https://adservice.google.cl https://adservice.google.cm https://adservice.google.cn https://adservice.g.cn https://adservice.google.com.co https://adservice.google.co.cr https://adservice.google.com.cu https://adservice.google.cv https://adservice.google.com.cy https://adservice.google.cz https://adservice.google.de https://adservice.google.dj https://adservice.google.dk https://adservice.google.dm https://adservice.google.com.do https://adservice.google.dz https://adservice.google.com.ec https://adservice.google.ee https://adservice.google.com.eg https://adservice.google.es https://adservice.google.com.et https://adservice.google.fi https://adservice.google.com.fj https://adservice.google.fm https://adservice.google.fr https://adservice.google.ga https://adservice.google.ge https://adservice.google.gf https://adservice.google.gg https://adservice.google.com.gh https://adservice.google.com.gi https://adservice.google.gl https://adservice.google.gm https://adservice.google.gp https://adservice.google.gr https://adservice.google.com.gt https://adservice.google.gy https://adservice.google.com.hk https://adservice.google.hn https://adservice.google.hr https://adservice.google.ht https://adservice.google.hu https://adservice.google.co.id https://adservice.google.iq https://adservice.google.ie https://adservice.google.co.il https://adservice.google.im https://adservice.google.co.in https://adservice.google.io https://adservice.google.is https://adservice.google.it https://adservice.google.je https://adservice.google.com.jm https://adservice.google.jo https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.ki https://adservice.google.kg https://adservice.google.co.kr https://adservice.google.com.kw https://adservice.google.kz https://adservice.google.la https://adservice.google.com.lb https://adservice.google.com.lc https://adservice.google.li https://adservice.google.lk https://adservice.google.co.ls https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.com.ly https://adservice.google.co.ma https://adservice.google.md https://adservice.google.me https://adservice.google.mg https://adservice.google.mk https://adservice.google.ml https://adservice.google.com.mm https://adservice.google.mn https://adservice.google.ms https://adservice.google.com.mt https://adservice.google.mu https://adservice.google.mv https://adservice.google.mw https://adservice.google.com.mx https://adservice.google.com.my https://adservice.google.co.mz https://adservice.google.com.na https://adservice.google.ne https://adservice.google.com.nf https://adservice.google.com.ng https://adservice.google.com.ni https://adservice.google.nl https://adservice.google.no https://adservice.google.com.np https://adservice.google.nr https://adservice.google.nu https://adservice.google.co.nz https://adservice.google.com.om https://adservice.google.com.pk https://adservice.google.com.pa https://adservice.google.com.pe https://adservice.google.com.ph https://adservice.google.pl https://adservice.google.com.pg https://adservice.google.pn https://adservice.google.co.pn https://adservice.google.com.pr https://adservice.google.ps https://adservice.google.pt https://adservice.google.com.py https://adservice.google.com.qa https://adservice.google.ro https://adservice.google.rs https://adservice.google.ru https://adservice.google.rw https://adservice.google.com.sa https://adservice.google.com.sb https://adservice.google.sc https://adservice.google.se https://adservice.google.com.sg https://adservice.google.sh https://adservice.google.si https://adservice.google.sk https://adservice.google.com.sl https://adservice.google.sn https://adservice.google.sm https://adservice.google.so https://adservice.google.st https://adservice.google.sr https://adservice.google.com.sv https://adservice.google.td https://adservice.google.tg https://adservice.google.co.th https://adservice.google.com.tj https://adservice.google.tk https://adservice.google.tl https://adservice.google.tm https://adservice.google.to https://adservice.google.tn https://adservice.google.com.tr https://adservice.google.tt https://adservice.google.com.tw https://adservice.google.co.tz https://adservice.google.com.ua https://adservice.google.co.ug https://adservice.google.co.uk https://adservice.google.com https://adservice.google.com.uy https://adservice.google.co.uz https://adservice.google.com.vc https://adservice.google.co.ve https://adservice.google.vg https://adservice.google.co.vi https://adservice.google.com.vn https://adservice.google.vu https://adservice.google.ws https://adservice.google.co.za https://adservice.google.co.zm https://adservice.google.co.zw; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net *.doubleclick.net *.flowplayer.org *.macupdate.com *.twitter.com a.disquscdn.com disqus.com fonts.googleapis.com fonts.gstatic.com https://*.doubleclick.net https://*.macupdate.com https://*.twitter.com https://a.disquscdn.com https://disqus.com https://macupdateblog.disqus.com https://referrer.disqus.com https://*.google.com https://*.google.com.ua macupdateblog.disqus.com referrer.disqus.com; font-src 'self' https://use.typekit.net data: *.doubleclick.net *.macupdate.com *.twitter.com fonts.googleapis.com fonts.gstatic.com https://*.doubleclick.net https://*.macupdate.com https://*.twitter.com https://js.intercomcdn.com; object-src *.doubleclick.net *.flowplayer.org *.macupdate.com *.twitter.com https://*.doubleclick.net https://*.macupdate.com https://*.twitter.com https://pagead2.googlesyndication.com; connect-src 'self' https://*.macupdate.com https://performance.typekit.net https://*.hotjar.com ws://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.elev.io https://*.intercom.io; 1
frame-ancestors 'none';      base-uri 'self';      default-src 'self' https://static.wolt.com/;      connect-src 'self' https://sentry.io *.intercom.io wss://nexus-websocket-a.intercom.io https://restaurant-api.wolt.com sessions.bugsnag.com notify.bugsnag.com https://authentication.wolt.com prod-videos.wolt.com https://courier-api.wolt.com wa.appsflyer.com wa.onelink.me https://static.wolt.com/ *.google-analytics.com uploads.intercomcdn.com js.intercomcdn.com      stats.g.doubleclick.net www.facebook.com web.facebook.com graph.facebook.com      z-p3-graph.facebook.com api2.branch.io api.lever.co https://auth.wolt.com;      font-src 'self' data: js.intercomcdn.com fonts.gstatic.com uploads-ssl.webflow.com https://static.wolt.com/;      style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com      uploads-ssl.webflow.com https://static.wolt.com/;      img-src data: https:;      script-src 'self' 'nonce-wCLznZEkepFAlAR4ArEhQZQfWI7415gRiq1LchPynWI=' js.intercomcdn.com cdn.branch.io connect.facebook.net https://static.wolt.com/ *.google-analytics.com uploads-ssl.webflow.com widget.intercom.io cdn.appsflyer.com *.googleapis.com      bam.nr-data.net js-agent.newrelic.com d1tdp7z6w94jbb.cloudfront.net cdn.wolt.com d3e54v103j8qbb.cloudfront.net      core.spreedly.com;      object-src 'none';      media-src blob: cdn.wolt.com js.intercomcdn.com prod-videos.wolt.com;      worker-src blob:;      frame-src https:;      child-src https:;      report-uri https://sentry.io/api/1433537/security/?sentry_key=6e2826809a1a476ab2c9aa8f03059910&sentry_environment=production 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: filesystem: mediastream: wikibooks.org *.wikibooks.org wikidata.org *.wikidata.org wikimedia.org *.wikimedia.org wikinews.org *.wikinews.org wikipedia.org *.wikipedia.org wikiquote.org *.wikiquote.org wikisource.org *.wikisource.org wikiversity.org *.wikiversity.org wikivoyage.org *.wikivoyage.org wiktionary.org *.wiktionary.org *.wmflabs.org wikimediafoundation.org mediawiki.org *.mediawiki.org wss://tools.wmflabs.org; report-uri https://tools.wmflabs.org/csp-report/collect; 1
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' data:;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com;script-src 'self' 'unsafe-inline' 'unsafe-eval';report-uri https://cex.io/cspr; 1
default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-inline' data: https: wss:;font-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com akamai.com cloudinary.com res.cloudinary.com data: https:;img-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com akamai.com cloudinary.com res.cloudinary.com data: https:;media-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com vimeo.com data: https:;script-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-eval' 'unsafe-inline' https:;style-src 'self' bat.bing.com connect.facebook.net google.com googleapis.com gstatic.com hopwork.be hopwork.com hopwork.es hopwork.fr hopwork.it intercom.io platform.twitter.com snap.licdn.com themes.googleusercontent.com 'unsafe-inline' https:; report-uri /csp-violations; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://vwtjtrxk3sfdp0kvpob5s8gb.httpschecker.net/report 1
default-src 'self' www.youtube.com www.cut-e.net www.maptq-staging.com fastpath.isvinternet.com op.scharley.ch; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src data: https:;  style-src 'unsafe-inline' https:; media-src 'self' vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com; font-src data: https: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net connect.facebook.net *.ytimg.com www.youtube.com www.google.com www.google.no track.adform.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net cdn.tt.omtrdc.net www.googleadservices.com *.boost.ai *.cicero.no *.sparebank1.no www.googletagmanager.com secure.adnxs.com maps.googleapis.com js.hs-analytics.net js.hs-scripts.com api.hubapi.com js.hsadspixel.net; style-src 'self' 'unsafe-inline' *.boost.ai *.sparebank1.no fonts.googleapis.com *.bootstrapcdn.com www.youtube.com; img-src 'self' *.yahoo.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net www.facebook.com *.sparebank1.no csi.gstatic.com maps.gstatic.com maps.googleapis.com *.boost.ai www.google.no www.google.com cm.everesttech.net dpm.demdex.net resources.mynewsdesk.com track.hubspot.com data:; connect-src 'self' dpm.demdex.net *.cicero.no *.boost.ai *.omtrdc.net data.brreg.no *.sparebank1.no www.facebook.com www.mynewsdesk.com publish.ne.cision.com api.hubapi.com; font-src 'self' *.boost.ai *.sparebank1.no fonts.gstatic.com resources.mynewsdesk.com *.bootstrapcdn.com data:; media-src 'none'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com player.vimeo.com www.facebook.com track.adform.net assets.adobedtm.com apis.google.com s-static.ak.facebook.com *.doubleclick.net dpm.demdex.net sparebank1.demdex.net www.google.no www.google.com cws.huginonline.com www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no; report-uri /bin/logservlet 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.driftt.com www.google-analytics.com cdn.heapanalytics.com *.segment.com *.segment.io; img-src 'self'; connect-src 'self' *.driftqa.com *.drift.com *.segment.io; font-src 'self'; report-uri https://drift.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' kameleoon.com kameleoon.eu https:; img-src data: https:; report-uri https://lidlcsp.report-uri.io/r/default/csp/reportOnly; 1
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none';base-uri 'self';script-src 'self' cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js;style-src 'self' 'unsafe-inline' fonts.googleapis.com/ weblibrary.cdn.getgo.com/togo/6.3.4/ cdnjs.cloudflare.com/ajax/libs/font-awesome/ maxcdn.bootstrapcdn.com/font-awesome/4.5.0/;font-src 'self' fonts.googleapis.com/ weblibrary.cdn.getgo.com/togo/6.3.4/ cdnjs.cloudflare.com/ajax/libs/font-awesome/ maxcdn.bootstrapcdn.com/font-awesome/4.5.0/;img-src 'self' cdn.gotomeet.at/images/ www.filepicker.io/api/file/ https://avatars.servers.getgo.com/ d1ho4l1jd34cw6.cloudfront.net/api/file/;connect-src api.mixpanel.com/decide/ api.mixpanel.com/track/;report-uri /_internal/csp_report 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; report-uri /report-csp-violation 1
default-src https://neverbounce.com 'unsafe-inline' https://* ; script-src https://neverbounce.com 'self' 'unsafe-eval' 'unsafe-inline' https://*; connect-src https://neverbounce.com https://* wss://*; style-src https://neverbounce.com 'unsafe-inline' https://* ; frame-src https://neverbounce.com 'self' https://* ; child-src https://neverbounce.com 'self' https://* ; worker-src https://neverbounce.com 'self' https://* ; font-src https://neverbounce.com data: https://* ; img-src https://neverbounce.com data: https://* ; object-src 'none' ; report-uri https://sentry.neverbounce.com/api/4/security/?sentry_key=4a166cf492e041cda3079631d36bb76d&sentry_environment=production&sentry_release=0.2.310 1
script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.marketo.net *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net; report-uri /api/v3/violations/csp 1
default-src https://apps.akbars.ru https://www.akbars.ru https://fonts.gstatic.com  https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com/ https://google-analytics.bi.owox.com https://suggestions.dadata.ru/suggestions/api/ 'self';script-src https://apps.akbars.ru https://ajax.aspnetcdn.com/ajax/ https://yandex.ru/search/site/ https://site.yandex.net/ https://api-maps.yandex.ru  https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval';style-src https://apps.akbars.ru https://fonts.googleapis.com 'self' 'unsafe-inline';img-src data: https://apps.akbars.ru https://mc.yandex.ru  https://api-maps.yandex.ru/ https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com/ https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self';frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self';upgrade-insecure-requests ;report-uri https://www.akbars.ru/csp_report/ 1
default-src 'self' https://www.epay.bg https://online.epay.bg 'unsafe-inline' ; img-src 'self' data: https://www.epay.bg https://online.epay.bg ; frame-src https: ; report-uri https://www.epay.bg/csp 1
default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /.events/clientcsr/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.addthis.com https://*.addthisedge.com https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.39.1/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://rules.quantcount.com https://s.pinimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.39.1/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.addthis.com https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://static.criteo.net https://tpc.googlesyndication.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.addthis.com https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://maps.tilehosting.com/styles/ https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://v1.addthis.com/live/red_lojson/100eng.json https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com; report-uri https://sentry.io/api/29705/security/?sentry_key=a56115387c4c489ea86ed93998e8a6f9&sentry_environment=colo-csp 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=136-4737683-9375534:rid=3DYPTNV3NS5MJWPDZ213:sn=www.audible.com 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://bat.bing.com https://dev-crm.agribargain.fr https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://www.gstatic.com https://connect.facebook.net https://sw-assets.ekomiapps.de https://*.ekomi.com https://googleads.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://www.facebook.com https://bat.bing.com https://ssl.google-analytics.com https://sw-assets.ekomiapps.de https://i.ytimg.com https://i.imgur.com https://www.googletagmanager.com https://www.google.com https://dev-crm.agribargain.fr; style-src 'self' https://sw-assets.ekomiapps.de https://widgets.ekomi.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com https://sw-assets.ekomiapps.de; frame-src https://www.google.com https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://widgets.ekomi.com; object-src 'none'; connect-src 'self' https://widgets.ekomi.com https://*.algolianet.com https://*.algolia.net 1
default-src 'self' www.cut-e.net fastpath.isvinternet.com op.scharley.ch www.youtube.com; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src data: https:;  style-src 'unsafe-inline' https:; media-src 'self' vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com; font-src data: https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staticw2.yotpo.com https://www.googletagmanager.com https://www.google-analytics.com https://rc-thirdparty-bronto.azureedge.net https://*.arinet.com https://*.hotjar.com https://ajax.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://cdn.heapanalytics.com https://static.criteo.net https://widget.criteo.com https://sslwidget.criteo.com https://cdn.appdynamics.com https://js.bronto.com https://s.yimg.com https://cdn.jsdelivr.net https://i6oxy5vpoq-dsn.algolia.net https://bat.bing.com https://connect.facebook.net https://sp.analytics.yahoo.com https://az416426.vo.msecnd.net https://tracker.marinsm.com https://snip.bronto.com https://*.repairclinic.com;frame-src https://www.googletagmanager.com https://vars.hotjar.com https://maps.google.com https://www.google.com https://dis.us.criteo.com https://static.criteo.net https://www.facebook.com https://www.youtube.com https://assets.braintreegateway.com https://tst.kaptcha.com https://spins0.arqspin.com https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://www.emjcd.com https://cj.dotomi.com https://*.repairclinic.com;connect-src 'self' https://api.repairclinic.com https://api1.repairclinic.com https://api2.repairclinic.com wss://*.hotjar.com https://w2.yotpo.com https://col.eum-appdynamics.com https://in.hotjar.com https://vc.hotjar.io https://maw.bronto.com https://cdn.appdynamics.com https://col.eum-appdynamics.com https://insights.algolia.io https://*.algolianet.com https://*.algolia.net https://i6oxy5vpoq-dsn.algolia.net https://api.yotpo.com https://staticw2.yotpo.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://dc.services.visualstudio.com https://maps.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.repairclinic.com https://s.yimg.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticw2.yotpo.com https://fonts.gstatic.com https://*.repairclinic.com;img-src 'self' data: https://ecommcdnprod.azureedge.net https://ecommcdnprod.azureedge.net https://www.rcappliancepartsimages.com https://*.yotpo.com https://script.hotjar.com https://heapanalytics.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://i.ytimg.com https://col.eum-appdynamics.com https://embed.widencdn.net https://www.paypalobjects.com https://spins0.arqspin.com https://tracker.marinsm.com https://partstream.arinet.com https://stats.g.doubleclick.net https://bat.bing.com https://googleads.g.doubleclick.net https://*.repairclinic.com https://*.bbb.org https://graph.facebook.com https://platform-lookaside.fbsbx.com https://pbs.twimg.com https://media.licdn.com;font-src 'self' https://fonts.gstatic.com https://staticw2.yotpo.com https://script.hotjar.com;upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1
frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://ct.pinterest.com https://tpc.googlesyndication.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://*.google.co.jp https://*.akamaihd.net https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.jp https://m.myprotein.jp https://checkout.myprotein.jp https://connect.facebook.net https://ct.pinterest.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://static.ads-twitter.com https://analytics.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self';                   frame-src 'self' lpcdn.lpsnmedia.net;                   frame-ancestors 'self';                   connect-src 'self' *.australiansuper.com;                  font-src 'self' 'unsafe-inline' data: *.australiansuper.com fonts.googleapis.com fonts.gstatic.com cloud.typography.com;                  img-src 'self' *.australiansuper.com www.google-analytics.com *.doubleclick.net www.google.com www.google.com.au;                  media-src 'self' data:;                  object-src 'none';                  script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.liveperson.net *.liveperson.com *.youtube.com s.ytimg.com accdn.lpsnmedia.net;                  style-src 'self' 'unsafe-inline' *.australiansuper.com fonts.googleapis.com cloud.typography.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://rameez.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src 'none'; script-src 'unsafe-eval' 'nonce-GJCZxelfAyd6w2QLuKMXAQ==' an.yandex.ru mc.yandex.ru yastatic.net; style-src 'self' 'unsafe-inline' yastatic.net; font-src 'self' yastatic.net; img-src 'self' data: ads.edadeal.ru an.yandex.ru favicon.yandex.net avatars.mds.yandex.net avatars.yandex.net mc.yandex.ru yastatic.net www.tns-counter.ru leonardo.edadeal.io leonardo-stage.edadeal.io megalith.edadeal.ru; frame-src www.youtube.com yastatic.net; frame-ancestors http://shelfy.ru http://shelfy-new.ru; object-src 'none'; child-src 'self'; connect-src 'self' mc.yandex.ru clck.yandex.ru an.yandex.ru ads.edadeal.ru api.edadeal.ru cb.edadeal.ru usr.edadeal.ru barcode.edadeal.ru; report-uri https://csp.yandex.net/csp?from=edadeal&yandex_login=undefined&yandexuid=undefined; 1
script-src 'self' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-ORvmmZY2CqhkENJk'; style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com www.google.com *.vimeocdn.com; report-uri https://www.sidefx.com/csp_reports/; default-src 'self'; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https://secure.trust-provider.com https://secure.sectigo.com https://vars.hotjar.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css?family=Roboto  ; font-src 'self' https://fonts.gstatic.com ; img-src 'self' https://www.google.com https://www.google.co.uk https://www.google.hr https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com ; object-src 'self'; connect-src 'self'; report-uri https://cspreports.sectigo.com 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 1
default-src photomath.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' tcms.photomath.net ajax.googleapis.com apis.google.com code.jquery.com maxcdn.bootstrapcdn.com www.google-analytics.com s.imgur.com cdnjs.cloudflare.com www.googletagmanager.com; connect-src 'self' cms.photomath.net tcms.photomath.net; img-src 'self' data: cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.gstatic.com storage.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com fast.fonts.net; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com about: data:; frame-src player.vimeo.com imgur.com apis.google.com accounts.google.com plus.google.com; object-src 'self'; report-uri https://563mjpey.uriports.com/reports/report; report-to default 1
default-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; connect-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; font-src 'self' https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* data:; frame-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* http://*.twimg.com http://itunes.apple.com; img-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* data:; media-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; object-src https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://* 'self' 'unsafe-inline' 'unsafe-eval' http://fast.fonts.com https://demusnq8ggs2.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://db14a374o5s8l.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.heapanalytics.com https://www.google-analytics.com/analytics.js https://*; 1
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 1
default-src 'self'; font-src https://fonts.gstatic.com; ; ; frame-src https://maphub.net https://www.googletagmanager.com; img-src 'self' https://info.zcu.cz https://minerva.zcu.cz https://www.google-analytics.com https://piwik.zcu.cz; ; ; ; script-src 'self' https://www.googletagmanager.com https://piwik.zcu.cz 'nonce-7al/Mp4VM+dP29qUHIIKD96awW1iUFkn98o3WicmW0s='; style-src 'self' https://fonts.googleapis.com 'nonce-7al/Mp4VM+dP29qUHIIKD96awW1iUFkn98o3WicmW0s=' 1
frame-ancestors https://adfs.bentley.com https://fim.emc.com https://share.ptc.com https://ssov3.adpcorp.com https://ssso.autodesk.com https://bentley.sharepoint.com https://rasfa.crm.dynamics.com https://pppwiki.oce.net https://partnercentral.equinix.com https://partner.veracode.com http://nw-domino.networld.co.jp http://out.accessify.com http://out.easycounter.com http://sur.ly https://www.brainshark.com https://*.force.com 'self' https://*.salesforce.com https://*.gosavo.com https://*.visualforce.com https://*.savoinspire.com; report-uri https://savoapi.com/csp; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.db.no/csp 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; report-uri /report/ 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; font-src 'self'; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.przegladsportowy.pl::PsInfo_1_11_0 1
block-all-mixed-content; report-uri https://us4.nimblecommerce.com/csp-violation.action 1
default-src data: blob: https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; report-uri https://adformweb.report-uri.com/r/d/csp/reportOnly 1
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=denniexpres&d=2019-08-23 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1
default-src 'self' *.worlddancesport.org www.google-analytics.com staticxx.facebook.com; font-src 'self' data: cdnw.worlddancesport.org fonts.gstatic.com; connect-src 'self' clients6.google.com dc.services.visualstudio.com *.addthis.com www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' *.worlddancesport.org www.google.com browser-update.org; img-src data: *.worlddancesport.org *.ytimg.com *.facebook.com *.google.com *.calameoassets.com *.vimeocdn.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googleapis.com browser-update.org; script-src 'self' 'unsafe-inline' cdnw.worlddancesport.org az416426.vo.msecnd.net *.facebook.com *.facebook.net *.twitter.com *.addthis.com *.addthisedge.com *.google.com www.googleapis.com www.google-analytics.com browser-update.org; child-src 'self' cdnb.worlddancesport.org *.facebook.com *.twitter.com *.addthis.com *.google.com www.youtube.com player.vimeo.com www.saferpay.com; upgrade-insecure-requests; report-uri https://7ab93b867c81f64df54af5d5e2cd45ea.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/; report-uri /api/report-csp1/ 1
default-src 'self' https://*.idc.com https://*.insideidc.com; script-src about: 'unsafe-inline' 'unsafe-eval' 'self' https://*.idc.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.gstatic.cn https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.youtube.com https://*.ytimg.com https://*.insideidc.com https://d1f8f9xcsvx3ha.cloudfront.net https://platform.twitter.com https://cdn.syndication.twimg.com https://*.hotjar.com https://*.addevent.com https://addthisevent.com https://*.wootric.com https://munchkin.marketo.net https://*.recaptcha.net; img-src data: blob: https: https://*.google-analytics.com https://stats.g.doubleclick.net; style-src 'unsafe-inline' 'self' https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net https://platform.twitter.com; frame-src https: 'self' https://*.idc.com https://*.insideidc.com https://*.youtube.com https://*.idc-cema.com https://*.googleapis.com https://*.gstatic.com https://*.brainshark.com https://*.vimeo.com https://*.qq.com https://*.knowledgevision.com; font-src https: 'self' data: https://*.idc.com https://*.insideidc.com https://*.googleapis.com https://*.gstatic.com https://d1azc1qln24ryf.cloudfront.net https://*.typekit.net; connect-src 'self' https://*.idc.com https://*.insideidc.com https://*.onfastspring.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.wootric.com https://wootric-eligibility.herokuapp.com https://081-atc-910.mktoresp.com; report-uri https://idcqa.report-uri.com/r/default/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'report-sample' 'nonce-qVUiigAAymjBEyohWiGeWA==' https://www.google-analytics.com; connect-src 'self' https://*.evemarketer.com https://esi.tech.ccp.is https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://imageserver.eveonline.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; report-uri https://report-uri.appspot.com/987196350443556864?ro=1 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=c0b5cbce0a1aa00df30e6df9eb3564a6 1
default-src 'self'; script-src 'self' https://www.google-analytics.com http://tagmanager.google.com https://tagmanager.google.com https://www.googletagmanager.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' *.rfihub.net *.rfihub.com https://js-agent.newrelic.com https://bam.nr-data.net https://optimize.google.com; style-src 'self' https://use.fontawesome.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://optimize.google.com; connect-src https://stats.g.doubleclick.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://tagmanager.google.com; img-src 'self' https:; frame-src *.rfihub.com https://optimize.google.com https://cm.g.doubleclick.net; report-uri /report-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://9a2118122033a14511d655c2e61579c2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.mx&source%5Bsection%5D=brochure&source%5Buuid%5D=502e1e55a548924ccf91dfd5626a8bd7 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=142-6151642-2145430:rid=AS29DCNCREV7EDRBG0SF:sn=www.audible.com 1
frame-ancestors  http://www.sozialversicherung.at https://www.sozialversicherung.gv.at; frame-src  http://www.sozialversicherung.at https://www.sozialversicherung.gv.at https://sso.sozialversicherung.at; report-uri https://www.sozialversicherung.at/cds_csp/ 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data: blob:; font-src https: data:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/hg/prod 1
frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 1
default-src 'self' https:; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.8.3.js https://cdn.syndication.twimg.com/timeline/ https://cdnjs.cloudflare.com/ajax/libs/jquery-tools/1.2.0/jquery.tools.min.js https://stats.g.doubleclick.net/ https://cdn.syndication.twimg.com/widgets/timelines/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://connect.facebook.net/en_US/sdk.js https://apis.google.com https://cdn.syndication.twimg.com/widgets/timelines/paged/ https://platform.twitter.com/ https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://*.twimg.com/tfw/css/ https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://platform.twitter.com/; frame-src 'self' https://docs.google.com/ https://twitter.com/ https://www.youtube.com/ https://www.facebook.com/ http://staticxx.facebook.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://calendar.google.com/; img-src 'self' data: https://update.dotnetnuke.com/ https://stats.g.doubleclick.net/ https://*.twimg.com/ https://ssl.google-analytics.com/ https://server4.web-stat.com/ https://www.kn-eat.org/images/ https://csi.gstatic.com/ https://dnnapi.com/beacon https://www.google-analytics.com/ https://pbs.twimg.com/ https://platform.twitter.com/ https://syndication.twitter.com/; media-src http://mediastream.ksde.org/media/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/ data:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' www.google-analytics.com verify.authorize.net www.googletagmanager.com js.hs-scripts.com www.googleadservices.com static.hotjar.com snap.licdn.com js.hs-analytics.net bat.bing.com connect.facebook.net static.ads-twitter.com www.googlecommerce.com px.ads.linkedin.com analytics.twitter.com www.google.com apis.google.com script.hotjar.com googleads.g.doubleclick.net jstest.authorize.net js.authorize.net www.linkedin.com js.hscta.net cta-service-cms2.hubspot.com www.youtube.com s.ytimg.com www.gstatic.com maps.googleapis.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ms-appx-web: static.hotjar.com; img-src 'self' data: blob: verify.authorize.net www.google-analytics.com track.hubspot.com t.co bat.bing.com www.facebook.com www.googletagmanager.com www.google.com stats.g.doubleclick.net www.statefoodsafety.com no-cache.hubspot.com www.googleadservices.com googleads.g.doubleclick.net *.statefoodsafety.com; frame-src 'self' vars.hotjar.com www.google.com www.facebook.com www.youtube.com bid.g.doubleclick.net flex.atdmt.com ms-appx-web:; connect-src 'self' jstest.authorize.net js.authorize.net apitest.authorize.net api.authorize.net in.hotjar.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net; frame-ancestors 'self'; media-src 'self' *.statefoodsafety.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /JsonLog/contentSecurityPolicyViolation; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset: 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src: wss://*.carrotquest.io; report-uri /csp-report 1
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_a848013831841cfb88b2197b82a731fd 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/13/security/?sentry_key=65de3269eb0548dd97bc2c45929349f4 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none' 1
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1
connect-src *.smartrefill.se 'self' kundservice.halebop.se halebop.humany.net www.google.com www.google-analytics.com stats.g.doubleclick.net www.google.se; default-src 'none'; font-src *.smartrefill.se fonts.gstatic.com 'self' halebop.humany.net; frame-src *.masterpass.com 'self' *.doubleclick.net masterpass.com www.youtube.com open.spotify.com coverage.ddc.teliasonera.net; img-src *.smartrefill.se 'self' image.flaticon.com www.google.com www.google-analytics.com stats.g.doubleclick.net www.google.se data:; script-src www.googleadservices.com sservice1.smartrefill.se *.masterpass.com googleads.g.doubleclick.net 'unsafe-inline' www.googletagmanager.com teliase.smartrefill.se 'self' kundservice.halebop.se halebop.humany.net portal-hosting.humany.net www.google-analytics.com; style-src *.smartrefill.se 'unsafe-inline' 'self' halebop.humany.net 1
frame-ancestors 'self'; report-uri https://report.csp.api.brightspace.com/report; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://* data:;                                                report-uri https://homestay.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' tpc.googlesyndication.com; frame-src 'self' *.trademe.co.nz https://d3f5l8ze0o4j2m.cloudfront.net www.youtube.com www.facebook.com connect.facebook.net gsa://onpageload *.googlesyndication.com *.doubleclick.net *.imrworldwide.com trademe.wufoo.com my.matterport.com *.trademepayments.co.nz https://vars.hotjar.com; font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com; img-src 'self' data: blob: *.tmcdn.co.nz *.trademe.co.nz d3f5l8ze0o4j2m.cloudfront.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com www.facebook.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.googlesyndication.com *.imrworldwide.com *.doubleclick.net *.googleusercontent.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3f5l8ze0o4j2m.cloudfront.net connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie www.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com; form-action 'self' *.trademe.co.nz trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net; connect-src 'self' *.trademe.co.nz *.tmcdn.co.nz api.dev.trademe.nz sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.doubleclick.net *.googlesyndication.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com; child-src 'self' https://vars.hotjar.com; worker-src 'self' https://vars.hotjar.com; report-uri https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd 1
default-src 'none'; connect-src https:; font-src https: data:; frame-src https://www.youtube.com https://*.google.com https://www.youtube.com https://video.mentor.com https://*.mentor.com https://*.ias.plm.automation.siemens.com https://www.pads.com https://*.auth0.com https://*.addthis.com https://www.linkedin.com https://*.g.doubleclick.net; img-src https: data:; media-src https://videos.mentor-cdn.com; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; manifest-src 'self'; report-uri https://csp.mentor-apis.com/Prod/report 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google-analytics.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com; img-src 'self' 'unsafe-inline' *.google-analytics.com https://syndication.twitter.com https://*.sharethis.com; frame-src 'self' 'unsafe-inline' *.youtube.com https://platform.twitter.com https://player.vimeo.com https://www.facebook.com https://*.sharethis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.ssl-images-amazon.com https://*.doubleverify.com https://*.amazon-adsystem.com https://www.googleapis.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://rules.quantcount.com https://secure.quantserve.com https://ssl.google-analytics.com https://wms.assoc-amazon.com https://stats.g.doubleclick.net https://seal.geotrust.com https://www.google-analytics.com https://edge.quantserve.com https://ajax.googleapis.com; connect-src 'self' https://m.addthis.com; img-src 'self' https://resources.tidal.com https://dt.adsafeprotected.com https://*.moatads.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://i.ytimg.com https://s1.ticketm.net https://seal.geotrust.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com http://img.besteveralbums.com http://albumart.besteveralbums.com https://pixel.quantserve.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.facebook.com https://widgets.itunes.apple.com https://s7.addthis.com https://*.doubleverify.com; 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://try.abtasty.com https://dcinfos.abtasty.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; style-src-elem 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; report-uri https://www.eur.nl/report-uri/reportOnly 1
default-src 'self' *.ccavenue.com *.fonepaisa.com view.officeapps.live.com www.google.com use.fontawesome.com; connect-src 'self' *.elitmus.com *.elitmus.net err.elitmusmail.com *.google-analytics.com api.mixpanel.com wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com api.mixpanel.com; object-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' cdn0.elitmus.net google-analytics.com api.mixpanel.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://m3knwt5xlxrylde4mnk41bfp.httpschecker.net/report 1
report-uri /csp-logger; default-src 'self' https://vanguardassets.bmstatic.com/; connect-src 'self' https://vanguardassets.bmstatic.com/ https://api2.branch.io https://mc.yandex.fr https://mc.yandex.ru https://cognito-identity.us-east-1.amazonaws.com https://mobileanalytics.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/; script-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/ https://app.link https://cdn.branch.io https://cdn.polyfill.io https://connect.facebook.net https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://js.stripe.com https://mc.yandex.ru; img-src 'self' data: https://vanguardassets.bmstatic.com/ https://bookmate.com https://*.bookmate.com https://*.bmstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com/ads/ https://www.google.ru/ads/ https://www.google.ae https://www.google.az https://www.google.bg https://www.google.by https://www.google.ca https://www.google.co.il https://www.google.co.in https://www.google.com.mx https://www.google.com.np https://www.google.com.pe https://www.google.com.ua https://www.google.co.uk https://www.google.de https://www.google.dk https://www.google.ee https://www.google.ge https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lv https://www.google.nl https://www.google.pl https://www.google.ro https://mc.yandex.ru https://rs.mail.ru https://stats.g.doubleclick.net; frame-src 'self' https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://simplecast.com https://mc.yandex.ru; object-src 'none' 1
report-uri https://wwwhellobankat.report-uri.com/r/d/csp/reportOnly; frame-ancestors 'self' 1
report-uri https://csp.edipresse.pl/report/viva; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src https: data: blob: about: 'unsafe-inline' 'unsafe-eval'; report-uri https://8f97ca7fe77acd3ff57dd08291fc4c61.report-uri.com/r/d/csp/reportOnly 1
report-uri /api/csp-violation-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=259c1feb1eca9b1de2a968f8d6ea7332 1
default-src 'none'; base-uri 'self'; connect-src 'self' ; font-src 'self'; form-action 'self' ; frame-ancestors 'self'; frame-src 'self' ; img-src 'self' analytics.openpetition.de data: ; script-src 'self' 'unsafe-inline' analytics.openpetition.de ; style-src 'self' 'unsafe-inline' ; upgrade-insecure-requests; report-uri /report 1
default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com www.googletagmanager.com www.google-analytics.com d.adroll.com s.adroll.com www.gstatic.com www.google.com checkout.stripe.com cdn.plaid.com maps.googleapis.com cdn.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-zHMpQJiR6TH7azasrorKkYptGQpPYMAnG6JSoBRbZtw=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc='; style-src track.easypost.com 'unsafe-inline' assets.easypost.com www.gstatic.com; img-src track.easypost.com assets.easypost.com assets.track.easypost.com ec.walkme.com cdn.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net www.google-analytics.com www.gstatic.com q.stripe.com brand.easypostpartnercontent.com www.googletagmanager.com ssl.google-analytics.com data: easypost.zendesk.com; font-src assets.easypost.com track.easypost.com fonts.gstatic.com data:; connect-src https://www.google.com track.easypost.com www.easypost.com www-canary.easypost.com usps.easypost.com usps.easypost.com checkout.stripe.com www.google-analytics.com boards-api.greenhouse.io; worker-src assets.easypost.com blob: www.gstatic.com www.google.com; frame-src assets.track.easypost hire.withgoogle.com cdn.plaid.com cdn.walkme.com checkout.stripe.com track.easypost.com www.googletagmanager.com www.google.com www.youtube.com; report-uri https://sentry.io/api/1431584/security/?sentry_key=c94f0945b0d34659b3df102773f484d9 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AJO3FBRUE6J4S:sid=262-9635080-5771362:rid=H4B59SPZ3XSA93AG0YZB:sn=www.audible.in 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; media-src blob: https:; img-src https: data:; font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; report-uri /corp_includes/report_only.php 1
upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-eFcLvz76aX8wjYqEgljIH2L2xfg'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.ie *.ulsterbank.com *.ulsterbankanytimebanking.ie *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com www.irishlife.ie; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankroi.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
default-src https: 'self'; base-uri 'self'; child-src 'self' cdn.nakedapartments.com *.twitter.com *.facebook.com www.youtube.com player.vimeo.com *.google.com tpc.googlesyndication.com; connect-src 'self' wss: www.google-analytics.com www.google.com securepubads.g.doubleclick.net cdn.nakedapartments.com bam.nr-data.net; font-src 'self' data: fonts.gstatic.com cdn.nakedapartments.com; form-action 'self' github.com; frame-ancestors 'none'; img-src 'self' 'unsafe-inline' data: cdn.nakedapartments.com react.nakedapartments.com *.streeteasy.com *.yelpcdn.com *.ggpht.com cbks0.googleapis.com 1520522.r.msn.com 1520522.r.bat.bing.com www.facebook.com www.google-analytics.com web.facebook.com www.appelsiini.net www.googleadservices.com tpc.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net s3.amazonaws.com csi.gstatic.com pagead2.googlesyndication.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com *.google.com *.realtymx.com; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.nakedapartments.com react.nakedapartments.com platform.twitter.com *.google.com ssl.google-analytics.com flex.msn.com js.pusher.com stats.pusher.com maps.googleapis.com pagead2.googlesyndication.com s3.amazonaws.com www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googletagservices.com www.googleadservices.com securepubads.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net; style-src 'self' 'unsafe-inline' cdn.nakedapartments.com *.google.com *.googleapis.com; report-uri https://1627f29bce741ebdc46108ecd8ebba3c.report-uri.io/r/default/csp/reportOnly 1
report-uri https://sentry.io/api/1318134/security/?sentry_key=180a5bb8e9f14da280c79e29fca852e9 1
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com sentry.io app.getsentry.com api.unsplash.com; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com; manifest-src assets.sutori.com; report-uri https://sutori.report-uri.com/r/d/csp/reportOnly; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sc020yt0rwhkktjwws4uujxl.httpschecker.net/report 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-oBwzW8TojUe7ZSIKci4IWZx2ISw'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
block-all-mixed-content; report-uri https://freeml.report-uri.com/r/t/csp/reportOnly 1
default-src https: 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' *.bluekai.com *.doubleclick.net *.facebook.com *.pay.jp *.pa-mieruka.net; connect-src 'self' wss: http://*.milltalk.jp https://*.milltalk.jp *.juicer.cc; font-src 'self' data:; form-action 'self' http://*.milltalk.jp https://*.milltalk.jp *.facebook.com; frame-ancestors 'self' http://*.milltalk.jp https://*.milltalk.jp; img-src 'self' data: s3-ap-northeast-1.amazonaws.com *.s3-ap-northeast-1.amazonaws.com *.adsrvr.org *.adsymptotic.com *.bluekai.com *.eyeota.net *.doubleclick.net *.google.com *.google.co.jp *.google-analytics.com *.facebook.com *.tapad.com *.logly.co.jp *.macromill.com *.rfihub.com *.treasuredata.com; media-src 'self'; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.audiencedata.net *.bkrtx.com *.bluekai.com *.doubleclick.net *.facebook.net *.google.com *.google.co.jp *.googleadservices.com *.google-analytics.com *.im-apps.net *.iogous.com *.juicer.cc *.logly.co.jp *.newrelic.com *.nr-data.net *.optimizely.com *.pay.jp *.st-hatena.com *.tgknt.com *.treasuredata.com *.yahoo.co.jp; style-src 'self' 'unsafe-inline' http://*.milltalk.jp https://*.milltalk.jp; report-uri https://b406c5590dc0f4b10d7793992b090d94.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=b0261bb43f71782510fc9277b96fce42 1
default-src 'self'; form-action syndication.twitter.com; font-src fonts.gstatic.com 'self'; script-src www.google-analytics.com ssl.google-analytics.com mattferderer.disqus.com c.disquscdn.com disquscdn.com disqus.com 'sha256-jluvqYV+yikdUyrJXLXfQ3IqH3tg2zT4zsSdnyJGq0Q=' 'sha256-br3taa6UoQf+NnzvPwaf+h9pa1s5yK55CQiAK8UuKck=' 'sha256-/X5KeAU9h7+eH3OinNi2j3rJdxqwbgCcE5RQ0TbPEBQ=' 'sha256-50uvN+OBA5T7s19Mmq9R8LVpBvoSAbVoYBYxakB6LAI=' 'sha256-djHXyr2FAl7RaRvTW6hKlpk8EC2WSXasbYZqvF0EpbQ=' 'sha256-9jYD3aFJ2NMY14K0eIQDX509r/gwd0XYeAMbeee1xGQ=' 'self' strict-dynamic; img-src stats.g.doubleclick.net platform.twitter.com pbs.twimg.com syndication.twitter.com www.google-analytics.com ssl.google-analytics.com referrer.disqus.com c.disquscdn.com 'self' data:; style-src fonts.googleapis.com platform.twitter.com cdnjs.cloudflare.com/ajax/libs/prism/1.14.0/themes/prism.min.css c.disquscdn.com 'unsafe-inline' 'self'; worker-src 'self'; frame-src disqus.com; connect-src stats.g.doubleclick.net mattferderer.report-uri.com www.google-analytics.com platform.twitter.com fonts.gstatic.com mattferderer.disqus.com c.disquscdn.com disquscdn.com disqus.com 'self'; child-src embed.plnkr.co 'self'; object-src 'none'; report-uri https://mattferderer.report-uri.com/r/d/csp/wizard 1
block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com;  report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://78bea4bf87b149c097165aa3d49e632d.myssl-uri.com/api/csp-report 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://apis.google.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com https://google-analytics.com https://t.womtp.com https://api.ipify.org https://maps.googleapis.com https://www.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com https://stats.g.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ad.doubleclick.net https://ads.profilemkt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com; img-src 'self' data: *.azureedge.net https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://cdnpcomercialsolvia.azureedge.net https://www.google.com https://www.google.es https://sb.scorecardresearch.com *.g.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://in.hotjar.com *.cdnwebcloud.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; report-uri https://69b2b976c6287d70a018dda40c4a3fca.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' https://api.timekit.io https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.facebook.com https://www.gstatic.com https://www.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.twitter.com https://*.adform.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com; img-src * data:; frame-src 'self' https:; font-src 'self' data: https://*.livechatinc.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com assets.ubembed.com *.js.ubembed.com connect.facebook.net cdn.polyfill.io code.jquery.com s7.addthis.com m.addthisedge.com m.addthis.com use.typekit.net www.google-analytics.com ssl.google-analytics.com cable.disqus.com script.crazyegg.com platform.twitter.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com pcuktelecom.tdsapi.com pci.tdscd.com pcf.tdscd.com beacon-v2.helpscout.net unpkg.com localhost:3000; connect-src 'self' *.events.ubembed.com performance.typekit.net pcuktelecom.tdsapi.com pcf.tdscd.com m.addthis.com cable.us4.list-manage.com admin.cable.co.uk localhost:3000; img-src 'self' data: *.cable.co.uk p.typekit.net www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com syndication.twitter.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com platform.twitter.com pbs.twimg.com m.addthis.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com; style-src 'self' 'unsafe-inline' platform.twitter.com code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk localhost:3000; font-src 'self' fonts.typekit.net use.typekit.net maxcdn.bootstrapcdn.com pcf.tdscd.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' *.pages.ubembed.com platform.twitter.com syndication.twitter.com s7.addthis.com widget.trustpilot.com googleads.g.doubleclick.net data:; child-src 'self' blob:; report-uri https://bilgo.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://production-assets.noteflight.com https://js.recurly.com https://api.recurly.com https://js.stripe.com https://fast.appcues.com https://media.richrelevance.com https://www.google.com/recaptcha/ https://tag.manager.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.gstatic.com https://googleads.g.doubleclick.net https://s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js https://a.quora.com https://connect.facebook.net https://recs.richrelevance.com https://integration.richrelevance.com https://www.youtube.com https://s.ytimg.com https://w.soundcloud.com https://bat.bing.com https://api.unsplash.com/ https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' https://production-assets.noteflight.com https://assets1.noteflight.com https://fast.appcues.com; connect-src 'self' https://private-assets.production.noteflight.com https://production-assets.noteflight.com wss://api.appcues.net/v1/socket/websocket https://private-assets.production.noteflight.com https://www.google-analytics.com https://graph.facebook.com wss://api.appcues.net/v1/socket/websocket https://api.unsplash.com https://images.unsplash.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://graph.facebook.com; img-src 'self' data: https://assets1.noteflight.com https://assets.noteflight.com https://production-assets.noteflight.com https://public-assets.production.noteflight.com https://www.google-analytics.com https://www.google.com https://www.facebook.com/tr/ https://q.quora.com https://bat.bing.com https://www.google.com/pagead/ https://images.unsplash.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw; font-src 'self' data: https://production-assets.noteflight.com; media-src 'self' https://production-assets.noteflight.com; manifest-src 'self' https://*.noteflight.com/manifest.json; frame-src 'self' https://bid.g.doubleclick.net https://my.appcues.com/ https://www.facebook.com https://www.youtube.com https://w.soundcloud.com https://js.stripe.com https://www.google.com; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; worker-src 'self' blob: https://assets.production.noteflight.com; report-uri /create_csp_report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 1
default-src axabank.be https://www.axabank.be https://home.axabank.be; style-src https://www.axabank.be axabank.be https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src https://platform.twitter.com https://hello.myfonts.net https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://sjs.bizographics.com https://dc.ads.linkedin.com https://px.ads.linkedin.com https://connect.facebook.net https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.be https://maps.google.com https://maps.googleapis.com https://www.axabank.be https://home.axabank.be axabank.be https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.crazyegg.com 'unsafe-inline'; img-src 'self' data: https://home.axabank.be https://syndication.twitter.com https://raw.githubusercontent.com https://maps.googleapis.com https://maps.google.com https://www.axabank.be https://www.facebook.com https://secure.adnxs.com https://www.google.com https://www.google.be https://imp2.ads.linkedin.com https://stats.g.doubleclick.net https://www.google-analytics.com https://csi.gstatic.com https://maps.gstatic.com; font-src https://maxcdn.bootstrapcdn.com https://plugin.skedify.io https://www.prd.authoring.axabank.be http://www.axabank.be https://fonts.gstatic.com; frame-src https://www.facebook.com https://platform.twitter.com https://staticxx.facabook.com https://campaigns.axa.be https://www.axabank.be https://www.prd.authoring.axabank.be https://www.youtube.com http://5567266.fls.doubleclick.net; frame-ancestors https://axabank.be https://www.axabank.be https://home.axabank.be; connect-src https://www.axabank.be https://home.axabank.be https://esg.services.axabank.be https://api.skedify.io https://*.crazyegg.com; report-uri /CspReportsHandler.ashx 1
upgrade-insecure-requests; 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:; report-uri https://alfa.reality.cz/info/csp/ 1
default-src 'self'; child-src https://www.youtube.com https://*.twitter.com; connect-src 'self' https://*.qmee.com https://*.qmree.com wss://*.qmee.com wss://*.qmree.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://d1s51etp8bktk6.cloudfront.net; frame-ancestors https://*.qmee.com; frame-src https://www.youtube.com https://*.twitter.com https://*.facebook.com https://tpc.googlesyndication.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.gstatic.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com https://www.google.co.uk https://translate.googleapis.com https://translate.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ajax.googleapis.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://bam.nr-data.net https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://tpc.googlesyndication.com https://d3t2iypqerjd0u.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.twitter.com https://www.gstatic.com https://translate.googleapis.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; report-uri https://csp-report.qmee.com/csp_report_violations 1
default-src 'self'; img-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' *.doubleclick.net *.opentext.com data: *.everesttech.net *.llnwd.net *.xfinity.com *.plaxo.com *.licdn.com *.twitter.com *.facebook.com *.licdn.com *.brightcove.com *.superlawyers.com *.google-analytics.com *.cmptch.com *.demdex.net *.twitter.com *.akamaihd.net *.youtube.com *.betrad.com cdn.datatables.net *.eloqua.com *.google.com *.googletagmanager.com *.linkedin.com *.googlesyndication.com *.scorecardresearch.com *.googleapis.com *.gstatic.com *.doubleclick.com; font-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' data: cdn.tinymce.com fonts.gstatic.com; style-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' 'unsafe-inline' cdn.tinymce.com *.googleapis.com cdn.datatables.net *.gstatic.com; script-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' 'unsafe-inline' 'unsafe-eval' *.departapp.com *.thomsonreuters.com *.linkedin.com *.google-analytics.com *.rubiconproject.com *.bizographics.com *.perfdrive.com code.jquery.com https://ajax.cloudflare.com *.akamaihd.net *.omtrdc.net *.appdynamics.com *.opentext.com ajax.aspnetcdn.com *.facebook.net *.googletagmanager.com *.google.co.uk *.google.co.in *.google.co.in *.google-analytics.com *.scorecardresearch.com *.googletagservices.com img03.en25.com *.licdn.com *.lpsnmedia.net *.liveperson.net cdn.datatables.net *.doubleclick.net *.googleadservices.com *.brightcove.net *.googlesyndication.com *.gstatic.com *.betrad.com *.googleapis.com *.google.com cdn.jsdelivr.net assets.adobedtm.com assets.adobedtm.com *.findlaw.com *.issuu.com cdn.ampproject.org cdn.mouseflow.com cdnjs.cloudflare.com js.maxmind.com cdn.tinymce.com; connect-src 'self' *.akamaihd.net *.eum-appdynamics.com *.perfdrive.com *.superlawyers.com *.facebook.com *.google-analytics.com *.brightcove.com *.stickyadstv.com *.gstatic.net *.gstatic.com *.mouseflow.com *.springserve.com *.findlaw.com *.springserve.com *.advertising.com *.demdex.net *.googlesyndication.com *.vertamedia.com *.doubleclick.net *.googlesyndication.com *.google.com; frame-ancestors 'self'; frame-src *.issuu.com *.google.com *.googletagservices.com *.liveperson.net *.akamaihd.net *.youtube.com *.demdex.net *.lpsnmedia.net *.googlesyndication.com *.facebook.net *.facebook.com *.doubleclick.net; media-src https://s3.amazonaws.com/i.superlawyers.com/ https://d22sy6g45ur8ee.cloudfront.net *.superlawyers.com https://d22sy6g45ur8ee.cloudfront.net/assets 'self' *.media.brightcove.com; object-src 'none'; manifest-src *.superlawyers.com; report-uri https://superlawyers.report-uri.com/r/t/csp/reportOnly; 1
default-src 'self' https:; font-src 'self' https: data:; frame-ancestors 'none'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /loadnocache/csp-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=f36a8c59b3722878349551540187d6c4 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ds-aksb-a.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.at https://m.lookfantastic.at https://checkout.lookfantastic.at https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://ds-aksb-a.akamaihd.net https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
report-uri https://sentry.io/api/1381643/csp-report/?sentry_key=035194ae1605493c99dd66c2a7b2ca98;base-uri 'self';font-src https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://js.intercomcdn.com https://*.stripe.com https://commondatastorage.googleapis.com https://outschool.com https://*.outschool.com data: blob: https://fast.wistia.com;img-src 'self' https: blob: data: https://*.outschool.com;media-src data: https://*.outschool.com https://www.filepicker.io https://cdn.filestackcontent.com https://*.stripe.com https://js.intercomcdn.com blob: https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com;object-src https://embedwistia-a.akamaihd.net;style-src 'self' 'unsafe-inline' https://*.outschool.com https://fonts.googleapis.com https://static.filestackapi.com https://static.opentok.com https://*.stripe.com;script-src 'self' 'unsafe-inline' https://*.outschool.com https://cdn.segment.com https://*.stripe.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://connect.facebook.net https://*.pinimg.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://www.fullstory.com https://js.intercomcdn.com https://*.intercom.io https://static.filestackapi.com https://static.opentok.com https://a.quora.com https://*.criteo.com https://*.criteo.net https://js-agent.newrelic.com https://bam.nr-data.net 'unsafe-eval' blob: https://fast.wistia.com https://fast.wistia.net https://src.litix.io;frame-src https://outschool.zoom.us https://zoom.us https://widget.intercom.io https://intercom-sheets.com https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://*.stripe.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://*.criteo.com https://*.criteo.net https://fast.wistia.com;connect-src 'self' blob: https://sentry.io https://bam.nr-data.net https://api.segment.io https://www.facebook.com https://rs.fullstory.com https://*.filestackapi.com https://cdn.filestackcontent.com https://*.intercom.io wss://*.intercom.io https://js.intercomcdn.com https://uploads.intercomcdn.com https://maps.googleapis.com https://s3.amazonaws.com https://anvil.opentok.com https://hlg.tokbox.com https://*.pinterest.com wss://*.tokbox.com https://*.stripe.com https://stats.g.doubleclick.net https://www.google-analytics.com https://app.getsentry.com https://embedwistia-a.akamaihd.net https://distillery.wistia.com https://embed-ssl.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://*.outschool.com;default-src blob: 'self' https://*.stripe.com https://*.outschool.com 1
default-src 'none'; form-action 'self' https://*.pensionsmyndigheten.se https://*.legitimeringstjanst.se https://*.underskriftstjanst.se https://*.minpension.se https://idp-sweden-connect-valfr-2017.prod.frejaeid.com https://connector.eidas.swedenconnect.se; frame-ancestors 'none'; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.pensionsmyndigheten.se https://fonts.googleapis.com https://d6tizftlrpuof.cloudfront.net https://f1-eu.readspeaker.com https://translate.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pensionsmyndigheten.se https://f1-eu.readspeaker.com https://*.usabilla.com https://track.adform.net https://web.easyresearch.se https://d6tizftlrpuof.cloudfront.net https://system.webday.se https://translate.googleapis.com https://connect.facebook.net https://ajax.googleapis.com; img-src 'self' https://*.pensionsmyndigheten.se data: https://ppm.112.2o7.net https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.gstatic.com https://img.youtube.com https://www-dist.minpension.se https://f1-eu.readspeaker.com https://www.facebook.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://translate.googleapis.com; frame-src 'self' https://*.youtube.com https://d6tizftlrpuof.cloudfront.net https://*.readspeaker.com https://system.webday.se; media-src 'self' https://*.readspeaker.com; report-uri https://pensionsmyndigheten.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com; report-uri /csp-reports 1
img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.google-analytics.com www.gstatic.com ajax.googleapis.com www.google.com widget.intercom.io www.googleadservices.com googleads.g.doubleclick.net https://js.intercomcdn.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com; font-src 'self' fonts.gstatic.com js.intercomcdn.com; img-src 'self' data: https://ssl.google-analytics.com https://ajax.googleapis.com https://*.intercomcdn.com https://static.intercomassets.com/; frame-src www.youtube.com www.google.com; connect-src 'self' wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercom.io https://uploads.intercomcdn.com/; media-src 'self' https://js.intercomcdn.com/; report-uri /callback/csp-report.php; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.de ; font-src 'self' https: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' https:; child-src 'self' https: https://cdn.ampproject.org; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://www.googletagservices.com https://cdn.doubleverify.com; style-src 'self' https: 'unsafe-inline'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=76103b58&report_only=true&env=production 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/tr/prod 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.everplans.com js-agent.newrelic.com bam.nr-data.net pi.pardot.com a248.e.akamai.net downloads.mailchimp.com mc.us7.list-manage.com *.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.googleadservices.com *.g.doubleclick.net use.typekit.net *.livechatinc.com *.addthis.com v1.addthisedge.com *.twitter.com connect.facebook.net cdn.embedly.com px.ads.linkedin.com fast.wistia.com onlinedialogue.s3.amazonaws.com snap.licdn.com cdn.optimizely.com script.crazyegg.com; object-src 'self'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com fonts.googleapis.com netdna.bootstrapcdn.com; img-src 'self' data: *.everplans.com p.typekit.net ping.chartbeat.net secure.livechatinc.com www.google.com www.googletagmanager.com stats.g.doubleclick.net i.imgur.com v1.addthis.com t.co www.facebook.com storage.pardot.com fast.wistia.com embedwistia-a.akamaihd.net; media-src 'self' blob: cdn.livechatinc.com; frame-src 'self' *.everplans.com secure.livechatinc.com go.pardot.com *.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; frame-ancestors 'self'; child-src 'self' *.everplans.com s7.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; font-src 'self' data: fonts.gstatic.com use.typekit.net netdna.bootstrapcdn.com; connect-src 'self' data: *.everplans.com v1.addthis.com *.wistia.com embedwistia-a.akamaihd.net; report-uri https://my.everplans.com/csp_report; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' https://www.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com; img-src * 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/logging/log_csp_report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://connect.facebook.net https://api.instagram.com https://maps.googleapis.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://scontent.cdninstagram.com https://maps.gstatic.com https://csi.gstatic.com  https://maps.googleapis.com https://bat.bing.com data:; object-src https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net; frame-src https://www.google.com https://www.facebook.com https://disqus.com https://www.youtube.com  https://www.youtube-nocookie.com https://moneybird.clickwebinar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' blob: data: about: *.google.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.facebook.com *.adroll.com sync.outbrain.com *.doubleclick.net *.googleapis.com zopim.com *.zopim.com wss://*.zopim.com *.google-analytics.com *.gstatic.com crossmetrix.com pippio.com *.leadfamly.com *.googleadservices.com trc.taboola.com dsum-sec.casalemedia.com *.facebook.net *.zdassets.com adtr.io *.adform.net *.zendesk.com x.bidswitch.net *.trustpilot.com *.newrelic.com *.sleeknote.com *.vimeocdn.com *.adservicemedia.dk cdn3.org *.atdmt.com *.yahoo.com *.3lift.com *.pubmatic.com *.linksynergy.com *.magentocommerce.com *.cogocast.net *.msecnd.net *.adtraction.com *.advertising.com pixel.rubiconproject.com *.zopim.io *.nr-data.net *.googletagmanager.com *.pushengage.com *.openx.net idsync.rlcdn.com ib.adnxs.com *.queue-it.net *.raptorsmartadvisor.com *.vimeo.com jxp.dk *.jxp.dk *.amazonaws.com *.sport24outlet.dk p.adsymptotic.com *.siliconanalytics.com match.adsrvr.org *.youtube.com segments.company-target.com *.dlx.addthis.com *.nexac.com d.turn.com serenityart.biz platform-lookaside.fbsbx.com gsa://onpageload tag.apxlv.com smackbolt.com 1
default-src * 'unsafe-eval' 'unsafe-inline' 'self' blob:; font-src 'self' https://vjs.zencdn.net data:; img-src * data:; media-src 'self' https://vjs.zencdn.net https://*.brightcove.com blob:; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self'; report-uri /ContentSecurityPolicy/Report 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-fayclen1hX8RzaVmTn6iOA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; connect-src https: wss:; report-uri https://verivox.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; script-src 'self' 'unsafe-inline' asset; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com/; report-uri //joinpage.webbilling.com/logservice.php 1
default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 1
child-src 'self'; connect-src 'self' data: http://*.facebook.com http://*.fundthatflip.com http://*.lkqd.net http://*.s3.amazonaws.com https://*.algolia.net https://*.algolianet.com https://*.datapipe.prodperfect.com https://*.facebook.com https://*.fullstory.com https://*.fundamerica.com https://*.fundthatflip.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.ca https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.bd https://*.google.com.ph https://*.google.es https://*.googleapis.com https://*.honeybadger.io https://*.hotjar.com https://*.hubapi.com https://*.hubspot.com https://*.jquery.com https://*.linkedin.com https://*.lkqd.net https://*.nr-data.net https://*.s3.amazonaws.com https://*.verygoodproxy.com https://*.verygoodvault.com wss://*.fundthatflip.com wss://*.hotjar.com; default-src 'self' cnd.tryretool.com http://*.tryretool.com https://*.tryretool.com; font-src 'self' data: http://*.fundthatflip.com http://*.gstatic.com https://*.amazonaws.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.fundamerica.com https://*.fundthatflip.com https://*.googleapis.com https://*.gstatic.com https://*.s3-accelerate.amazonaws.com wss://*.fundthatflip.com; frame-src 'self' data: http://*.facebook.com http://*.tryretool.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hellosign.com https://*.hotjar.com https://*.hsforms.com https://*.hubspot.com https://*.recruiterbox.com https://*.tryretool.com https://*.twitter.com https://*.verygoodproxy.com https://*.verygoodvault.com https://*.youtube.com wss://*.hotjar.com; img-src 'self' blob: data: http://*.facebook.com http://*.fundthatflip.com http://*.gstatic.com http://*.lkqd.net http://*.s3.amazonaws.com https://*.adnxs.com https://*.amazonaws.com https://*.bing.com https://*.cloudflare.com https://*.datapipe.prodperfect.com https://*.facebook.com https://*.fullstory.com https://*.fundamerica.com https://*.fundthatflip.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.al https://*.google.be https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ma https://*.google.co.th https://*.google.co.uk https://*.google.co.ve https://*.google.co.za https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.mx https://*.google.com.na https://*.google.com.ng https://*.google.com.np https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.qa https://*.google.com.sa https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hr https://*.google.ie https://*.google.im https://*.google.it https://*.google.lt https://*.google.mn https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://*.google.sk https://*.google.sn https://*.google.tt https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.hsforms.com https://*.hubspot.com https://*.licdn.com https://*.lkqd.net https://*.nr-data.net https://*.recruiterbox.com https://*.s3.amazonaws.com https://*.ytimg.com wss://*.fundthatflip.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: http://*.fundthatflip.com http://*.lkqd.net http://*.tryretool.com https://*.ads.linkedin.com https://*.algolia.net https://*.algolianet.com https://*.bing.com https://*.cloudfront.net https://*.facebook.net https://*.fundamerica.com https://*.fundthatflip.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-growth-metrics.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.licdn.com https://*.linkedin.com https://*.lkqd.net https://*.newrelic.com https://*.nr-data.net https://*.recruiterbox.com https://*.trackinglibrary.prodperfect.com https://*.tryretool.com https://*.twitter.com https://*.usemessages.com https://*.verygoodproxy.com https://*.verygoodvault.com https://*.youtube.com https://*.ytimg.com https://fullstory.com wss://*.fundthatflip.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' blob: http://*.fundthatflip.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.fundamerica.com https://*.fundthatflip.com https://*.google.com https://*.googleapis.com https://*.recruiterbox.com wss://*.fundthatflip.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_89b218a956594ce79c4b46cf1ca79623 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-nU651BIpGKWDyty2rP3i7oy8k'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.com *.google.com *.googletagmanager.com *.siteimproveanalytics.com https://siteimproveanalytics.com *.twitter.com *.bootstrapcdn.com *.googleapis.com *.youtube.com *.vimeo.com *.google-analytics.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' cdn.ravenjs.com www.googletagmanager.com www.google-analytics.com js.driftt.com js.hs-scripts.com js.hs-analytics.net forms.hsforms.com js.hsforms.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; connect-src 'self' sentry.io reload.getsentry.net api.amplitude.com https://*.optimizely.com; img-src 'self' data: sentry-brand.storage.googleapis.com sentry-blog.storage.googleapis.com sentryio-assets.storage.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com track.hubspot.com forms.hsforms.com https://app.optimizely.com https://cdn.optimizely.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' js.driftt.com player.vimeo.com https://a14597610036.cdn.optimizely.com; media-src sentryio-assets.storage.googleapis.com; report-uri https://sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 1
default-src 'self' ok4static.oktacdn.com; connect-src 'self' ok4static.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' ok4static.oktacdn.com; style-src 'unsafe-inline' 'self' ok4static.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' login.okta.com; img-src 'self' ok4static.oktacdn.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-ancestors 'self'; report-uri https://okta.report-uri.com/r/d/csp/reportOnly; report-to csp-report 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.gr https://m.lookfantastic.gr https://checkout.lookfantastic.gr https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src wss: https:; img-src data: https:; style-src https: 'unsafe-inline'; report-uri https://sentry.io/api/1467598/security/?sentry_key=8c8550f73a584c5cb234756c8cfc441d; report-to csp-reporting; 1
default-src 'self' *.rocketbank.ru *.rocket-cdn.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rocket-cdn.ru *.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net static.criteo.net pixel.betweenx.com www.googletagmanager.com api-maps.yandex.ru yandex.st connect.facebook.net enterprise.api-maps.yandex.ru mc.yandex.ru stats.g.doubleclick.net top-fwz1.mail.ru vk.com www.google-analytics.com www.google.com cdn.jsdelivr.net js-agent.newrelic.com maps.googleapis.com; connect-src 'self' rocketbank.ru report.rocket-cdn.ru tetsuo.rocketbank.ru stats.g.doubleclick.net dadata.ru suggestions.dadata.ru top-fwz1.mail.ru mc.yandex.ru www.facebook.com www.google-analytics.com; frame-src 'self' *.fls.doubleclick.net *.googleadservices.com stats.g.doubleclick.net mc.yandex.ru www.google-analytics.com www.google.com www.facebook.com gum.criteo.com; media-src 'self' blob: ; img-src 'self' data: blob: *.rocket-cdn.ru maps.googleapis.com maps.gstatic.com api-maps.yandex.ru top-fwz1.mail.ru enterprise.api-maps.yandex.ru mc.yandex.ru *.maps.yandex.net vk.com www.facebook.com www.google-analytics.com www.google.ru www.google.com stats.g.doubleclick.net s3.amazonaws.com login.vk.com; style-src 'self' 'unsafe-inline' blob: *.rocket-cdn.ru cdn.jsdelivr.net; font-src 'self' data: https:; frame-ancestors 'self' *.rocketbank.ru webvisor.com *.yandex.net; report-uri https://report.rocket-cdn.ru/api/4/security/?sentry_key=0cc52e6197f842eeadf0de5d2c3cf600 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kmnb9njjp1xgm16brnc7t488.httpschecker.net/report; report-to https://kmnb9njjp1xgm16brnc7t488.httpschecker.net/report 1
default-src 'self' https://zp2a15dfh8-flywheel.netdna-ssl.com 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com gateway7.whoson.com hosted7.whoson.com cambstorelive.blob.core.windows.net www.google-analytics.com connect.facebook.net bat.bing.com googleads.g.doubleclick.net www.facebook.com www.google.co.uk www.google.com stats.g.doubleclick.net maxcdn.bootstrapcdn.com fonts.googleapis.com placehold.it fonts.gstatic.com www.googleadservices.com teamspiritapps.co.uk u.logbor.com maps.googleapis.com maps.gstatic.com *.cambridgebs.co.uk; img-src 'self' data: www.googletagmanager.com gateway7.whoson.com hosted7.whoson.com cambstorelive.blob.core.windows.net www.google-analytics.com connect.facebook.net bat.bing.com googleads.g.doubleclick.net www.facebook.com www.google.co.uk www.google.com stats.g.doubleclick.net maxcdn.bootstrapcdn.com fonts.googleapis.com placehold.it fonts.gstatic.com www.googleadservices.com teamspiritapps.co.uk u.logbor.com maps.googleapis.com maps.gstatic.com *.cambridgebs.co.uk 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss: 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://comments.grahamedgecombe.com https://www.google-analytics.com; connect-src 'self' https://comments.grahamedgecombe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com; frame-ancestors 'none'; report-uri https://gpe.report-uri.io/r/default/csp/reportOnly 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://ssl.google-analytics.com https://www.google-analytics.com https://google-analytics.com www.google.com www.gstatic.com cdn.paddle.com checkout.paddle.com https://*.zopim.com *.zdassets.com; frame-src www.google.com checkout.paddle.com buy.paddle.com create-checkout.paddle.com; connect-src 'self' d31j93rd8oukbv.cloudfront.net ssl.google-analytics.com analytics.paddle.com browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
default-src 'self'; form-action 'self'; base-uri 'self'; report-uri https://www.bai.org/static/security/securitylogger.aspx 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com *.aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' data: ; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;frame-ancestors 'none';report-uri /csp/report 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: ; report-uri https://csp.scran.ac.uk/scran-live; 1
default-src https: ;script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' ; img-src https: about: data: ; connect-src https: about: ; font-src data: https: ; object-src https: ; media-src https: ; frame-src https: ; frame-ancestors 'none' ; report-uri https://www.eventbrite.nl/ajax/csp-violation/action 1
report-uri https://virtualglobetrotting.com/report/ESGA4-ZKPPH-CRQZS-M8LQ7-ZVYEQ; report-to default; default-src 'self' *.vgtstatic.com; frame-src 'self' *.doubleclick.net *.google.com; script-src 'unsafe-inline' 'self' *.vgtstatic.com *.go-mpulse.net *.google-analytics.com *.googlesyndication.com *.google.com *.google.co.uk *.googletagservices.com *.cloudflare.com; style-src 'unsafe-inline' 'self' *.vgtstatic.com; font-src 'self' *.vgtstatic.com data: *.gstatic.com; img-src 'self' *.vgtstatic.com *.google-analytics.com data: *.doubleclick.net *.googlesyndication.com *.googleapis.com *.moatads.com; connect-src 'self' *.vgtstatic.com *.go-mpulse.net *.akstat.io fast-stats.io *.akamaihd.net *.google-analytics.com *.doubleclick.net *.gstatic.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://2gub4a67k9.execute-api.eu-central-1.amazonaws.com/csp/ 1
default-src 'self' 'unsafe-inline' data: *.offerrum.com *.google.com *.googleapis.com *.yandex.ru *.yandex.md *.gstatic.com mtrkmtrk.com *.youtube.com; report-uri https://sentry.offerrum.com/api/17/security/?sentry_key=bfabbca14ec14da7aabe086edc6cbfc1 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://wb.messengerpeople.com https://tpc.googlesyndication.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://*.google.co.in https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.co.in https://m.myprotein.co.in https://checkout.myprotein.co.in https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://cdncache-a.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.pl https://m.lookfantastic.pl https://checkout.lookfantastic.pl https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dwolla.com dtlilztwypawv.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleads.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.adroll.com *.adnxs.com *.googleadservices.com *.yahoo.com *.bidswitch.net *.twitter.com *.rlcdn.com *.connexity.net static.chartbeat.com *.akamai.net *.optimizely.com *.cdngc.net *.iovation.com pi.pardot.com px.ads.linkedin.com snap.licdn.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com js-agent.newrelic.com bam.nr-data.net s0.wp.com s1.wp.com stats.wp.com widget.intercom.io a.quora.com cdnjs.cloudflare.com js.intercomcdn.com siftscience.com www.linkedin.com data:; style-src 'self' 'unsafe-inline' cdn.dwolla.com fonts.googleapis.com safari-extension://* chrome-extension://*; img-src * data:; font-src * data:; frame-src 'self' *.dwolla.com *.facebook.com *.googletagmanager.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com *.chartbeat.com platform.twitter.com; connect-src 'self' *.optimizely.com *.intercom.io status.g.doubleclick.net api.ipify.org; object-src 'self' *.cdngc.net *.iovation.com cdn.dwolla.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.adelphi.edu/_logger/csp.php?host=www.adelphi.edu 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.yandex.ru  https://*.yandex.net https://*.google.ru https://ct.pinterest.com https://*.google.com.ua https://*.akamaihd.net https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.ru https://m.myprotein.ru https://checkout.myprotein.ru https://connect.facebook.net https://ct.pinterest.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://mc.yandex.ru https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; worker-src https: data: blob:; font-src https: data:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=log&sessionId=07fafa40a24644cb73169d7fa437d71f62a68b7f 1
default-src 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.addthis.com *.addthisedge.com *.brightcove.net *.brightcove.com *.demdex.net *.doubleclick.net *.idio.co *.facebook.net www.facebook.com/ *.google.com *.googletagmanager.com *.googlesyndication.com *.linkedin.com *.licdn.com *.morningstar.com ofi-digitalmedia-accentassets-prod-ue1.s3.amazonaws.com *.optimizely.com *.pulseinsights.com *.tealiumiq.com *.twitter.com *.ads-twitter.com *.zencdn.net *.d22xmn10vbouk4.cloudfront.net *.analyze.ly blob: data:; base-uri 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com; font-src 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.gstatic.com data:; img-src 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.akamaihd.net *.brightcove.com *.brightcove.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.idio.co t.co *.tealiumiq.com *.d22xmn10vbouk4.cloudfront.net *.analyze.ly data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com sjs.bizographics.com na5.thunderhead.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.addthis.com *.addthisedge.com *.adobedtm.com *.brightcove.net *.brightcove.com *.doubleclick.net *.facebook.net *.gstatic.com *.google.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com *.idio.co *.licdn.com *.linkedin.com *.optimizely.com *.pulseinsights.com *.tiqcdn.com *.twitter.com *.ads-twitter.com *.zencdn.net *.d22xmn10vbouk4.cloudfront.net *.analyze.ly blob: data:; style-src 'unsafe-inline' 'self' oppenheimerfunds.com *.oppenheimerfunds.com oppenheimerfunds.net *.oppenheimerfunds.net ofiglobal.com *.ofiglobal.com *.googleapis.com; report-uri https://5ff27446038fbaae5d149ddf2f968b84.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src 'unsafe-inline'; style-src 'unsafe-inline';  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' embed.tawk.to cdn.jsdelivr.net code.jquery.com maps.gstatic.com www.google-analytics.com www.googletraveladservices.com www.googletagmanager.com script.google.com fonts.googleapis.com pagead2.googlesyndication.com adservice.google.com adservice.google.co.kr www.googletagservices.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' code.jquery.com cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' tawk.link static-v.tawk.to cdn.jsdelivr.net www.google-analytics.com code.jquery.com; media-src 'self' static-v.tawk.to; object-src 'self'; report-uri https://malwarezero.report-uri.io/r/default/csp/readOnly 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src 'none'; connect-src 'self' data: https://titanic.honeybadger.io https://*.convertikit.com https://dmm.rightmessage.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https://honeybadger-static.s3.amazonaws.com https://docs-honeybadger.s3.amazonaws.com/ https://www.googletagmanager.com/ https://*.wistia.com/ https://www.gstatic.com https://stats.g.doubleclick.net https://ton.twimg.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://d3aei7d2k8qp8j.cloudfront.net https://embedwistia-a.akamaihd.net https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://app.rightmessage.com/adminvisitor https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://loginchecker.rightmessage.com https://tag.rightmessage.com/1661691228.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
style-src 'self' 'unsafe-inline' wagtail.hamilton-trust.org.uk; connect-src 'self' https://releases.wagtail.io/; default-src 'self' www.googletagmanager.com wagtail.hamilton-trust.org.uk; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtm.js?id=GTM-THR5KJ8 https://js.stripe.com 'unsafe-inline' www.google-analytics.com wagtail.hamilton-trust.org.uk; img-src 'self' hamiltontrust-live-b211b12a2ca14cbb94d6-36f68d2.divio-media.net wagtail.hamilton-trust.org.uk www.google-analytics.com www.gravatar.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.googleadservices.com *.g.doubleclick.net *.google.com *.facebook.com *.twitter.com google-analytics.com  *.google-analytics.com *.youtube.com googletagmanager.com *.googletagmanager.com *.googletagservices.com connect.facebook.net *.gstatic.com maps.googleapis.com gstatic.com googletagservices.com youtube.com googletagmanager.com google-analytics.com twitter.com sociomantic.com facebook.com google.com g.doubleclick.net googleadservices.com googlesyndication.com www.google.com.ua *.google.com.ua *.googleapis.com *.bootstrapcdn.com goo.gl admin.verbox.ru static.me-talk.ru widget.sender.mobi *.exist.ua exist.ua;  1
default-src * data:;script-src 'self' https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.zopim.com *.jivosite.com *.vimeo.com *.google.com https://viacep.com.br https://*.google.com https://*.gstatic.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; report-uri /report-csp 1
default-src 'self'; script-src 'self' 'nonce-2c0377dc-493b-4502-9a0e-6aab5039b0e9' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=emimino 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'none'; media-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-R2Bs41Qu32rEtcD5prApox101csW1fxJwXM/wP3IlEM8HdBcQ7jBbcuozTNTNmhsgJZJXIDoka8CkYR4c38fgA==' 'report-sample' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/hint.css/1.3.2/hint.min.css https://optimize.google.com/optimize/editor/css/css.css; font-src 'self' https://themes.googleusercontent.com/static/fonts/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.facebook.com data:; img-src * data:; frame-src data: 'self' https://*.doubleclick.net/ https://*.facebook.net/ https://www.youtube.com/ https://www.googletagmanager.com/ https://accounts.google.com/; connect-src *; object-src 'self'; child-src 'self'; report-uri https://ac82c0dc52571d815c9ba2a927354a38.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' ms-appx-web: https://*.mijnhelicon.nl; connect-src 'self' wss: https://*.mijnhelicon.nl; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://sxt.cdn.skype.com; img-src 'self' data: https://*.mijnhelicon.nl https://*.helicon.nl https://nl.sitestat.com https://*.gstatic.com https://*.surfconext.nl/; frame-src 'self' https://*.mijnhelicon.nl https://www.youtube.com ms-appx-web:; media-src 'self'; object-src 'self' https://www.youtube.com https://youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: mediastream: blob: https://*.mijnhelicon.nl https://*.helicon.nl https://vibe.mijnhelicon.nl; style-src 'self' 'unsafe-inline' https://*.mijnhelicon.nl https://fonts.googleapis.com; report-uri https://report-uri.mijnhelicon.nl/reports/csp.php; 1
default-src 'self'; connect-src 'self' https://api.sbab.se https://www.google-analytics.com https://*.doubleclick.net https://in.hotjar.com https://www.googleapis.com https://*.visualwebsiteoptimizer.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://bloggen.sbab.se; frame-src https://www.youtube.com https://*.rfihub.com https://syndication.twitter.com https://platform.twitter.com https://embed.bambuser.com https://in.hotjar.com https://vars.hotjar.com https://service.force.com; img-src 'self' https://syndication.twitter.com https://bilder.hemnet.se https://platform.twitter.com https://*.twimg.com https://www.sbab.se https://bloggen.sbab.se https://i.ytimg.com https://aa.agkn.com https://ads.yahoo.com https://simage2.pubmatic.com https://*.g.doubleclick.net https://us-u.openx.net https://www.google.com https://*.rfihub.com https://d.agkn.com https://dev.visualwebsiteoptimizer.com https://dsum-sec.casalemedia.com https://ib.adnxs.com https://o.adtriba.com https://pixel.rubiconproject.com https://soma.smaato.net https://sync.search.spotxchange.com https://tapestry.tapad.com https://www.facebook.com https://*.google-analytics.com https://www.google.* https://*.googlesyndication.com https://x.bidswitch.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://track.adform.net https://www.googleadservices.com https://platform.twitter.com https://cdn.syndication.twimg.com https://bloggen.sbab.se https://s.ytimg.com https://a.rfihub.com/idr.js https://c1.rfihub.net/js/tc.min.js https://cdn.adtriba.com/v2/adtriba.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/677988019016414 https://dev.visualwebsiteoptimizer.com https://*.hotjar.com https://www.youtube.com/iframe_api https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://ssl.google-analytics.com https://service.force.com https://*.salesforceliveagent.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com http://fonts.googleapis.com https://bloggen.sbab.se https://maxcdn.bootstrapcdn.com https://bloggen.sbab.se/wp-content/themes/wpex-luxmag_1.0 https://bloggen.sbab.se/wp-content/themes/wpex-luxmag_1.0/css/ https://service.force.com; report-uri https://sbab.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: blob: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval' http://*.cdn.ne.jp https://*.cdn.ne.jp; report-uri /analyze/cspreport.php 1
frame-ancestors https://*.prace.cz https://my.teamio.com https://*.facebook.com https://*.jobs.cz https://*.topjobs.sk; report-uri /csp-reports/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=c49eba1adb266569a8c4a916c2fea3d4 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://utdrvvtzkqpmtlszwunimosi.httpschecker.net/report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.net ; font-src 'self' https: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'none'; connect-src 'self'; font-src 'self' data:; frame-src 'self' https://go.pardot.com https://www.youtube.com https://www.youtu.be; img-src 'self' data: https://scontent.cdninstagram.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://www.youtube.com https://www.youtu.be; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://pi.pardot.com https://translate.google.com https://translate.googleapis.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; worker-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-cPNLIRwxsrxXkmpLIoL8vLYHuwg'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/gl/prod 1
default-src 'self'; font-src 'self' data: https:; img-src 'self' data: blob: https:; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https:; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https://www.google-analytics.com; frame-src 'self' https:; report-uri https://kanbantool.com/csp_report 1
form-action https://gesa.locatorsearch.com/ 'self'; script-src https://connect.facebook.net/ https://www.gstatic.com/ 'self' https://www.googleadservices.com/ https://*.google-analytics.com https://www.googletagmanager.com/ https://www.google.com/ 'unsafe-eval' https://googleads.g.doubleclick.net/ https://www.timevaluecalculators.com/ 'unsafe-inline'; img-src https://contentadmin.gesa.com/ https://www.facebook.com/ https://google-analytics.bi.owox.com/ 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com https://www.googletagmanager.com/ https://www.google.com/ data: https://www.timevaluecalculators.com/; frame-ancestors  'self'; font-src https://use.typekit.net/ data:; style-src 'unsafe-inline' 'self' https://*.typekit.net https://www.timevaluecalculators.com/; base-uri  'self'; worker-src  'none'; report-uri https://csp.tsrs.cloud/r/1ff01fcd4f218d401c7c990dc1fc0a32f03a3241; connect-src https://gesa.locatorsearch.com/ 'self' https://stats.g.doubleclick.net/; media-src  'self'; block-all-mixed-content;object-src  'none'; frame-src https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com/; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https: wss: data: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src 'self' wss:; report-uri /ping/ 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.com/ https://pagead2.googlesyndication.com/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.com https://apis.google.com https://accounts.google.com; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.com/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.com http://vk.com https://accounts.google.com/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 1
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/private/csp-report 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.crazyegg.com d2tic578h94r8u.cloudfront.net 'nonce-dyuuzC4MeTOO0CTZht06gA=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.typekit.net 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com s7.addthis.com assets.pinterest.com player.vimeo.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com checkout.paypal.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com *.honeybadger.io www.facebook.com *.crazyegg.com s.yimg.com http://localhost:3035 ws://localhost:3035 d2tic578h94r8u.cloudfront.net strict-dynamic; report-uri /csp_reports 1
default-src 'none'; img-src 'self' data: https://q.quora.com https://www.google.com/ads https://www.google.co.uk/ads https://static.localcoinswap.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://insights.hotjar.com https://static.hotjar.com; font-src 'self' data: https://static.localcoinswap.com https://fonts.gstatic.com https://static.hotjar.com; script-src 'self' https://localcoinswap.com https://static.localcoinswap.com https://maps.googleapis.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.localcoinswap.com https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' https://vc.hotjar.io https://api.ipify.org wss://localcoinswap.com https://sentry.localcoinswap.com https://www.facebook.com/tr/ https://maps.google.com https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://www.google.com https://vars.hotjar.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://static.localcoinswap.com; report-uri https://localcoinswap.com/report-csp-violation/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=0cbe92943b1dfa4b210b1bac12996d8c 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 1
report-uri https://csp.edipresse.pl/report/wizaz; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com bam.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net secure-nz.imrworldwide.com static.criteo.net *.criteo.com web-sdk.urbanairship.com web-push-api.urbanairship.com *.appboycdn.com *.braze.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.fontawesome.com storage.googleapis.com *.fontawesome.com; default-src web-push-api.urbanairship.com *.criteo.com web-sdk.urbanairship.com *.appboycdn.com bid.g.doubleclick.net blob: storage.googleapis.com *.braze.com static.criteo.net *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com *.googlesyndication.com 'self' data: secure-nz.imrworldwide.com www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com secure-nz.imrworldwide.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net secure-nz.imrworldwide.com *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com web-sdk.urbanairship.com web-push-api.urbanairship.com *.appboycdn.com *.braze.com storage.googleapis.com www.googletagservices.com *.googlesyndication.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz web-sdk.urbanairship.com web-push-api.urbanairship.com *.appboycdn.com *.braze.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org *.doubleclick.net secure-nz.imrworldwide.com tags.crwdcntrl.net nzme-ads.co.nz *.googletagservices.com *.google.co.nz *.google.com *.fontawesome.com; font-src 'self' *.grabone.co.nz fonts.gstatic.com *.fontawesome.com data: storage.googleapis.com *.fontawesome.com; report-uri https://f6v4mfnzug.execute-api.ap-southeast-2.amazonaws.com/prod/csp 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https:; report-uri /csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: blob:; report-uri /csp-report 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
default-src c.disquscdn.com disqus.com image-src.kualo.com; object-src div.show; script-src image-src.kualo.com d3rxaij56vjege.cloudfront.net kualo.activehosted.com kualo.disqus.com analytics.twitter.com *.crisp.chat www.google.com static.hotjar.com libraries.hund.io trackcmp.net www.google-analytics.com static.ads-twitter.com connect.facebook.net rum-static.pingdom.net widget.trustpilot.com maxcdn.bootstrapcdn.com www.gstatic.com cdn.kualo.com www.googletagmanager.com w.recruiterbox.com *.addthis.com c.disquscdn.com m.addthisedge.com graph.facebook.com www.linkedin.com *.hotjar.com ajax.googleapis.com cdn.syndication.twimg.com cdnjs.cloudflare.com connect.facebook.net d3vv6lp55qjaqc.cloudfront.net disqus.com kualo-cdn.r.worldssl.net links.services.disqus.com maps.googleapis.com my.kualo.com netdna.bootstrapcdn.com platform.twitter.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src image-src.kualo.com cdn.jsdelivr.net *.crisp.chat fonts.googleapis.com cdn.kualo.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com libraries.hund.io w.recruiterbox.com c.disquscdn.com kualo-cdn.r.worldssl.net my.kualo.com netdna.bootstrapcdn.com platform.twitter.com ton.twimg.com 'self' 'unsafe-inline'; img-src image-src.kualo.com kualo-cdn.r.worldssl.net images.softaculous.com *.crisp.chat www.google-analytics.com t.co www.facebook.com www.google.com cdn.kualo.com stats.g.doubleclick.net data: w.recruiterbox.com cdn.viglink.com links.services.disqus.com sync.crwdcntrl.net ps.eyeota.net ce.lijit.com abs.twimg.com c.disquscdn.com cdnjs.cloudflare.com content.screencast.com d226aj4ao1t61q.cloudfront.net d3vv6lp55qjaqc.cloudfront.net i.ytimg.com m.addthis.com maps.googleapis.com maps.gstatic.com pbs.twimg.com platform.twitter.com referrer.disqus.com screens.kgix.net syndication.twitter.com ton.twimg.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.softaculous.com 'self'; font-src client.crisp.chat fonts.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.kualo.com image-src.kualo.com kualo-cdn.r.worldssl.net my.kualo.com netdna.bootstrapcdn.com themes.googleusercontent.com www.kualosites.com 'self' 'unsafe-inline'; connect-src wss://*.crisp.chat rum-collector-2.pingdom.net www.google-analytics.com my.kualo.com status.kualo.com in.hotjar.com www.facebook.com connect.facebook.net *.crisp.chat links.services.disqus.com m.addthis.com 'self' cdn.kualo.com image-src.kualo.com s7.addthis.com stats.g.doubleclick.net; frame-src www.youtube.com widget.trustpilot.com vars.hotjar.com www.google.com www.facebook.com app.recruiterbox.com disqus.com *.addthis.com c.disquscdn.com game.crisp.chat platform.twitter.com staticxx.facebook.com syndication.twitter.com www.googletagmanager.com; script-src-elem cdn.syndication.twimg.com cdnjs.cloudflare.com d3vv6lp55qjaqc.cloudfront.net disqus.com links.services.disqus.com maps.googleapis.com platform.twitter.com ; style-src-elem c.disquscdn.com platform.twitter.com ton.twimg.com; manifest-src https://www.kualo.com https://www.kualo.co.uk https://www.kualo.in; report-uri https://kualo.report-uri.com/r/d/csp/wizard; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; form-action https:; report-uri https://arlingtonva.report-uri.io/r/default/csp/reportOnly; 1
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_2e3ddce6c77e41ce09fd466b7e423076 1
default-src 'self' data: *.doubleclick.net *.adriver.ru *.google.ru *.google.com *.criteo.com *.criteo.net tags.soloway.ru vk.com top-fwz1.mail.ru *.facebook.com *.facebook.net www.googletagmanager.com www.googleadservices.com player.vimeo.com *.livetex.ru *.yandex.net *.yandex.ru kontur.ru *.kontur.ru www.google-analytics.com counter.yadro.ru fonts.gstatic.com *.s-microsoft.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.kontur-extern.ru/private/csp-report 1
default-src 'none';block-all-mixed-content;base-uri 'self' https://*.dots.de; script-src 'report-sample' 'unsafe-inline' 'self'  'nonce-ZG90czIzNDM1NQ' 'nonce-ZG90czIzNDM3NA==' 'nonce-ZG90czIzNDM3MA==' 'nonce-ZG90czIzNDM3MQ==' 'nonce-ZG90czIzNDM3Mg==' 'nonce-ZG90czIzNDM3Mw=='  'nonce-ZG90czIzNDM1NA==' 'nonce-ZG90czIzNDM1Mw==' 'nonce-ZG90czIzNDM1Ng==' 'nonce-ZG90czIzNDM1Nw==' 'nonce-ZG90czIzNDM1OQ==' 'nonce-ZG90czIzNDM2MA==' 'nonce-ZG90czIzNDM2MQ==' 'nonce-ZG90czIzNDM2Mg==' 'nonce-ZG90czIzNDM2Mw==' s.ytimg.com use.typekit.net www.google.com www.google-analytics.com www.googleadservices.com ajax.googleapis.com browser-update.org; connect-src 'self'; img-src 'self' https: p.typekit.net; frame-src 'self' https: https://www.youtube-nocookie.com ; style-src 'self' 'unsafe-inline' ;font-src 'self' use.typekit.net https://use.typekit.net; media-src 'self' https: youtube-nocookie.com; manifest-src 'self' https: ;report-uri /csp.php; 1
default-src 'self'; img-src 'self' https: data:; script-src 'self' https://tag.yieldoptimizer.com https://www.gstatic.com https://cdn.polyfill.io https://code.jquery.com https://cdnjs.cloudflare.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://*.responsetap.com https://*.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://use.fontawesome.com https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://storify.com https://fonts.gstatic.com data:; child-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; frame-src https://*.wistia.net https://*.wistia.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.co.uk https://google-analytics.com https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.doubleclick.net https://*.twitter.com http://storify.com https://widget.trustpilot.com; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://api.trustpilot.com https://*.google.com; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; report-uri https://lotusgroup.report-uri.io/r/default/csp/reportOnly; media-src 'self'; worker-src 'self' 1
object-src 'none'; script-src 'nonce-f866fcafc96dcb51191e04a20be935e978eb0368' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'none'; report-uri https://proviso.report-uri.com/r/default/csp/reportOnly 1
report-uri https://29977f31d1f0eee3894a742ddae91cae.report-uri.com/r/d/csp/reportOnly; child-src https://*.pocruises.com.au http://*.pocruises.com.au https://*.fls.doubleclick.net https://www.youtube-nocookie.com https://tags.tiqcdn.com https://sdn.sitecore.net https://*.adsymptotic.com; frame-src https://*.pocruises.com.au http://*.pocruises.com.au http://sdn.sitecore.net https://bid.g.doubleclick.net https://widget.stackla.com https://goconnect.stackla.com https://*.fls.doubleclick.net https://www.youtube.com https://tags.tiqcdn.com https://www.youtube-nocookie.com https://www.paypal.com https://www.facebook.com https://*.adsymptotic.com https://*.mastercard.com 1
default-src 'self'; img-src 'self' *.gstatic.com ps.w.org *.gravatar.com *.amazonaws.com *.facebook.com *.google-analytics.com *.ytimg.com data:; script-src 'self' 'unsafe-inline' *.cloudflare.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.google-analytics.com *.codepen.io *.github.com *.vimeo.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.githubassets.com; font-src 'self' *.googleapis.com *.bootstrapcdn.com *.gstatic.com data:; media-src *.amazonaws.com; frame-src 'self' *.youtube.com *.google.com codepen.io *.vimeo.com *.facebook.com; connect-src 'self' yoast.com *.google-analytics.com; report-uri /reporte-csp/ 1
default-src 'self' https://www.google-analytics.com; child-src 'self';  object-src 'self' blob; style-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src 'self' 'blob' 'unsafe-eval' 'unsafe-inline' *; manifest-src 'self'; form-action 'self'; block-all-mixed-content; 1
child-src 'self'; connect-src http://*.hotjar.com https://*.intercom.io https://heapanalytics.com https://*.sumo.com https://*.delighted.com wss://*.hotjar.com https://*.linkedin.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.facebook.com https://*.getsentry.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.google.com https://*.lever.co https://*.ads.linkedin.com https://*.hotjar.com:12443 https://*.segment.io https://*.timekit.io https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://sumo.com https://*.sqreen.com wss://*.intercom.io https://*.g.doubleclick.net https://*.fullstory.com ws://*.hotjar.com https://*.google-analytics.com https://*.hotjar.com http://*.sqreen.com https://github.com https://*.contentful.com https://*.herokuapp.com wss://*.appcues.net http://*.google-analytics.com https://*.intercomcdn.com; default-src 'self'; font-src data: https://github.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com chrome-extension: 'self' https://*.googleapis.com https://*.intercomcdn.com https://*.gstatic.com https://*.cloudfront.net; frame-src https://*.typeform.com https://*.g.doubleclick.net ws://*.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.twitter.com https://*.amazonaws.com https://*.appcues.com https://*.facebook.com 'self' wss://*.hotjar.com http://*.g.doubleclick.net https://*.recurly.com http://*.appcues.com https://headway-widget.net 'unsafe-inline'; img-src https://t.co https://*.ctfassets.net http://*.adnxs.com https://*.google.ch https://*.google.co.il https://*.google.com.ph https://*.google.com.tw https://*.google.de https://*.amazonaws.com https://*.google.ae https://*.google.ie https://*.openx.net https://*.sumo.com https://heapanalytics.com https://*.marinsm.com https://*.gstatic.com https://*.intercomassets.com https://*.google.pt https://*.google.cz https://twitter.com https://*.google.it https://sumo.com https://*.google.se https://*.facebook.com https://*.google.pl 'self' https://*.prfct.co https://*.adnxs.com https://*.reddit.com https://*.twimg.com https://*.addthis.com http://*.googletagmanager.com https://*.google.com https://*.univide.com https://*.google.co.jp https://*.rubiconproject.com https://*.clearbit.com https://*.google.ca https://*.google.es http://*.g.doubleclick.net https://*.googleapis.com https://*.google.com.mx http://*.prfct.co data: https://*.sqreen.com https://*.googletagmanager.com http://heapanalytics.com https://*.google.be https://*.google.com.ar https://*.google.no https://*.google.com.au https://*.google.nl https://*.b-cdn.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com.ua https://*.googleadservices.com http://*.googleadservices.com http://*.sqreen.com https://*.twitter.com https://*.google.co.uk https://*.yahoo.com https://*.google.com.sg https://*.google.fr https://*.intercomcdn.com http://*.google-analytics.com https://*.google.co.in https://*.google.com.br http://t.co https://*.cloudfront.net; manifest-src 'self'; media-src https://*.intercomcdn.com 'self'; object-src 'self'; script-src https://*.ads-twitter.com 'unsafe-eval' http://*.perfectaudience.com http://*.hotjar.com https://fullstory.com https://*.amazonaws.com https://*.intercom.io https://*.sumo.com https://*.redditstatic.com wss://*.hotjar.com https://*.appcues.com https://*.linkedin.com 'unsafe-inline' http://*.ads-twitter.com https://*.typeform.com http://*.getdrip.com https://*.amplitude.com https://*.cloudflare.com https://*.perfectaudience.com 'self' https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.appcues.com http://*.googletagmanager.com https://*.bufferapp.com https://*.jquery.com https://*.heapanalytics.com http://*.facebook.net https://*.getdrip.com https://*.ads.linkedin.com https://*.timekit.io https://*.facebook.net https://*.googleapis.com http://*.g.doubleclick.net http://*.prfct.co https://*.googletagmanager.com https://*.licdn.com https://*.googleadservices.com wss://*.intercom.io data: https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net ws://*.hotjar.com https://*.google-analytics.com http://*.segment.com https://*.hotjar.com http://*.googleadservices.com http://*.heapanalytics.com https://*.twitter.com https://*.headwayapp.co https://*.herokuapp.com http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com; style-src https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.amazonaws.com https://*.appcues.com https://*.cloudfront.net 'self' https://*.googleapis.com http://*.appcues.com 'unsafe-inline'; worker-src 'self'; report-uri https://reports-api.sqreen.com/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; style-src-elem https://*.b-cdn.net https://*.twitter.com https://*.cloudflare.com https://*.sqreen.com http://*.sqreen.com https://*.amazonaws.com https://heapanalytics.com https://*.googleapis.com http://heapanalytics.com https://*.cloudfront.net 'unsafe-inline'; script-src-elem https://fullstory.com https://*.amazonaws.com https://heapanalytics.com https://*.sumo.com https://*.redditstatic.com https://*.linkedin.com 'unsafe-inline' http://*.getdrip.com https://*.amplitude.com https://twitter.com https://*.cloudflare.com https://*.prfct.co https://*.recurly.com https://*.reddit.com http://*.googletagmanager.com https://*.bufferapp.com https://*.heapanalytics.com https://*.getdrip.com https://*.ads.linkedin.com https://*.googleapis.com http://*.prfct.co http://*.g.doubleclick.net http://heapanalytics.com https://*.sqreen.com https://*.googletagmanager.com https://*.licdn.com https://reddit.com https://*.b-cdn.net https://*.g.doubleclick.net http://*.segment.com https://*.google-analytics.com https://*.twitter.com http://*.sqreen.com http://*.heapanalytics.com https://*.headwayapp.co http://*.google-analytics.com https://*.segment.com https://*.intercomcdn.com https://*.cloudfront.net https://*.pinterest.com 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-hAPI06mzjyNHwGqeh+sx/Q' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com code.jquery.com siteimproveanalytics.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: eu2.siteimprove.com www.google-analytics.com stats.g.doubleclick.net stats.g.doubleclick.net www.googletagmanager.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https://redactie.infoprojects.nl; worker-src 'self' https://redactie.infoprojects.nl; report-uri https://infoprojects.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; connect-src 'self' 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; img-src 'self' st.pimg.net *.mapper.ntppool.org; script-src 'self' 'unsafe-inline' cdn.statuspage.io st.pimg.net www.mapper.ntppool.org; style-src 'self' fonts.googleapis.com st.pimg.net; report-uri https://ntp.report-uri.com/r/d/csp/wizard 1
script-src 'nonce-XKValrA3PuacN0tR8Qb7wnDfN91FC2B4noXcwPDk+ng=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample';object-src 'self' https://*.kc-usercontent.com;base-uri 'self';report-uri https://kenticocloud.report-uri.io/r/default/csp/reportOnly 1
frame-ancestors 'self' www.chasepaymentechhostedpay.com ;font-src 'self' https://fonts.gstatic.com https://webfonts.zohostatic.com https://d3rr3d0n31t48m.cloudfront.net  https://static.ecorebates.com https://ajax.googleapis.com  data: ;base-uri 'self' ; object-src 'self' https://www.chasepaymentechhostedpay.com https://na.electroluxmedia.com; report-uri /CSP-report; 1
script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net 'unsafe-inline' 'self'; default-src 'none'; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'unsafe-inline' https://use.typekit.net; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org data: https://use.typekit.net https://themes.googleusercontent.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
frame-ancestors 'self' ;font-src 'self' https://fonts.gstatic.com  https://webfonts.zohostatic.com  https://static.ecorebates.com https://ajax.googleapis.com data:  ;base-uri 'self' ; object-src 'self' https://na.electroluxmedia.com; report-uri /CSP-report; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://rasch.report-uri.com/r/d/csp/wizard 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ch ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ch *.spreadshirt.ch ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.ch ; font-src 'self' https: *.spreadshirt.ch ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ch ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ch ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self';font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src vontobel-cloudbased-streaming.s3.amazonaws.com 'self' data: ssl.siteimprove.com ad.doubleclick.net statse.webtrendslive.com www.google-analytics.com analytics.twitter.com www.facebook.com t.co;script-src 'self' 'unsafe-inline' *.linkedin.com analytics.twitter.com www.facebook.com snap.licdn.com www.google-analytics.com s.webtrends.com tags.tiqcdn.com static.ads-twitter.com connect.facebook.net 'unsafe-inline' siteimproveanalytics.com static.ads-twitter.com t.co snap.licdn.com google-analytics.com s.webtrends.com tags.tiqcdn.com;frame-ancestors 'self';frame-src 'self';media-src vontobel-cloudbased-streaming.s3.amazonaws.com;report-uri /csp/report/; 1
default-src 'self' carjam.co.nz *.carjam.co.nz; connect-src 'self' carjam.co.nz *.carjam.co.nz www.google-analytics.com stats.g.doubleclick.net www.facebook.com; font-src 'self' carjam.co.nz *.carjam.co.nz data: d1oe1cut6yqpb4.cloudfront.net fonts.gstatic.com; frame-src 'self' carjam.co.nz *.carjam.co.nz staticxx.facebook.com www.facebook.com connect.facebook.net web.facebook.com www.youtube.com www.googletagmanager.com; img-src *; media-src 'self' carjam.co.nz *.carjam.co.nz www.youtube.com; object-src 'self' carjam.co.nz *.carjam.co.nz; script-src 'self' 'unsafe-inline' https: 'nonce-541f5b530a' 'strict-dynamic'; style-src 'self' carjam.co.nz *.carjam.co.nz d1oe1cut6yqpb4.cloudfront.net staticxx.facebook.com www.youtube.com 'unsafe-inline'; report-uri https://www.nzpro.com/csp-prod.php; 1
default-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com fast.wistia.com fast.wistia.net *.wistia.com *.wistia.com form.jotform.com cdn.jotfor.ms secure.jotformpro.com submit.jotformpro.com;style-src 'self' 'unsafe-inline' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;child-src 'self' https://voicethread.com fast.wistia.com fast.wistia.net *.wistia.com player.vimeo.com;connect-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com wss://prod-mq.voicethread.com *.akamaihd.net *.litix.io *.wistia.com *.litix.io;font-src 'self'  https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com;form-action 'self'  https://voicethread.com;frame-ancestors none ;img-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com *.akamaihd.net fast.wistia.com embed.wistia.com embedwistia-a.akamaihd.net events.jotform.com cdn.jotfor.ms;media-src 'self' https://voicethread.com https://prod-cdn.voicethread.com https://prod-transcode.voicethread.com embed.wistia.com embedwistia-a.akamaihd.net;object-src 'self' https://prod-cdn.voicethread.com;report-uri /csp_report/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.roche.com *.roche.net *.gene.com cdn.walkme.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src * 'self' data: ; connect-src * 'self' ; media-src * 'self' data:; object-src 'self' ; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; disown-opener; reflected-xss block; base-uri 'none'; plugin-types application/pdf; report-uri https://roche.report-uri.com/r/t/csp/reportonly; 1
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' https://charts3.equitystory.com https://socialcloud.bertelsmann.com https://www.youtube.com https://*.rtl.de; connect-src 'self' wss://*.bertelsmann.de https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net; report-uri http://deniol2415.nionex.net/report-uri.php 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.es&source%5Bsection%5D=brochure&source%5Buuid%5D=e606b84cda26e2a87171ffdcb27bfc6a 1
default-src 'self';style-src 'self';script-src 'self' 'unsafe-inline' https://cdn.mouseflow.com https://munchkin.marketo.net https://app-ab11.marketo.com https://assets.adobedtm.com;img-src 'self' http://cdn.gelifesciences.com;media-src 'self' http://cdn.gelifesciences.com;font-src 'self';report-uri http://gelifesciences.com/api/csp/report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://api.olark.com https://assets.adobedtm.com https://ajax.googleapis.com https://bam.nr-data.net https://c.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://maps.googleapis.com https://players.brightcove.net https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://static.addtoany.com https://static.olark.com https://vjs.zencdn.net https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com; script-src-elem 'self' 'unsafe-inline' http://c.evidon.com/sitenotice/evidon-sitenotice-tag.js http://c.evidon.com/geo/country.js http://c.evidon.com/sitenotice/2025/snthemes.js http://c.evidon.com/sitenotice/2025/translations/en.js http://s3.amazonaws.com/pfe_im/js/dev/pcc/custom/pfizercom-br/s_code_config.js http://s3.amazonaws.com/pfe_im/js/dev/pcc/s_code.js http://c.evidon.com/sitenotice/2025/pfizer/settings.js http://c.evidon.com/sitenotice/evidon-banner.js https://c.evidon.com/sitenotice/2025/pfizersite/settings.js  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com; connect-src 'self' https://edge.api.brightcove.com https://f1.media.brightcove.com https://knrpc.olark.com/nrpc/ https://secure.brightcove.com https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com/releases/ https://vjs.zencdn.net/; frame-src 'self' https://l3.evidon.com https://pfizergrv-eu-dev.janrainsso.com https://pfizergrv-eu-qa.janrainsso.com https://pfizer-grv-eu.janrainsso.com https://static.addtoany.com https://static.olark.com https://www.google.com/recaptcha/; img-src 'self' about: data: https://ad.doubleclick.net https://adservice.google.com https://brightcove.hs.llnwd.net https://c.evidon.com https://cdn.rawgit.com/ckeditor/ https://f1.media.brightcove.com https://khms0.googleapis.com https://khms1.googleapis.com https://l.betrad.com https://log.olark.com/jslog/ https://maps.googleapis.com https://maps.gstatic.com https://metrics.brightcove.com https://pfizer.122.2o7.net https://pfizer.sc.omtrdc.net https://raw.githubusercontent.com/ckeditor/ https://s3.amazonaws.com/pfe_grv/ https://s3-eu-west-1.amazonaws.com/sfactorycorp/ https://www.google-analytics.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.googletagmanager.com https://www.gstatic.com; manifest-src 'self'; media-src 'self' blob: https://f1.media.brightcove.com https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/; worker-src 'self' blob:; report-uri https://pfeprod.report-uri.com/r/t/csp/reportOnly 1
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp-report 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; script-src 'self' https:; style-src 'self' https:; img-src https: data: 'self'; object-src https: 'self'; font-src https: 'self'; connect-src https: 'self'; frame-ancestors 'self'; worker-src blob: https: 'self' 1
report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src 'self' https://cdn.performanceplustire.com https://www.performanceplustire.com; connect-src *.performanceplustire.com https://*.affirm.com https://d38nbbai6u794i.cloudfront.net https://e1.fanplayr.com https://js.callrail.com https://stats.g.doubleclick.net https://tracker.affirm.com https://w1.fanplayr.com https://www.facebook.com https://www.google-analytics.com https://www.iconfigurators.com; font-src *.performanceplustire.com data: https://assets.resultspage.com https://cdn1.affirm.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://sxt.cdn.skype.com; frame-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; child-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; img-src *.performanceplustire.com cdn.performanceplustire.com data: https://*.cloudfront.net https://aa.agkn.com https://adadvisor.net https://ads.betweendigital.com https://ads.yahoo.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://beacon.krxd.net http://cf.kampyle.com https://cm.g.doubleclick.net https://cw.addthis.com https://d.agkn.com https://d38nbbai6u794i.cloudfront.net https://dmp.truoptik.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://dyn.yelpcdn.com http://farm4.static.flickr.com https://i.ytimg.com https://ib.adnxs.com https://iconfigurators.com https://images.iconfigurators.com https://insight.adsrvr.org https://match.adsrvr.org https://match.sharethrough.com https://nsg.symantec.com https://odr.mookie1.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.personagraph.com https://pixel.rubiconproject.com https://pixel.tapad.com https://s.thebrighttag.com https://s.w.org http://s3.amazonaws.com https://s3.amazonaws.com https://secure.gravatar.com https://simage2.pubmatic.com https://sp.adbrn.com https://stats.g.doubleclick.net https://su.addthis.com https://sync.adap.tv https://sync.adaptv.advertising.com https://test.kampyle.com https://upload.wikimedia.org https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.iconfigurators.com https://www.insureship.com https://x.bidswitch.net; script-src 'unsafe-eval' 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://api-cf.affirm.com https://assets.pinterest.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://cdn.callrail.com https://cdn.performanceplustire.com https://cdn1.affirm.com https://connect.facebook.net https://d1q7pknmpq2wkm.cloudfront.net https://d38nbbai6u794i.cloudfront.net https://dyn.yelpcdn.com https://e1.fanplayr.com https://js.callrail.com https://log.pinterest.com https://maps.googleapis.com https://my.fanplayr.com https://nsg.symantec.com https://performanceplustire.resultspage.com https://s.btstatic.com https://s.thebrighttag.com https://savingsslider-a.akamaihd.net https://script.crazyegg.com https://w1.fanplayr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.iconfigurators.com https://www.insureship.com https://www.yelp.com https://yelp.com; style-src 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://assets.resultspage.com https://cdn1.affirm.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://performanceplustire.resultspage.com https://www.iconfigurators.com 1
base-uri 'self'; object-src 'self' http://*.tiles.virtualearth.net https://fpdownload.adobe.com http://dev.virtualearth.net https://swatshare-dev.rcac.purdue.edu; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.mygeohub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://mygeohub.org https://www.dropbox.com https://graph.facebook.com http://*.virtualearth.net https://geoserver.rcac.purdue.edu http://dev.virtualearth.net; default-src 'self' https://*.mygeohub.org https://*.mygeohub.aws.hubzero.org; font-src 'self' about: https://fonts.gstatic.com data: safari-extension: chrome-extension: https://maxcdn.bootstrapcdn.com; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://*.mygeohub.org https://*.mygeohub.aws.hubzero.org  https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com https://player.vimeo.com ; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com  https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: https://*.virtualearth.net https://cdn.jsdelivr.net https://geoserver.rcac.purdue.edu https://freegeoip.net swatshare-dev.rcac.purdue.edu https://cdnjs.cloudflare.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; report-uri https://help.hubzero.org/csp-cms.php; report-to cms 1
script-src *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://* 'self'; connect-src *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io; report-uri /ajax/content_policy_violation.php 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-iBrEbSAzaurovkVD5yRCHfPyp4'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-XtUo9ms0idRFqdMCm9VFZeSmGqY'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://translate.google.com https://translate.googleapis.com https://bat.bing.com https://m.addthis.com https://widget.intercom.io  https://app.intercom.io https://js.intercomcdn.com https://platform-api.sharethis.com https://m.addthisedge.com https://buttons-config.sharethis.com https://s7.addthis.com https://inlinemanual.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://code.jquery.com https://cdn.syndication.twimg.com https://stackpath.bootstrapcdn.com; style-src-elem * 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://translate.googleapis.com https://translate.googleapis.com/* https://translate.google.com https://platform-api.sharethis.com https://widget.intercom.io https://code.jquery.com https://js.intercomcdn.com https://connect.facebook.net; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://platform.twitter.com https://ton.twimg.com; connect-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://twitter.com https://firebasestorage.googleapis.com https://staticxx.facebook.com https://www.facebook.com https://c.sharethis.mgr.consensu.org https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com; object-src 'none'; media-src * 'unsafe-inline'; report-uri api/v1/public/reports 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
report-uri /api/log_csp_event 1
default-src 'self' data: gap: wss: ws: http: https: android-webview-video-poster:; script-src 'self' 'unsafe-inline' http://www.gstatic.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.intercomcdn.com https://www.googletagmanager.com https://*.mxpnl.com https://*.intercom.io https://*.polyfill.io https://*.stripe.com https://*.cloudinary.com 'nonce-9JdxX7zxvfucVkMzxoQc5'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self'; report-uri /api/__cspreport__ 1
report-uri https://sentry.io/api/1479396/security/?sentry_key=ebff80a744024d8a8f5630df4ea55e5d&sentry_environment=PROD&sentry_release=2019-8-22-1; default-src 'self'; script-src 'self' static.dynamicsignal.com www.googletagmanager.com *.google-analytics.com *.googleapis.com *.cloudfront.net connect.facebook.net assets.adobedtm.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' static.dynamicsignal.com *.cloudfront.net *.googleapis.com 'unsafe-inline'; font-src 'self' static.dynamicsignal.com fonts.gstatic.com maxcdn.bootstrapcdn.com data:; img-src * data: blob:; media-src 'self' *.cloudfront.net; frame-src 'self' www.youtube.com; manifest-src *; connect-src 'self' www.googletagmanager.com assets.adobedtm.com connect.facebook.net static.dynamicsignal.com *.google-analytics.com *.sentry.io sentry.io olivia.paradox.ai stats.g.doubleclick.net gateway.zscloud.net relay.voicestorm.com relay-eu.voicestorm.com 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-5tFrMDI51hUPEwwIlZLXJg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.verasafe.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; report-uri /report-csp-violation 1
connect-src 'self' https: https://queue.laneone.com; default-src 'self' https:; font-src 'self' https: data: https://d1b0xitdcgcjl2.cloudfront.net; img-src 'self' https: data: https://d1b0xitdcgcjl2.cloudfront.net https://www.google-analytics.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' https://d1b0xitdcgcjl2.cloudfront.net https://m.stripe.com https://www.googletagmanager.com https://www.google-analytics.com s3.amazonaws.com js.maxmind.com; style-src 'self' https: 'unsafe-inline' https://d1b0xitdcgcjl2.cloudfront.net https://cloud.typography.com; report-uri /csp_report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fr ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.fr *.spreadshirt.fr ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.fr ; font-src 'self' https: *.spreadshirt.fr ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fr ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fr ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; report-uri https://sentry.utdev.com/api/11/security/?sentry_key=fd1451556bfc4ccd9a2e268240b3e2e7; 1
default-src 'none';img-src 'self' data: an.yandex.ru yastatic.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv  mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com  mc.webvisor.org;font-src 'self';child-src mc.yandex.ru;connect-src 'self' *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org;frame-src 'self' mc.yandex.ru;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' yastatic.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org 'unsafe-inline';report-uri https://csp.yandex.net/csp?from=adfox; 1
default-src https://xref.com script-src https://sandbox.xref.com https://xref.com https://xref-wagtail.s3.amazonaws.com https://www.googletagmanager.com frame-src  https://fast.wistia.com style-src  https://fonts.googleapis.com img-src  https://xref-wagtail.s3.amazonaws.com/* 1
default-src 'self'; script-src https://static.groklearning-cdn.com 'nonce-KmQhTGQCS7wsDOfJEDOcDA5l' https://groklearning.com https://mathjax.groklearning-cdn.com https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://djtflbt20bdde.cloudfront.net connect.facebook.net https://www.google-analytics.com; style-src https://static.groklearning-cdn.com 'unsafe-inline' https://mathjax.groklearning-cdn.com https://d12wqas9hcki3z.cloudfront.net https://djtflbt20bdde.cloudfront.net https://fonts.googleapis.com; img-src 'self' data: https://groklearning-cdn.com https://static.groklearning-cdn.com https://web.comp.gl www.facebook.com web.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com d33v4339jhl8k0.cloudfront.net https://www.gravatar.com; connect-src 'self' https://groklearning-cdn.com https://static.groklearning-cdn.com wss://realtime.groklearning.com wss://terminals.groklearning.com wss://sandbox.comp.gl wss://*.sandbox.comp.gl https://preview.comp.gl https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.helpscout.net https://api.ipify.org https://docs.groklearning.io; font-src https://static.groklearning-cdn.com https://mathjax.groklearning-cdn.com https://fonts.gstatic.com; object-src https://djtflbt20bdde.cloudfront.net; media-src https://static.groklearning-cdn.com https://groklearning-cdn.com; frame-src 'self' https://static.groklearning-cdn.com https://web.comp.gl cybersecurity.comp.gl https://djtflbt20bdde.cloudfront.net staticxx.facebook.com *.sandbox.comp.gl preview.comp.gl *.preview.comp.gl; child-src 'self' https://web.comp.gl cybersecurity.comp.gl https://djtflbt20bdde.cloudfront.net *.facebook.com; form-action 'self' https://www.paypal.com; base-uri docs.helpscout.net; report-uri /csp/report-violation/ 1
default-src 'self'; script-src 'self' files.plugin-alliance.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net analytics.twitter.com platform.twitter.com 'unsafe-inline'; style-src 'self' files.plugin-alliance.com cdnjs.cloudflare.com 'unsafe-inline'; img-src 'self' data: files.plugin-alliance.com i.ytimg.com img.youtube.com yt3.ggpht.com www.google-analytics.com www.facebook.com analytics.twitter.com t.co; font-src 'self' files.plugin-alliance.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.youtube.com embed.pivotshare.com d271ulnm1ao6ig.cloudfront.net w.soundcloud.com www.facebook.com staticxx.facebook.com; form-action 'self' plugin-alliance.us3.list-manage.com; upgrade-insecure-requests; block-all-mixed-content; disown-opener; reflected-xss block; referrer no-referrer-when-downgrade; report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssllogo.twca.com.tw https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://ssllogo.twca.com.tw; img-src 'self' data: https://www.pay2go.com https://payment.pay2go.com https://ssllogo.twca.com.tw https://www.google-analytics.com https://www.google.com https://www.google.com.tw https://stats.g.doubleclick.net; font-src 'self' data:; report-uri https://cwww.pay2go.com/P2g_csp; 1
default-src 'self' 'unsafe-inline' *.gstatic.com static.cloud.coveo.com fonts.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com stats.g.doubleclick.net siteimproveanalytics.com *.siteimproveanalytics.io static.hubbardone.com ajax.googleapis.com *.siteimprove.com 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: ; style-src 'self' 'unsafe-inline' static.chartbeat.com https: ; img-src 'self' http: https: data: ; font-src 'self' https: data: ; frame-src https: ; connect-src 'self' https: ; 1
default-src 'self'; script-src 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src https: data:; font-src https: data:; frame-ancestors 'none'; base-uri 'none'; report-uri https://ort.wellsfargo.com/reporting/csp; report-to https://ort.wellsfargo.com/reporting/csp 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com/ui/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-daterangepicker/ https://*.crisp.chat/; script-src 'self' 'nonce-bJDmPixWQvejLmF5onxvIw==' https://js.stripe.com/ https://g.stripe.com/ https://hosted.paysafe.com/request/ https://ajax.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-daterangepicker/ https://cdn.webrtc-experiment.com/DetectRTC.min.js https://code.jquery.com/ui/ https://*.crisp.chat/; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat/; img-src 'self' data: https://s3.amazonaws.com/gotabpublic/  https://*.crisp.chat/ https://gotabpublic.s3.amazonaws.com/; media-src 'self' data: https://s3.amazonaws.com/gotabpublic/ https://gotabpublic.s3.amazonaws.com/; frame-src 'self' https://js.stripe.com/ https://metabase.gotab.io/; connect-src 'self' https://*.crisp.chat/ wss://client.relay.crisp.chat/ https://hosted.paysafe.com/request/api/; report-uri https://gotab.io/log 1
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1
block-all-mixed-content; report-uri https://www.matrony.ru/https-mixed-content-logger/csp_report_log.php; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://ln-rules.rewardstyle.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://smct.co https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co; form-action 'self' https://www.facebook.com https://www.growgorgeous.com https://checkout.growgorgeous.com https://m.growgorgeous.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://ssl.bing.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.smct.co; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net fonts.googleapis.com en-us.eaglemoss.com fonts.gstatic.com www.googletagmanager.com eagle11134.pcapredict.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net services.postcodeanywhere.co.uk staticxx.facebook.com reporting.eaglemoss.com img.youtube.com www.facebook.com dis.eu.criteo.com static.criteo.net stats.g.doubleclick.net www.google-analytics.com goverseer.wishpond.com jambo.wishpond.com cdn.wishpond.net www.wishpond.com vars.hotjar.com api.optmnstr.com ct.pinterest.com www.google.com snapsmedia.io in.hotjar.com embedded.wishpondpages.com www.youtube.com platform.twitter.com syndication.twitter.com pbs.twimg.com ton.twimg.com www.w3.org abs.twimg.com a.optmnstr.com bid.g.doubleclick.net gum.criteo.com z.optmnstr.com cdn.lightwidget.com 8793740.fls.doubleclick.net webfonts.zohostatic.com ws1.hotjar.com api.optmstr.com a.mstrlytcs.com web.facebook.com psr.fuel451.com ws5.hotjar.com lightwidget.com www.lightwidget.com server.adform.net payment.pay3.secured-by-ingenico.com ws3.hotjar.com; img-src *; object-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net fonts.googleapis.com en-us.eaglemoss.com fonts.gstatic.com www.googletagmanager.com eagle11134.pcapredict.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net services.postcodeanywhere.co.uk staticxx.facebook.com widget.eu.criteo.com sslwidget.criteo.com static.criteo.net www.google-analytics.com a.optmnstr.com s.pinimg.com script.hotjar.com googleads.g.doubleclick.net cdn.wishpond.net www.googleadservices.com a.optmstr.com pixel.snapsmedia.io static.hotjar.com cdn.syndication.twimg.co cdn.syndication.twimg.com platform.twitter.com ajax.googleapis.com cdn.fuelx.com www.lightwidget.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.youtube.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com daz08cxgtpxxc.cloudfront.net d1v224g40dbxxy.cloudfront.net services.postcodeanywhere.co.uk platform.twitter.com ton.twimg.com ajax.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-elem cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.youtube.com unpkg.com; style-src-elem cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.stageandscreen.travel:*; frame-ancestors *.calypso.net.au *.stageandscreen.travel; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
upgrade-insecure-requests; default-src *.therestaurantstore.com; script-src www.google-analytics.com maps.googleapis.com www.googleadservices.com *.doubleclick.net www.google.com *.gstatic.com cdnjs.cloudflare.com https://unpkg.com/spritespin@4.0.5/release/spritespin.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com 'self' 'unsafe-inline'; img-src data: *.therestaurantstore.com *.webstaurantstore.com www.google-analytics.com www.google.com www.googleadservices.com *.google.co.ve *.google.ru *.google.ca *.doubleclick.net *.ytimg.com *.gstatic.com *.googleapis.com 'self'; object-src 'none'; frame-src *.therestaurantstore.com www.google.com youtube.com *.youtube.com *.doubleclick.net; connect-src *.doubleclick.net www.youtube.com www.google-analytics.com *.therestaurantstore.com 'self'; font-src data: fonts.gstatic.com 'self'; report-uri /ajax/client-side-logging; 1
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/; media-src 'self' https://projectlombok.org/; script-src 'self' 'sha256-H639OXZXKP0j2o4p/B40Znp/sDbQKrAYH8hMr+jDUEg=' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; report-uri https://projectlombok.report-uri.com/r/d/csp/reportOnly 1
child-src 'self'; connect-src 'self' data: https://*.cloudflare.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.mixpanel.com https://bit4coin.net wss://*.hotjar.com; default-src 'self' *.ravenjs.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com https://unpkg.com; frame-src 'self' data: http://*.google.com https://*.cloudfront.net https://*.driftt.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.kontomatik.com https://*.youtube.com wss://*.hotjar.com; img-src 'self' data: http://*.google.com https://*.ausgezeichnet.org https://*.bitbond.com https://*.cloudfront.net https://*.eu-central-1.amazonaws.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.webflow.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.google.com https://*.ausgezeichnet.org https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.hotjar.com https://*.kontomatik.com https://*.mxpnl.com https://*.newrelic.com https://*.nr-data.net https://unpkg.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://unpkg.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e1d179bd309a456abc36313a51dfc009 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelmoneyoz.com:*; frame-ancestors *.calypso.net.au *.travelmoneyoz.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: blob:; report-uri /report-csp-violation 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.za:*; frame-ancestors *.calypso.net.au *.flightcentre.co.za; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.nz&source%5Bsection%5D=brochure&source%5Buuid%5D=f5759c41bce84e17730290d7cfbbdb7b 1
child-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com *.hotjar.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; img-src 'self' https: data: www.google-analytics.com https://d1th6arvuxy6s9.cloudfront.net *.hotjar.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org 'nonce-1795887a-477a-457a-b684-892ecfc7786a' *.hotjar.com; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com https://d1th6arvuxy6s9.cloudfront.net; object-src 'none'; report-uri /report-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  data: *.tnb.com *.scene7.com abbcloud.blob.core.windows.net *.abb.com *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.macromedia.com *.partcommunity.com *.tnb.ca *.vanlien.com *.vanlien.be *.vanlien.nl *.youtube.com *.paypal.com tnblnx3.tnb.com code.jquery.com googleads.g.doubleclick.net *.googleadservices.com 4817075.fls.doubleclick.net *.google.com *.google.nl *.google.be *.google-analytics.com *.api4load.com *.facebook.net *.facebook.com *.fedex.com *.ups.com *.rlcarriers.com *.cl3ver.com 199.120.203.191; report-uri https://www-public.tnb.com/cspr/ 1
connect-src 'self' https://edge.api.brightcove.com https://f1.media.brightcove.com https://knrpc.olark.com/nrpc/ https://secure.brightcove.com https://stats.addtoany.com/menu https://stats.g.doubleclick.net https://www.google-analytics.com https://m.addthis.com https://s7.addthis.com https://v1.addthis.com/live/ https://in.hotjar.com/api/v2/ https://vc.hotjar.io; font-src 'self' data: https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://docs.gcs.digitalpfizer.com/fonts/ https://fast.fonts.net https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://use.fontawesome.com/releases/ https://vjs.zencdn.net/ https://use.typekit.net; frame-src 'self' 'unsafe-inline' https://l3.evidon.com https://pfizergrv-eu-dev.janrainsso.com https://pfizergrv-eu-qa.janrainsso.com https://pfizer-grv-eu.janrainsso.com https://static.addtoany.com https://static.olark.com https://www.google.com/recaptcha/ https://s7.addthis.com https://bid.g.doubleclick.net https://www.youtube.com https://app-sn01.marketo.com https://vars.hotjar.com https://edge.addthis.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' about: data: https://ad.doubleclick.net https://adservice.google.com https://brightcove.hs.llnwd.net https://c.evidon.com https://cdn.rawgit.com/ckeditor/ https://f1.media.brightcove.com https://khms0.googleapis.com https://khms1.googleapis.com https://l.betrad.com https://log.olark.com/jslog/ https://maps.googleapis.com https://maps.gstatic.com https://metrics.brightcove.com https://pfizer.122.2o7.net https://pfizer.sc.omtrdc.net https://raw.githubusercontent.com/ckeditor/ https://s3.amazonaws.com/pfe_grv/ https://s3-eu-west-1.amazonaws.com/sfactorycorp/ https://www.google-analytics.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.googletagmanager.com https://www.gstatic.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://t.co https://www.facebook.com; object-src 'unsafe-inline' https://pfizergrv-eu-dev.janrainsso.com https://static.addtoany.com https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://api.olark.com https://assets.adobedtm.com https://ajax.googleapis.com https://bam.nr-data.net https://c.evidon.com https://d1v9u0bgi1uimx.cloudfront.net https://d29usylhdk1xyu.cloudfront.net https://d7v0k4dt27zlp.cloudfront.net/assets/ https://docs.gcs.digitalpfizer.com https://js-agent.newrelic.com https://knrpc.olark.com/nrpc/ https://maps.googleapis.com https://players.brightcove.net https://rpxnow.com/load/ https://s3.amazonaws.com/pfe_grv https://s3.amazonaws.com/pfe_im/ https://static.addtoany.com https://static.olark.com https://vjs.zencdn.net https://www.google.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://s7.addthis.com https://v1.addthis.com https://connect.facebook.net https://amplify.outbrain.com https://s3.amazonaws.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://m.addthisedge.com https://m.addthis.com https://www.youtube.com https://s.ytimg.com https://analytics.twitter.com https://v1.addthisedge.com https://v1.addthisedge.com/live/ https://static.hotjar.com https://script.hotjar.com https://edge.addthis.com app-sn01.marketo.com https://cdn.rawgit.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://cookies.pfizer.com https://d3hmp0045zy3cs.cloudfront.net https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://pfredirect.pfizersite.io https://s3.amazonaws.com/pfe_grv/ https://static.olark.com https://stackpath.bootstrapcdn.com https://use.typekit.net/flu5uet.css https://p.typekit.net/p.css https://cdn.rawgit.com https://cdnjs.cloudflare.com https://app-sn01.marketo.com/js/forms2/css/ fonts.googleapis.com; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' blob: https://f1.media.brightcove.com https://static.olark.com https://secure.brightcove.com/services/mobile/streaming/; report-uri https://pfeprod.report-uri.com/r/t/csp/reportOnly 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelassociates.com:*; frame-ancestors *.calypso.net.au *.travelassociates.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self' 'eval' data: 'unsafe-inline' *.sarna.net *.go-mpulse.net *.googletagservices.com *.google.com *.teads.tv *.doubleclick.net *.betrad.com *.flashtalking.com *.scorecardresearch.com *.akstat.io *.akamaihd.net *.google-analytics.com *.googlesyndicataion.com *.gstatic.com *.amazon-adsystem.com *.googlesyndication.com *.doubleverify.com *.adsafeprotected.com *.iasds01.com *.2mdn.net *.createjs.com *.ssl-images-amazon.com *.myvisualiq.net *.network-n.com *.tapad.com *.cloudflare.com *.demdex.net *.evidon.com *.clrstm.com *.tvpixel.com *.ampproject.org *.googleapis.com; report-uri https://nicj.net/report/UBH65-7CLBK-KHE9W-R3AEU-6L8CY; report-to default 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.lookfantastic.com.hk https://www.lookfantastic.com.hk https://checkout.lookfantastic.com.hk https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://remote.captcha.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; connect-src 'self' https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com; font-src 'self' https://production-trackbill.netdna-ssl.com https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; object-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
default-src 'self' api.segment.com api.segment.io *.youtube.com *.masmic.com *.bugsnag.com *.google.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.gstatic.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' d2wy8f7a9ursnm.cloudfront.net cdn.segment.com data: *.masmic.com *.hotjar.com *.google.com *.google.co.in *.gstatic.com www.google-analytics.com www.googletagmanager.com; style-src 'unsafe-inline' *.masmic.com fonts.googleapis.com www.gstatic.com; img-src *  data:; font-src 'self' data: fonts.gstatic.com; report-uri https://masmic.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; report-uri https://tal-dev-api-management.azure-api.net/logicapp/cspreporturi?app=talpublicwebsite; base-uri 'self'; default-src 'none'; child-src 'self' www.youtube.com talservices.demdex.net www.google.com bid.g.doubleclick.net sdn.sitecore.net vars.hotjar.com assets.adobedtm.com; connect-src 'self' tal.tt.omtrdc.net dpm.demdex.net *.hotjar.com talservices.sc.omtrdc.net www.google-analytics.com vc.hotjar.io; font-src data: 'self' fonts.gstatic.com; form-action 'self' coverbuilder.tal.com.au; frame-ancestors 'self'; frame-src 'self' 4430331.fls.doubleclick.net 6267429.fls.doubleclick.net assets.adobedtm.com bid.g.doubleclick.net fast.talservices.demdex.net tal.defectorsagency.com tal-prod1.pegacloud.io talservices.demdex.net vars.hotjar.com www.google.com www.googletagmanager.com www.youtube.com; img-src data: 'self' 'unsafe-inline' amplifypixel.outbrain.com cm.everesttech.net cx.atdmt.com dc.ads.linkedin.com dpm.demdex.net img.youtube.com pixel.quantserve.com script.hotjar.com talservices.sc.omtrdc.net tr.outbrain.com www.facebook.com www.google.ca www.google.cl www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke www.google.co.nz www.google.co.tz www.google.co.uk www.google.co.za www.google.com www.google.com.au www.google.com.hk www.google.com.my www.google.com.ph www.google.com.sg www.google.com.vn www.google.de www.google.ee www.google.gr www.google.lk www.google.pt www.google-analytics.com www.googletagmanager.com www.tal.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha assets.adobedtm.com connect.facebook.net static.hotjar.com snap.licdn.com script.crazyegg.com px.ads.linkedin.com script.hotjar.com www.googletagmanager.com/gtm.js www.googleadservices.com/pagead/conversion_async.js googleads.g.doubleclick.net/pagead/viewthroughconversion/ www.google-analytics.com/analytics.js www.googletagmanager.com/gtag/js www.gstatic.com/recaptcha/ www.google.com/recaptcha/api.js www.linkedin.com www.youtube.com s.ytimg.com secure.quantserve.com rules.quantcount.com tal-prod1.pegacloud.io amplify.outbrain.com; style-src 'self' 'unsafe-inline' hello.myfonts.net fonts.googleapis.com; 1
default-src 'none'; 		frame-src 'self' https://www.youtube.com https://piwik.oest.de https://www.google.com; 		connect-src 'self'; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com https://piwik.oest.de; 		style-src 'self' 'unsafe-inline' https://fast.fonts.net; 		media-src 'self'; 		img-src 'self' https://www.google-analytics.com data: https://piwik.oest.de; 		font-src 'self'; 		report-uri https://www.oestgroup.com/csp.php 	 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://cdn.vsadu.ru/csp_report 1
default-src 'none'; base-uri 'self'; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com js.intercomcdn.com data: magnetis-herokuapp-com.global.ssl.fastly.net use.fontawesome.com; img-src 'self' data: cdn.jsdelivr.net t.co www.google-analytics.com magnetis-herokuapp-com.global.ssl.fastly.net magnetis-staging-herokuapp-com.global.ssl.fastly.net www.google.com www.google.com.br track.hubspot.com *.intercom.io *.intercomcdn.com www.googletagmanager.com www.facebook.com secure.adnxs.com static.intercomassets.com static.intercom-mail-300.com intercom.help *.cloudfront.net analyticspage.tools *.gstatic.com www.googleadservices.com *.hubspot.net; object-src 'self'; script-src 'self' 'unsafe-eval' js-agent.newrelic.com bam.nr-data.net magnetis-herokuapp-com.global.ssl.fastly.net tagmanager.google.com d2dq2ahtl5zl1z.cloudfront.net static.ads-twitter.com *.hotjar.com js.hs-analytics.net www.googletagmanager.com www.google-analytics.com *.intercom.io js.hs-scripts.com js.usemessages.com js.intercomcdn.com analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net www.googleadservices.com www.facebook.com static.sback.tech viacep.com.br embed.typeform.com 'nonce-xtnqhd0HY8RHVrVkYHx2bg=='; style-src 'self' https: cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline' blob:; connect-src 'self' api.segment.io api.hubspot.com *.hotjar.com *.intercom.io wss://*.intercom.io wss://*.hotjar.com *.airbrake.io www.google-analytics.com future-value-simulator.herokuapp.com ads.adaptv.advertising.com ajax.googleapis.com analyticspage.tools api.ipify.org bpb.opendns.com code.jquery.com front.shopconvert.com.br front.shoptarget.com.br *.intercomcdn.com www.facebook.com d8myem934l1zi.cloudfront.net br.api4load.com cdn.jsdelivr.net ckies.net connect.facebook.net d2dq2ahtl5zl1z.cloudfront.net fonts.googleapis.com fonts.gstatic.com gj.track.uc.cn gjtrack.ucweb.com js.hs-analytics.net magnetis-herokuapp-com.global.ssl.fastly.net future-value-simulator-staging.herokuapp.com maxcdn.bootstrapcdn.com static.ads-twitter.com *.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com *.loggly.com; child-src 'self' www.youtube.com vars.hotjar.com/ api-iam.intercom.io www.facebook.com  connect.facebook.net www.googletagmanager.com; frame-src 'self' intercom-sheets.com connect.facebook.net www.facebook.com www.googletagmanager.com www.youtube.com vars.hotjar.com www.google.com diagnosticomagnetis.typeform.com; form-action 'self' connect.facebook.net intercom.help www.facebook.com api-iam.intercom.io; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' js.intercomcdn.com; report-uri https://magnetis.report-uri.com/r/d/csp/enforce 1
default-src 'self' https:; connect-src 'self' http://heapanalytics.com https://heapanalytics.com http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://app.getsentry.com https://d8myem934l1zi.cloudfront.net https://wootric-eligibility.herokuapp.com https://production.wootric.com/; child-src 'self' https://*.hotjar.com https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' https: data: https://fonts.gstatic.com https://heapanalytics.com https://*.hotjar.com https://*.intercomcdn.com; img-src 'self' data: https://s3.amazonaws.com http://bat.bing.com https://bat.bing.com https://www.facebook.com https://seal.godaddy.com https://www.google-analytics.com https://www.google.com https://www.google.com.br https://stats.g.doubleclick.net https://*.gstatic.com http://heapanalytics.com https://heapanalytics.com https://*.hotjar.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://bat.bing.com/bat.js https://bat.bing.com/bat.js https://viacep.com.br https://connect.facebook.net https://seal.godaddy.com/getSeal https://googleads.g.doubleclick.net http://www.googleadservices.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com http://tagmanager.google.com http://*.heapanalytics.com https://*.heapanalytics.com http://heapanalytics.com https://heapanalytics.com http://*.hotjar.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.pusher.com https://www.receitaws.com.br https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.4/rollbar.min.js https://cdn.wootric.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://heapanalytics.com; media-src 'self' https://*.intercomcdn.com; report-uri https://rapidoo.report-uri.com/r/d/csp/reportOnly 1
default-src 'none';                     connect-src https: wss://api.appcues.net wss://nexus-websocket-a.intercom.io https: wss://nexus-websocket-b.intercom.io;                     font-src forms.ministryforms.net pbuat-fmsbridge-et-fmsweb.azurewebsites.net 'self' fonts.gstatic.com js.intercomcdn.com maxcdn.bootstrapcdn.com;                      form-action 'self' www.facebook.com;                     frame-src my.appcues.com bid.g.doubleclick.net player.vimeo.com vars.hotjar.com www.facebook.com;                     frame-ancestors *;                      img-src https: data:;                      media-src 'self' www.snapengage.com;                     script-src forms.ministryforms.net fast.appcues.com pbuat-fmsbridge-et-fmsweb.azurewebsites.net 'self' 'unsafe-eval' 'unsafe-inline' analytics.clickdimensions.com bat.bing.com browser.sentry-cdn.com cdn.ckeditor.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net images.dmca.com js.intercomcdn.com munchkin.marketo.net rawgit.com sniff.visistat.com script.hotjar.com static.hotjar.com storage.googleapis.com widget.intercom.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.snapengage.com;                     style-src forms.ministryforms.net fast.appcues.com pbuat-fmsbridge-et-fmsweb.azurewebsites.net 'self' 'unsafe-inline' cdn.ckeditor.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com;                     report-uri https://tracker.report-uri.com/r/d/csp/wizard; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://qwschool.co/wp-json/rsssl/v1/csp?rsssl_apitoken=1562593041  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' s.go-mpulse.net tags.tiqcdn.com googleads.g.doubleclick.net www.google.com connect.facebook.net adservice.google.com www.google-analytics.com www.facebook.com bat.bing.com sp.analytics.yahoo.com servedby.flashtalking.com www.google.com.au www.googleadservices.com js.adsrvr.org www.googletagmanager.com insight.adsrvr.org universal.iperceptions.com 8211048.fls.doubleclick.net 6034582.fls.doubleclick.net cloud.typography.com s.yimg.com amplify.outbrain.com 5489943.fls.doubleclick.net resources.xg4ken.com tr.outbrain.com login.dotomi.com amplifypixel.outbrain.com www.google.fr pubads.g.doubleclick.net 9055492.fls.doubleclick.net d31y97ze264gaa.cloudfront.net st2.dialogtech.com api.datasteam.io cdn.datasteam.io a5414371492.cdn.optimizely.com pixel.mathtag.com cm.g.doubleclick.net s.amazon-adsystem.com secure.dtmpub.com dsum-sec.casalemedia.com www.google.co.in dpm.demdex.net www.google.nl ads.yahoo.com tags.bluekai.com pixel.rubiconproject.com www.google.co.uk st1.dialogtech.com ib.adnxs.com adadvisor.net cdn.optimizely.com us-u.openx.net ajax.googleapis.com 5424510.fls.doubleclick.net p.adsymptotic.com www.google.dk da7xgjtj801h2.cloudfront.net su.addthis.com simage2.pubmatic.com odr.mookie1.com free.timeanddate.com bh.contextweb.com www.google.de pixel.tapad.com login-ds.dotomi.com adfarm.mediaplex.com idsync.rlcdn.com partners.tremorhub.com pixel.advertising.com s2s.addkt.com js-agent.newrelic.com www.google.com.br contextual.media.net x.bidswitch.net bam.nr-data.net s.thebrighttag.com i.liadm.com ads.scorecardresearch.com tags.rd.linksynergy.com match.sharethrough.com www.google.ru www.google.ca www.google.com.mx secure.insightexpressai.com www.google.com.ar uipglob.semasio.net e.nexac.com www.youtube.com cw.addthis.com www.google.com.hk io.narrative.io www.google.se www.google.pl www.google.ie www.google.com.sg www.google.com.my stags.bluekai.com cs.gssprt.jp www.google.co.jp www.google.com.eg mediamath.digitru.st www.google.co.th jp-u.openx.net cs.adingo.jp sec.yimg.com sync.crwdcntrl.net www.google.com.gh sync.navdmp.com ad.360yield.com api.iperceptions.com loadm.exelator.com rum.optimizely.com adservice.google.com.au www.google.es stats.g.doubleclick.net idsync.reson8.com px.powerlinks.com global.ib-ibi.com sd.iperceptions.com uipus.semasio.net; report-uri /csp-report-only 1
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri / 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com.au ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com.au *.spreadshirt.com.au ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com.au ; font-src 'self' https: *.spreadshirt.com.au ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com.au ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com.au ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://sandbox.mattlunn.me.uk/csp.php 1
default-src https://www.pnbbanka.eu https://pnbbanka.eu https://ib.pnbanka.eu https://new.ib.pnbbanka.eu http://www.w3.org https://pnbbanka-booking.in-out.io;                 style-src 'unsafe-inline' https://www.pnbbanka.eu https://pnbbanka.eu https://fonts.googleapis.com; 		font-src 'self' https://fonts.gstatic.com;                 img-src 'self' data: https://static.pnbbanka.eu https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.lv https://maps.gstatic.com https://maps.google.com;                 script-src 'unsafe-inline' 'unsafe-eval' https://pnbbanka.eu https://www.pnbbanka.eu https://ib.pnbbanka.eu https://www.google-analytics.com https://maps.google.com https://maps.gstatic.com https://www.googletagmanager.com https://maps.googleapis.com;                 report-uri https://data.pnbbanka.eu/ajaxplorer/test/report.php 1
default-src 'self' about: http: https: wss: *.typekit.net *.googletagmanager.com *.vimeo.com *.google-analytics.com js-agent.newrelic.com bam.nr-data.net  fonts.googleapis.com *.hpjcc.com  *.googleapis.com fonts.gstatic.com *.addthis.com www.googleadservices.com *.google.com *.agencehpj.com *.godaddy.com  *.pusher.com *.atedra.com *.comodo.com 'unsafe-eval' 'self' 'unsafe-inline' data: about: ; report-uri https://bb8.agencehpj.com/csp 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
report-uri https://corporatecoachgroup.report-uri.com/r/d/csp/wizard; default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://connect.facebook.net:443 https://www.googletagmanager.com:443 https://www.google-analytics.com:443 https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://www.facebook.com:443 https://www.google-analytics.com:443 https://stats.g.doubleclick.net:443 https://www.google.co.uk:443 https://www.google.com:443; connect-src 'self' https://in.hotjar.com https://vc.hotjar.io; frame-src 'self' https://staticxx.facebook.com:443 https://www.facebook.com:443 https://vars.hotjar.com; object-src 'none';  1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.au https://m.lookfantastic.com.au https://checkout.lookfantastic.com.au; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 1
block-all-mixed-content 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.co&source%5Bsection%5D=brochure&source%5Buuid%5D=7a0aa2c8b606826982ed3d2f1e63a383 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 1
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; connect-src 'self' http://translate.googleapis.com; font-src 'self' http://d2rtgkroh5y135.cloudfront.net http://fonts.gstatic.com http://fast.fonts.net http://maxcdn.bootstrapcdn.com; media-src *; object-src 'self' *; frame-src *; img-src 'self' data: * http://d2rtgkroh5y135.cloudfront.net http://translate.googleapis.com http://www.google-analytics.com http://www.google.com http://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com/ http://d2rtgkroh5y135.cloudfront.net/ http://translate.google.com/ http://translate.googleapis.com/ http://www.google-analytics.com/; style-src 'self' 'unsafe-inline' * http://fast.fonts.net/ http://fonts.googleapis.com/ http://maxcdn.bootstrapcdn.com/ http://translate.googleapis.com/ 1
block-all-mixed-content ;object-src  'none';media-src  'none';worker-src  'none';style-src https://fonts.googleapis.com/ 'self';frame-src  'none';report-uri https://csp.tsrs.cloud/r/646ef5aafa66a04dd3dfe53b13989f24651ee461;img-src  'self';connect-src  'none';script-src 'nonce-bc40bA9083Adf1fF85c4D20e9c4' 'report-sample' https://d1tdp7z6w94jbb.cloudfront.net/ 'self' 'unsafe-eval' https://ajax.googleapis.com/;frame-ancestors  'self';font-src data: https://fonts.gstatic.com/;form-action  'none';base-uri  'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.homepointfinanical.com https://cdnjs.cloudflare.com https://*.mortgageloan.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://stats.g.doubleclick.net https://www.gravatar.com https://*.umbraco.org https://pixel-a.basis.net https://pixel.sitescout.com https://snazzymaps.com; report-uri https://hpfc.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com *.abtasty.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com; connect-src 'self' *.dynatrace.com *.abtasty.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com; img-src 'self' *.abtasty.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; 1
default-src https: 'unsafe-inline' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src * 'unsafe-inline'; report-uri //report-csp-violation 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com https://*.datatrans.com; img-src 'self' https://* * data:; script-src 'self' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://*.google-analytics.com *.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://cdn.jsdelivr.net https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://*.datatrans.com https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; report-to https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
script-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.googletagservices.com *.googlesyndication.com api.annies-publishing.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://*; connect-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.googletagservices.com *.googlesyndication.com api.annies-publishing.com; report-uri /ajax/content_policy_violation.php 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.my&source%5Bsection%5D=brochure&source%5Buuid%5D=bf2bee20db23ae07c94e9949b0952fda 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://ampcid.google.gr https://*.akamaihd.net https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.gr https://m.myprotein.gr https://checkout.myprotein.gr https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net https://player.polyv.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; script-src 'unsafe-inline' https: http: 'unsafe-eval' https://www.gstatic.com ; report-uri /csp-violation/ 1
default-src https:; script-src https: 'unsafe-eval''unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://bizzdesign.com 'nonce-G3BFQ5rr4Ua7OkrgsiQIMA223XPnMHevJtoNszMWojd2e4CzHiyFj8358CCAIO3HLasr14R7GasBNvLzuCf0q1PVMjBYWTVNZLaM0BfXTdPgrpY6dtvN0Hr7CrkGmYcr'; connect-src https://api.segment.io https://bizzdesign.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://settings.luckyorange.net https://ssl.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; font-src data: https://bizzdesign.com https://fonts.gstatic.com https://use.typekit.net; frame-src https://bizzdesign.catsone.nl https://go.bizzdesign.com https://js.driftt.com https://platform.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; child-src https://bizzdesign.catsone.nl https://go.bizzdesign.com https://js.driftt.com https://platform.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.youtube.com; img-src data: https://bizzdesign.com https://cdn2.hubspot.net https://dc.ads.linkedin.com https://gateway.zscaler.net https://go.bizzdesign.com https://px.ads.linkedin.com https://secure.gravatar.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://storage.pardot.com https://tracking.leadlander.com https://www.bizzdesign-academy.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fi https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com; script-src 'unsafe-eval' 'unsafe-inline' https://bizzdesign.catsone.nl https://bizzdesign.com https://bpb.opendns.com https://cdn.segment.com https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net https://go.bizzdesign.com https://js.driftt.com https://pi.pardot.com https://platform.twitter.com https://px.ads.linkedin.com https://s.ytimg.com https://snap.licdn.com https://ssl.google-analytics.com https://t.sf14g.com https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com https://www.youtube.com; style-src 'unsafe-inline' https://ajax.googleapis.com https://bizzdesign.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; worker-src https://www.facebook.com 1
connect-src dc.services.visualstudio.com 'self' www.google-analytics.com cdn.runtored.com runtored-functions-consumption.azurewebsites.net; font-src use.fontawesome.com cdn.runtored.com 'self' fonts.gstatic.com data; frame-src player.vimeo.com js.stripe.com www.google.com vimeo.com; img-src profiles.runtored.com www.google-analytics.com cdn.runtored.com 'self' www.googletagmanager.com i.vimeocdn.com; script-src-elem 'unsafe-inline' az416426.vo.msecnd.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com player.vimeo.com stackpath.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com cdn.runtored.com js.stripe.com 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdn.jsdelivr.net cdn.runtored.com cloud.typography.com use.fontawesome.com 'self' stackpath.bootstrapcdn.com; style-src use.fontawesome.com 'unsafe-inline' cdn.jsdelivr.net cdn.runtored.com cloud.typography.com stackpath.bootstrapcdn.com; script-src stackpath.bootstrapcdn.com 'unsafe-eval' az416426.vo.msecnd.net cdn.jsdelivr.net cdn.runtored.com cdnjs.cloudflare.com code.jquery.com player.vimeo.com www.google-analytics.com www.googletagmanager.com js.stripe.com 'unsafe-inline'; child-src player.vimeo.com; report-uri https://edgechurch.report-uri.com/r/d/csp/wizard 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=fd2e472ecaa2b756296aa6dcb39c8863 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artinamericamagazine.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' *.yandex.ru; style-src https: 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src https: data: fonts.googleapis.com; frame-src https: www.youtube.com; report-uri /csp-report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ca ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ca *.spreadshirt.ca ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.ca ; font-src 'self' https: *.spreadshirt.ca ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ca ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ca ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' web-in21.mxradon.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net cdnjs.cloudflare.com js.zohostatic.com salesiq.zoho.com maxcdn.bootstrapcdn.com googleads.g.doubleclick.net px.ads.linkedin.com api.tiles.mapbox.com; style-src 'self' 'unsafe-inline' css.zohostatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: blob: img.zohostatic.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.co.in; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' api.locus.sh wss://vts.zohopublic.com api.mapbox.com *.tiles.mapbox.com; media-src 'self' ; frame-src salesiq.zohopublic.com; worker-src 'self' blob: ; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com *.doubleclick.net *.msecnd.net *.hotjar.net *.hotjar.com *.amazon-adsystem.net *.facebook.net *.zopim.com *.youtube.com;object-src 'none';style-src 'self' 'unsafe-inline' *.googleapis.com tagmanager.google.com;img-src 'self' *.unitestudents.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.google.co.uk *.facebook.com *.amazon-adsystem.com *.omnitagjs.com *.doubleclick.net *.zopim.com data: api.mapbox.com;media-src 'none';frame-src 'self' tagmanager.google.com *.doubleclick.net *.hotjar.com *.amazon-adsystem.com *.youtube.com;font-src 'self' tagmanager.google.com *.zopim.com fonts.gstatic.com data:;connect-src 'self' *.visualstudio.com tagmanager.google.com *.google-analytics.com *.zopim.com wss://widget-mediator.zopim.com;frame-ancestors 'self' tagmanager.google.com *.unitestudents.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' blob:; script-src https://web.tamtam.chat https://www.googletagmanager.com/ https://www.google-analytics.com/ https://mc.yandex.ru/ blob: 'self' 'unsafe-inline'; style-src https://web.tamtam.chat 'unsafe-inline'; img-src https://*.mycdn.me https://*.ok.ru https://web.tamtam.chat https://www.google-analytics.com/ https://mc.yandex.ru/ https://stats.g.doubleclick.net/ https://*.tenor.com/ blob: data: 'self'; connect-src wss://ws.tamtam.chat/websocket https://*.mycdn.me/ https://ok.ru/web-api/tamtam https://mc.yandex.ru/ https://*.mapbox.com/ https://*.tenor.com/ https://ipapi.co/ 'self' blob:; media-src https://web.tamtam.chat https://*.mycdn.me https://*.ok.ru blob:; report-uri /csp/report 1
default-src 'none' ; 		img-src 'self' 			https://static.canadianatheist.com 			https://www.google-analytics.com 			https://*.wp.com 			https://s-ssl.wordpress.com 			https://dashboard.wordpress.com 			https://s.w.org 			https://secure.gravatar.com/ 			https://liberapay.com/assets/ 			; 		font-src 'self' 			https://fonts.gstatic.com 			https://wordpress.com/i/noticons/ 			https://*.wp.com/i/noticons/ 			data: 			; 		script-src 'self' 			https://www.google-analytics.com/analytics.js 			https://www.googletagmanager.com/gtag/ 			https://www.google.com/recaptcha/ 			https://www.gstatic.com/recaptcha/ 			https://*.wp.com 			https://secure.gravatar.com/ 			https://graph.facebook.com 			https://api.pinterest.com 			https://liberapay.com/canadian-atheist/widgets/ 			'unsafe-eval' 			'unsafe-inline' 			; 		style-src 'self' 			https://*.wp.com 			https://secure.gravatar.com/css/ 			https://secure.gravatar.com/dist/css/ 			'unsafe-inline' 			; 		child-src 'self' 			https://widgets.wp.com 			https://www.google.com 			https://www.youtube.com 			https://w.soundcloud.com 			; 		frame-src 'self' 			https://widgets.wp.com 			https://www.google.com 			https://www.youtube.com 			https://w.soundcloud.com 			; 		worker-src 'self' ; 		connect-src 'self' ; 		report-uri https://canadianatheist.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ph&source%5Bsection%5D=brochure&source%5Buuid%5D=060a979e404cf54672138940f4bf506b 1
child-src 'self'; connect-src 'self' data: http://*.bfmio.com http://*.cloudinary.com http://*.facebook.com http://*.lkqd.net http://*.moatads.com http://*.springserve.com http://*.us.criteo.com http://*.vertamedia.com https://*.adaptv.advertising.com https://*.addthis.com https://*.bfmio.com https://*.cloudinary.com https://*.cmptch.com https://*.cooladata.com https://*.crazyegg.com https://*.facebook.com https://*.g.doubleclick.net https://*.getsentry.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.inspectlet.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.lkqd.net https://*.moatads.com https://*.springserve.com https://*.springserve.net https://*.streamrail.net https://*.stripe.com https://*.us.criteo.com https://*.vertamedia.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://onesignal.com https://sentry.io wss://*.inspectlet.com wss://*.intercom.io wss://*.zopim.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.googleusercontent.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.intercomcdn.com https://*.joinhoney.com https://*.s3.amazonaws.com https://*.splacer.co; frame-src 'self' data: http://*.advertising.com http://*.cloudinary.com http://*.criteo.com http://*.criteo.net http://*.facebook.com http://*.us.criteo.com https://*.addthis.com https://*.advertising.com https://*.cloudfront.net https://*.cloudinary.com https://*.cmptch.com https://*.criteo.com https://*.criteo.net https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.matterport.com https://*.moz.com https://*.s3.amazonaws.com https://*.stripe.com https://*.typeform.com https://*.us.criteo.com https://onesignal.com; img-src 'self' data: http://*.advertising.com http://*.bfmio.com http://*.cloudinary.com http://*.facebook.com http://*.lkqd.net http://*.moatads.com http://*.springserve.com http://*.vidible.tv https://*.addthis.com https://*.ads.linkedin.com https://*.advertising.com https://*.amazonaws.com https://*.bfmio.com https://*.bing.com https://*.cloudfront.net https://*.cloudinary.com https://*.cmptch.com https://*.cooladata.com https://*.crazyegg.com https://*.facebook.com https://*.g.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.google.ae https://*.google.ca https://*.google.ci https://*.google.co.il https://*.google.co.in https://*.google.co.kr https://*.google.co.ma https://*.google.co.th https://*.google.co.uk https://*.google.co.za https://*.google.com https://*.google.com.au https://*.google.com.br https://*.google.com.eg https://*.google.com.kw https://*.google.com.mx https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.om https://*.google.com.ph https://*.google.com.pk https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.gr https://*.google.it https://*.google.lk https://*.google.nl https://*.google.pl https://*.google.ro https://*.google.ru https://*.google.tt https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.intercomassets.com https://*.intercomcdn.com https://*.joinhoney.com https://*.lkqd.net https://*.moatads.com https://*.onesignal.com https://*.outbrain.com https://*.quora.com https://*.splacer.co https://*.springserve.com https://*.springserve.net https://*.streamrail.com https://*.stripe.com https://*.taboola.com https://*.vidible.tv https://*.zendesk.com wss://*.inspectlet.com; manifest-src 'self'; media-src 'self' data: http://*.cloudinary.com https://*.cloudfront.net https://*.cloudinary.com https://*.intercomcdn.com https://*.zdassets.com; object-src 'self' https://*.cmptch.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.advertising.com http://*.cloudinary.com http://*.criteo.com http://*.criteo.net http://*.facebook.com http://*.lkqd.net http://*.moatads.com http://*.us.criteo.com http://*.vertamedia.com http://*.vidible.tv https://*.addthis.com https://*.addthisedge.com https://*.ads.linkedin.com https://*.advertising.com https://*.amazonaws.com https://*.beachfrontmedia.com https://*.bing.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.cloudinary.com https://*.cmptch.com https://*.cooladata.com https://*.criteo.com https://*.criteo.net https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.inspectlet.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.linkedin.com https://*.lkqd.net https://*.moatads.com https://*.newrelic.com https://*.nr-data.net https://*.onesignal.com https://*.outbrain.com https://*.quora.com https://*.ravenjs.com https://*.sentry-cdn.com https://*.splacer.co https://*.springserve.net https://*.streamrail.com https://*.stripe.com https://*.taboola.com https://*.us.criteo.com https://*.vertamedia.com https://*.vidible.tv https://*.zdassets.com https://*.zopim.com https://*.zscalertwo.net https://onesignal.com wss://*.inspectlet.com wss://*.intercom.io wss://*.zopim.com; style-src 'self' 'unsafe-inline' data: http://*.googleusercontent.com https://*.amazonaws.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cmptch.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://*.joinhoney.com https://*.splacer.co https://onesignal.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_b712ff430c344451a7b9973dcafa5a57 1
default-src 'self'; report-uri /csp_report_parser; 1
frame-src https://lpcdn.lpsnmedia.net/ https://www.youtube.com/ https://icm.aexp-static.com/ https://aexp.demdex.net/; media-src  'none'; connect-src wss://iwmap.americanexpress.com https://ds-aksb-a.akamaihd.net/ 'self' https://dpm.demdex.net/ https://*.americanexpress.com; font-src 'self' https://*.aexp-static.com; form-action  'self'; worker-src  'none'; base-uri  'none'; style-src https://cdaas.americanexpress.com/ 'unsafe-inline' 'self' https://*.aexp-static.com; report-uri https://csp.tsrs.cloud/r/722ba07fc168276ee3fdfd92f57efc1cfa11f193; frame-ancestors  'self'; script-src 'unsafe-inline' 'self' https://*.aexp-static.com https://nexus.ensighten.com/ https://accdn.lpsnmedia.net/ https://service.maxymiser.net/ https://ds-aksb-a.akamaihd.net/ https://*.americanexpress.com https://*.liveperson.net 'unsafe-eval'; object-src  'self'; img-src https://l.betrad.com/ 'self' https://*.aexp-static.com https://*.americanexpress.com https://*.akamaihd.net https://nexus.ensighten.com/;  1
default-src https://cp03.deluxehosting.com;          img-src     'self';          style-src   'sha256-mjUS7qivjqgVidQZ/V7Meb/0zzPhMVO3LjgiUBNhyaw=';          object-src  'none';          report-uri /csp-report 1
default-src 'self' data: *.express-scripts.com *.accredo.com *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.cloudfront.net *.qualtrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' assets.adobedtm.com *.everestjs.net *.cloudflare.com *.rawgit.com *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.s3.amazonaws.com *.dialogtech.com *.cloudfront.net *.marketo.net *.qualtrics.com; object-src 'self' *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.s3.amazonaws.com *.cloudfront.net; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com *.express-scripts.com *.accredo.com *.cloudflare.com *.s3.amazonaws.com *.amazonaws.com; img-src 'self' data: *.accredo.com accredo.com expressscripts.sc.omtrdc.net *.s3.amazonaws.com *.amazonaws.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net esi-drupal-cdn-prod.s3.amazonaws.com *.boltdns.net *.qualtrics.com; media-src 'self' blob: *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.brightcove.com *.dotsub.com *.express-scripts.com *.accredo.com *.s3.amazonaws.com *.boltdns.net *.brightcovecdn.com *.qualtrics.com; frame-src 'self' abesiemsen.github.io *.s3.amazonaws.com *.amazonaws.com *.s3.amazonaws.com  *.qualtrics.com; child-src 'self' blob: *.s3.amazonaws.com *.amazonaws.com *.brightcove.net *.express-scripts.com *.accredo.com; font-src * 'self' data: fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com *.amazonaws.com *.accredo.com accredo.com; connect-src 'self' *.express-scripts.com expressscriptsholdin.tt.omtrdc.net dpm.demdex.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net dotsub.com *.s3.amazonaws.com *.accredo.com *.boltdns.net *.brightcovecdn.com *.mktoresp.com *.qualtrics.com; report-uri /report-csp-violation 1
script-src 'unsafe-eval' 'unsafe-inline' https://* ; frame-ancestors 'self' 'self' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-experimental 1
default-src https:; font-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src 'self' https:; child-src 'self' vimeo.com player.vimeo.com www.google.com; connect-src wss://* 'self' *.intercom.io *.intercomcdn.com s3.amazonaws.com js.leadin.com js.hs-scripts.com forms.hubspot.com; font-src *; img-src 'unsafe-inline' *; object-src 'none'; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; upgrade-insecure-requests; report-uri https://cobalt.report-uri.io/r/default/csp/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' about: blob: data: https://*.salesforceliveagent.com https://c.disquscdn.com https://connect.facebook.net https://disqus.com https://fast.wistia.com https://freelanceadvisor.disqus.com https://metrics.responsetap.com https://pi.pardot.com https://px.ads.linkedin.com https://script.hotjar.com https://static-ssl.responsetap.com https://static.hotjar.com https://www.crunch.uk https://www.google-analytics.com https://www.googletagmanager.com https://www.linkedin.com https://storage.googleapis.com https://hst.tradedoubler.com https://api.trustpilot.com https://widget.trustpilot.com https://s3-eu-west-1.amazonaws.com/crunch-cdn; style-src 'self' 'unsafe-inline' https://c.disquscdn.com; frame-ancestors 'self' https://*.crunch.co.uk; default-src 'self' https://disqus.com https://c.disquscdn.com https://*.crunch.co.uk; frame-src 'self' https://*.crunch.co.uk https://connect.facebook.net https://disqus.com https://fast.wistia.com https://go.pardot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://widget.trustpilot.com; img-src 'self' data: *; connect-src 'self' https://api.mixpanel.com https://distillery.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://insights.hotjar.com https://in.hotjar.com https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com; object-src 'self' blob:; media-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; report-to /platform-api/csp-violations/report/; report-uri /platform-api/csp-violations/report/; 1
default-src 'self' 'unsafe-inline' data: *.csbs.org *.googleapis.com *.gstatic.com *.googleusercontent.com *.google.com *.addtoany.com *.twitter.com *.twimg.com *.dayforcehcm.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.youtube.com *.cld.bz *.tableau.com  *.powerbi.com *.soundcloud.com soundcloud.com govmatters.tv youtu.be *.hotjar.com; report-uri /report-csp-violation 1
default-src 'self' https://google.com https://google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.fontawesome.com https://player.vimeo.com https://js.driftt.com https://calendly.com; script-src 'self' 'unsafe-inline' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' https://cdn.buttercms.com https://*; connect-src 'self' https://*; font-src 'self' https://*; object-src 'none'; media-src 'self' https://*; form-action 'self' https://*; frame-ancestors 'none'; report-uri /csp-log 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-26STyYf7f6HXWFq2GujfpzKOaA'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
object-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome https://cdnjs.cloudflare.com/ajax/libs/ionicons https://stats.g.doubleclick.net *.zendesk.com *.zdassets.com *.plaid.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-40CNM7UHdc7JdIG0VTsfML36M'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-lW2bPE7e48zsXrJauGsXR1vMzu8'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.goldwingdocs.com *.google.com *.google.ca *.google.co.uk *.google.fi *.google.de *.amazon-adsystem.com *.facebook.net *.googlesyndication.com *.google-analytics.com *.gstatic.com *.googletagservices.com;  style-src 'self' 'unsafe-inline'; img-src * data; font-src * data; child-src *; connect-src *; report-uri /reportcsp.asp; 1
default-src 'self' https:; font-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https: data:; img-src 'self' https://usercontent.gooddog.com https://d3requdwnyz98t.cloudfront.net https: data: blob:; script-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https:; style-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https:; report-uri /csp_violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.questionpoint.org; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src *.questionpoint.org; upgrade-insecure-requests 1
upgrade-insecure-requests 1
upgrade-insecure-requests;default-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com ; script-src 'nonce-OXfVF8ilF8SLtXs1Qr4QB42+JGU=' 'unsafe-inline' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com ; img-src 'unsafe-inline' 'data:' 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com ; style-src 'self' https://*.cvent.org https://*.nr-data.net https://www.youtube.com https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.cvent.com https://*.cvent-assets.com https://*.newrelic.com 'unsafe-inline'; report-uri /event/csp-violation 1
style-src 'unsafe-inline' css.zohostatic.com d3el7j01zd7apf.cloudfront.net  'self' dyjgaef5vuq51.cloudfront.net ;img-src img.zohostatic.com d1ydxa2xvtn0b5.cloudfront.net  'self' contacts.zoho.com ;script-src  'nonce-1c24b796d32973595c464981ae93c46b'  js.zohostatic.com d17nz991552y2g.cloudfront.net  'self' www.google-analytics.com www.googletagmanager.com salesiq.zoho.com dtzpfzv31buvf.cloudfront.net cdn.pagesense.io translate.googleapis.com ;report-uri https://logsapi.zoho.com/csplog?service=support 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://pcls.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-/Gv9baRUmmtdyjhuYE8Qgg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://smartservhosting.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=280b9c14984da419e572289c8de7ba07 1
default-src * data: blob:; child-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' 'self'; style-src https: 'unsafe-inline'; object-src https: 'unsafe-inline'; report-uri https://broadlyproxy.report-uri.com/r/d/csp/reportOnly; 1
default-src 'unsafe-inline' * 'unsafe-eval' data: https:; img-src 'unsafe-inline' data: mediastream: blob: * android-webview-video-poster:; font-src 'unsafe-inline' * 'unsafe-eval' data:; form-action https:; report-uri https://sagvhts6ostb5kz5guxaxuzi.httpschecker.net/report 1
default-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri https://ramsalt.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-BXiEg0I9SBpxOCVv5PnxU6OHu0'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' https://www.viewpointmag.com; require-sri-for script 1
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; frame-src https:; font-src https: data:; report-uri https://ls.getresponse.com/log/csp_report?source=app-gr 1
default-src 'self' 'unsafe-inline' *.mmadrid.net *.evonik.com *.analytics.edgekey.net *.twimg.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com www.youtube-nocookie.com www.gstatic.com www.google.com videocdnvod1-vh.akamaihd.net *.video-cdn.net licensing.bitmovin.com *.equitystory.com *.oracleinfinity.io www.youtube.com *.video-cdn.net data: blob: ;frame-src 'self' 'unsafe-inline' blob: *.equitystory.com service.sepuran.com *.facebook.com *.facebook.net *.mmadrid.net threatpulse.net; style-src-attr 'self' 'unsafe-inline' ;style-src 'self'; report-uri https://csp.intranet.evonik.com/csp-report.php 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php 1
script-src 'self' 'unsafe-inline' https://www.hotjar.com/ www.google-analytics.com https://www.google-analytics.com https://www.kwadico.com https://*.kwadico.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/;img-src https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.co https://images.unsplash.com https://www.kwadico.com https://*.kwadico.com;connect-src https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://hotjar.com https://www.kwadico.com https://*.kwadico.com;frame-src https://*.hotjar.com 1
default-src 'none'; script-src-elem www.google.com 'self' 'unsafe-inline' www.gstatic.com www.google-analytics.com cdn.jsdelivr.net ;frame-src 'self' data: mailto: tel: www.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-eval' cdn.jsdelivr.net  www.google.com www.gstatic.com www.google-analytics.com; connect-src 'self' saveload.tradingview.com www.tradingview.com https://www.google-analytics.com wss://www.bitexen.com; font-src 'self' fonts.gstatic.com use.fontawesome.com; img-src 'self' data: www.google-analytics.com; manifest-src 'self'; style-src-attr 'unsafe-inline'; report-uri https://www.bitexen.com/report-uri 1
default-src https:; connect-src https: wss:; script-src https: http: 'unsafe-eval' 'unsafe-inline' data:; style-src https: 'unsafe-inline'; img-src https: http: data:; font-src https: data:; report-uri /csp-report 1
base-uri 'self'; object-src 'self' ; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.stemedhub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://stemedhub.org https://www.dropbox.com https://graph.facebook.com https://*.facebook.com; default-src 'self' https://*.stemedhub.org https://*.stemedhub.aws.hubzero.org; font-src 'self' https://fonts.gstatic.com data: safari-extension: chrome-extension: ; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://*.stemedhub.org https://*.stemedhub.aws.hubzero.org  https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com ; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com  https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com ; report-uri https://help.hubzero.org/csp-cms.php; report-to cms 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.hotjar.com http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js; connect-src https://insights.hotjar.com 'self'; font-src 'self' data:; worker-src 'self' blob: data:; img-src 'self' data: https://www.google-analytics.com https://stats.g.doubleclick.net/r/collect; style-src 'self' 'unsafe-inline' data: https://seesparkbox.com http://afeld.github.io/emoji-css/emoji.css https://cloud.typography.com/655912/6152352/css/fonts.css; frame-src 'self' https://vars.hotjar.com; media-src data:; report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://ampcid.google.ae https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.ae https://m.myprotein.ae https://checkout.myprotein.ae https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
img-src https:; 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-27SJK2Vzn7P83HirJChAPZMJqo' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.tw https://m.lookfantastic.com.tw https://checkout.lookfantastic.com.tw; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://ampcid.google.com.tw; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.tw https://m.myprotein.tw https://checkout.myprotein.tw; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-PLtJV8ez9aYjrfiso93lrg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
frame-ancestors 'self'; style-src themes.googleusercontent.com fonts.googleapis.com www.googletagmanager.com storage.googleapis.com 'unsafe-eval' unpkg.com *.twimg.com *.bootstrapcdn.com *.youtube.com https://media.forbiddenplanet.com 'self' *.googleapis.com *.youtu.be fonts.gstatic.com *.twitter.com *.sagepay.com *.facebook.net *.google.com *.gstatic.com *.cloudfront.net data: *.pinterest.com 'unsafe-inline' *.surveymonkey.com www.googlecommerce.com www.google-analytics.com *.akamaihd.net *.facebook.com *.instagram.com; worker-src 'self' https://media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net data:; frame-src 'self' https://media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net data:; connect-src themes.googleusercontent.com fonts.googleapis.com www.googletagmanager.com tripadvisor.com storage.googleapis.com www.gravatar.com unpkg.com *.twimg.com *.bootstrapcdn.com dyn0.media.forbiddenplanet.com *.youtube.com https://media.forbiddenplanet.com 'self' *.googleapis.com *.youtu.be https: fonts.gstatic.com dyn.media.forbiddenplanet.com *.twitter.com *.sagepay.com *.facebook.net *.google.com *.tile.openstreetmap.com openstreetmap.com *.gstatic.com *.cloudfront.net data: *.pinterest.com *.surveymonkey.com www.googlecommerce.com www.google-analytics.com *.akamaihd.net *.facebook.com *.instagram.com wss://forbiddenplanet.com; font-src 'self' https://media.forbiddenplanet.com data: fonts.googleapis.com storage.googleapis.com fonts.gstatic.com themes.googleusercontent.com; img-src 'self' https://media.forbiddenplanet.com https: data: www.gravatar.com tripadvisor.com unpkg.com openstreetmap.com *.tile.openstreetmap.com dyn0.media.forbiddenplanet.com dyn.media.forbiddenplanet.com www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net; default-src 'self' https://media.forbiddenplanet.com 'unsafe-inline' 'unsafe-eval' data:; script-src 'self' https://media.forbiddenplanet.com 'unsafe-inline' 'unsafe-eval' data: www.googletagmanager.com www.googlecommerce.com www.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.instagram.com *.pinterest.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.sagepay.com *.surveymonkey.com *.bootstrapcdn.com *.cloudfront.net *.akamaihd.net; report-uri /@csp-report 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.addthis.com https://*.addthisedge.com https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.39.1/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://rules.quantcount.com https://s.pinimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.39.1/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.addthis.com https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://static.criteo.net https://tpc.googlesyndication.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.addthis.com https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://maps.tilehosting.com/styles/ https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://v1.addthis.com/live/red_lojson/100eng.json https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 1
default-src 'self' *.localphone.com *.localphone.co.uk https://*.tawk.to wss://*.tawk.to; img-src * data: ; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://*.tawk.to https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com https://*.tawk.to wss://*.tawk.to; report-uri https://localphone.report-uri.io/r/default/csp/reportOnly 1
child-src 'self'; connect-src https://*.google-analytics.com https://slaask.com http://*.google.com https://*.eyeka.com https://*.pusher.com https://*.cedexis.com data: https://*.g.doubleclick.net https://*.adnxs.com https://*.facebook.com http://*.eyeka.com https://*.kameleoon.com http://*.google-analytics.com 'self' https://*.googleapis.com https://*.google.com; default-src 'self' data:; font-src https://*.gstatic.com https://*.eyeka.com data: https://*.slaask.com http://*.eyeka.com 'self' https://*.embedly.com; frame-src http://*.youtube.com http://*.google.com data: https://*.uservoice.com https://*.kameleoon.eu https://*.g.doubleclick.net https://*.kameleoon.com https://*.facebook.com https://*.youtube.com 'self' https://*.embedly.com https://*.google.com; img-src https://*.cdnetworks.net https://*.gravatar.com https://*.uservoice.com https://*.slaask.com https://*.kameleoon.com https://*.google.ru https://*.google.co.id https://*.youtube.com https://*.google.com https://t.co http://*.google.com https://*.google.pt https://*.ads.linkedin.com https://*.google.com.br https://*.licdn.com https://*.google.com.ua https://*.google.co.uk https://*.adnxs.com http://*.eyeka.com http://*.google-analytics.com https://*.google.com.ng 'self' https://*.googleapis.com https://*.google-analytics.com https://*.eyeka.com https://*.google.com.ph https://*.google.co.in https://*.facebook.com https://*.google.fr https://*.google.com.pk https://*.gstatic.com http://*.youtube.com https://*.google.es data: https://*.g.doubleclick.net https://*.google.com.ar; manifest-src 'self'; media-src https://*.gstatic.com http://*.google.com https://*.eyeka.com https://*.slaask.com http://*.eyeka.com 'self' https://*.google.com; object-src http://*.eyeka.com data: 'self' https://*.eyeka.com; script-src https://*.ads-twitter.com https://*.uservoice.com https://*.linkedin.com https://*.slaask.com https://*.kameleoon.com https://*.googleadservices.com https://*.google.co.id https://*.google.ru https://*.pusher.com https://*.google.com https://*.newrelic.com http://*.google.com https://*.ads.linkedin.com https://*.licdn.com https://*.mouseflow.com 'unsafe-inline' https://*.adnxs.com https://*.mxpnl.com http://*.eyeka.com http://*.google-analytics.com 'self' https://*.googleapis.com https://*.embedly.com https://*.google-analytics.com 'unsafe-eval' https://*.eyeka.com https://*.nr-data.net https://*.google.fr https://*.gstatic.com https://*.facebook.net https://*.cedexis.com data: https://*.g.doubleclick.net https://*.twitter.com; style-src https://*.eyeka.com data: 'unsafe-inline' https://*.slaask.com http://*.eyeka.com 'self' https://*.googleapis.com https://*.embedly.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src pagead2.googlesyndication.com stats.g.doubleclick.net kraken.rambler.ru counter.yadro.ru mc.yandex.ru stats.g.doubleclick.net ssl.google-analytics.com favicon.yandex.net yastatic.net  avatars-fast.yandex.net avatars.mds.yandex.net an.yandex.ru vk.com hron-prostatit.ru data: blob:; font-src fonts.gstatic.com https: data:; report-uri /csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.tiles.mapbox.com/ https://code.jquery.com/ https://unpkg.com/ https://fonts.gstatic.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://ajax.googleapis.com/ www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.tiles.mapbox.com/ https://code.jquery.com/ https://unpkg.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://ajax.googleapis.com/ www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; object-src 'none'; connect-src 'self' 'unsafe-inline';img-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com/ https://unpkg.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ www.google.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net data: ; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://unpkg.com/ https://fonts.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ ;sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation; 1
default-src 'unsafe-inline' 'self' https://www.web-rooms.co.nz https://*.web-rooms.com https://*.web-rooms.co.nz https://code.jquery.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.raxcdn.com https://*.rackcdn.com https://www.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.web-rooms.co.nz https://*.web-rooms.com https://*.web-rooms.co.nz https://code.jquery.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.raxcdn.com https://*.rackcdn.com https://www.google-analytics.com; media-src *; font-src 'self' data: ; img-src 'unsafe-inline' data: 'self' https://www.web-rooms.co.nz https://*.web-rooms.com https://*.web-rooms.co.nz https://code.jquery.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.raxcdn.com https://*.rackcdn.com https://www.google-analytics.com; report-uri https://www.web-rooms.co.nz/CspReport.asp 1
script-src 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ulogin.ru *.vestum.ru mc.yandex.ru api-maps.yandex.ru *.maps.yandex.net *.suggest-maps.yandex.ru; report-uri https://data.vestum.ru/csp/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ymadam.net *.yandex.ru https://yandex.ru https://docdoc.ru https://cdn.docdoc.ru https://w.docdoc.ru https://adservice.google.md http://docdoc.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yandex.st *.yandex.st https://yandex.st https://*.yandex.st https://*.yandex.ua yastatic.net https://yastatic.net yandexadexchange.net *.yandexadexchange.net *.google.com https://*.google.ru https://*.google.com https://*.google.com.ua https://*.google.kz https://*.google.az *.liveinternet.ru *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.googlesyndication.com googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googlezip.net *.yadro.ru https://*.yadro.ru *.youtube.com https://*.youtube.com http://*.mail.ru http://img.imgsmail.ru http://*.cloudflare.com http://r.mradx.net http://*.adriver.ru http://*.adfox.ru *.facebook.net vk.com *.vk.com https://vk.com http://*.buzzoola.com https://*.buzzoola.com http://*.weborama.fr http://*.facetz.net http://*.exe.bid http://*.tns-counter.ru mc.yandex.kz *.luxupcdnc.com mc.yandex.by *.yandex.net googletagservices.com *.yahoo.com goo.gl google-analytics.com; report-uri https://ymadam.net/csp-manager/tracker.php 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://plugin.monotote.com https://www.youtube.com https://www.zenaps.com https://smct.co https://*.thcdn.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://smct.co https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co; form-action 'self' https://www.facebook.com https://www.illamasqua.com https://m.illamasqua.com https://checkout.illamasqua.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://plugin.monotote.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.smct.co; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.google-analytics.com *.twitter.com *.cloudflare.com; script-src 'self' 'unsafe-inline' *.linkedin.com *.licdn.com fullstory.com *.cloudflare.com; connect-src *.fullstory.com ipinfo.io; img-src 'self' *.cloudfront.net; style-src 'self' 'unsafe-inline' *.cloudflare.com; object-src 'self'; base-uri 'none'; report-uri https://log.templarbit.com/csp-reports/169b7002-9c77-4596-a78c-4e5231293192/report; 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-rECaS0jfaLluvByUDzfKfA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.krxd.net/ https://*.doubleclick.net/ https://www.redditstatic.com/ https://alb.reddit.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://vc.hotjar.io/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com https://jslog.krxd.net/ https://beacon.krxd.net https://www.redditstatic.com/ https://alb.reddit.com/ ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://*.doubleclick.net/ https://*.krxd.net/ ; media-src https://epixwebapp-vh.akamaihd.net/ ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod 1
script-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com gitcdn.github.io www.google-analytics.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com gitcdn.github.io cdnjs.cloudflare.com; img-src 'self' data: www.google-analytics.com code.jquery.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' www.google-analytics.com firebasestorage.googleapis.com https://api.github.com https://discordapp.com; media-src 'none'; object-src 'none'; child-src 'self'; worker-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://ffbeequip.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-v57wAhS8Tan7KUI0KnuwuA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
connect-src 'self' *.tctm.co insights.hotjar.com; default-src 'self';frame-ancestors 'self' ;frame-src 'self' vars.hotjar.com;media-src 'self' *.example.com;object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com tagmanager.google.com  www.google-analytics.com www.googletagmanager.com  cdn.jsdelivr.net js-agent.newrelic.com unpkg.com code.jquery.com ssl.google-analytics.com bat.bing.com *.tctm.co pi.pardot.com static.hotjar.com bam.nr-data.net wws1.membogo.com w.google.com connect.facebook.net script.hotjar.com maps.googleapis.com; font-src 'self' data: use.fontawesome.com s1.membogo.com fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: http: https: staging.s1.membogo.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https: data: s1.membogo.com fonts.googleapis.com; report-to https://bb8.agencehpj.com/csp; report-uri https://bb8.agencehpj.com/csp; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.twitter.com https://*.twimg.com https://*.creativecommons.org https://*.addthis.com http://*.addthis.com http://*.addthisedge.com http://*.google-analytics.com https://*.google.com https://*.google.ca https://*.googleapis.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://adservice.google.com.tw https://platform.twitter.com https://www.google-analytics.com https://m.addthisedge.com http://survey.g.doubleclick.net https://*.hotjar.com https://www.googleadservices.com; object-src 'self'; style-src 'self' 'unsafe-inline' http://*.twitter.com https://*.googleapis.com https://*.twimg.com https://*.google.com https://use.fontawesome.com; img-src 'self' data: https://*.creativecommons.org http://*.twitter.com https://licensebuttons.net https://*.twimg.com http://*.addthis.com https://www.google-analytics.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://h5p.org https://syndication.twitter.com https://platform.twitter.com https://m.addthis.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.ca; media-src 'self'; frame-src 'self' http://*.twitter.com http://*.addthis.com https://*.twitter.com https://*.addthis.com https://*.google.com https://www.youtube.com https://*.doubleclick.net https://www.peopleslawschool.ca https://www.googletagmanager.com https://*.hotjar.com; frame-ancestors http://plsembed.agentic.ca https://www.consumerprotectionbc.ca https://wptest.consumerprotectionbc.ca http://seniorsfirstbc.ca http://artofresearch.ca https://peopleslawschool.igloocommunities.com http://dialalaw.peopleslawschool.ca  https://betterlegalinfo.ca https://worldtrafficsolutions.xyz https://besttrafficsolutions.xyz http://emailscraperbot3825.blog5.net/24512776/guide-email-extractor-and-search-engine-scraper-by-creative-bear-tech http://seoespecialista.com; child-src 'self'; font-src 'self' https://*.gstatic.com data https://use.fontawesome.com; connect-src 'self' http://*.addthis.com https://*.twitter.com https://www.google-analytics.com/* https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io; report-uri /report-csp-violation 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src http: https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss://*.zopim.com wss://*.intercom.io; 1
default-src 'self' data: 'unsafe-inline' a.bongo4u.com; script-src 'self' data: 'unsafe-inline' a.bongo4u.com blob: 'unsafe-eval' *.google.com *.gstatic.com www.google-analytics.com ajax.googleapis.com *.googleusercontent.com *.googleadservices.com *.facebook.net *.twitter.com *.twimg.com *.youtube.com *.ytimg.com *.yahooapis.com *.mailchimp.com *.list-manage.com *.amazonaws.com/downloads.mailchimp.com/ cdnjs.cloudflare.com *.jquery.com *.naylornetwork.com *.brightcove.com; connect-src 'self' data: 'unsafe-inline' a.bongo4u.com comments.emerge2.com util.emerge2.com www.google-analytics.com *.doubleclick.net *.facebook.com *.naylornetwork.com *.brightcove.com; frame-src 'self' data: 'unsafe-inline' a.bongo4u.com *.google.com *.google.ca *.youtube.com *.youtu.be *.facebook.com *.twitter.com *.twimg.com *.instagram.com *.yahoo.com *.catalog-display.com *.shortstack.com *.pgtb.me *.formstack.com *.list-manage.com *.doubleclick.net *.orgill.com *.orgill.ca *.ecomadviewer.com *.castlecommunications.ca *.chameleonpower.com *.timbertech.com *.adobe.com *.naylornetwork.com *.brightcove.com; object-src 'self' data: 'unsafe-inline' a.bongo4u.com  blob: *.apple.com *.macromedia.com *.naylornetwork.com *.brightcove.com; img-src https: data: blob:; media-src https:; style-src 'self' data: 'unsafe-inline' a.bongo4u.com *.google.com fonts.googleapis.com *.googleusercontent.com *.bootstrapcdn.com *.twitter.com *.twimg.com *.mailchimp.com *.naylornetwork.com *.brightcove.com; font-src 'self' data: 'unsafe-inline' a.bongo4u.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.joinhoney.com/fonts/ *.naylornetwork.com *.brightcove.com; report-uri https://util.emerge2.com/report_uri_api.php; 1
default-src 'self' 'unsafe-inline' dyrbj6mjld-flywheel.netdna-ssl.com fonts.googleapis.com googleapis.com *.doubleclick.net *.mktoresp.com hotjar.com *.googletagmanager.com *.linkedin.com *.facebook.com *.facebook.net twitter.com instagram.com *.youtube.com *.bizible.com snapapp.com vimeo.com lightwidget.com fonts.gstatic.com *.hotjar.com *.hotjar.io *.doubleclick.net *.adroll.com *.licdn.com *.airpr.com *.marketo.net *.google-analytics.com *.google.com *.casalemedia.com *.rubiconproject.com *.3lift.com *.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.advertising.com *.outbrain.com *.pubmatic.com *.taboola.com; 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudinsidr.com cloudinsidr.com *.digitalmastersmag.com digitalmastersmag.com *.google-analytics.com https://sync.sharethis.com https://apis.google.com https://accounts.google.com https://cdn.heapanalytics.com load.sumome.com https://sumome.com https://sumome-140a.kxcdn.com https://sumo.com https://js.stripe.com https://gc.kis.scr.kaspersky-labs.com https://platform.twitter.com https://connect.facebook.net https://api.facebook.com https://graph.facebook.com https://widgets.pinterest.com https://buttons.reddit.com https://www.linkedin.com https://www.yummly.com https://api.bufferapp.com https://affiliate.thesslstore.com https://ad.linksynergy.com https://contextual.media.net http://contextual.media.net https://srvjsr.media.net https://cdn.inspectlet.com https://lg1.media.net https://srvjsre.media.net z-na.amazon-adsystem.com https://digital-masters-magazine.disqus.com https://cloudinsidr-com.disqus.com https://c.disquscdn.com https://disqus.com https://fast.wistia.net https://mstat.acestream.net https://links.services.disqus.com https://gateway.zscalertwo.net http://cdn.inspectlet.com https://m59.prod2016.com; img-src 'self' data: https://sumome-140a.kxcdn.com *.cloudinsidr.com cloudinsidr.com *.digitalmastersmag.com digitalmastersmag.com https://s.w.org https://load.sumo.com https://sumome.com https://sumo.com https://media.sumo.com https://sumome-media.s3.amazonaws.com https://micro.sumo.com https://www.gravatar.com https://secure.gravatar.com https://www.gstatic.com https://q.stripe.com https://www.facebook.com https://syndication.twitter.com https://dashboard.zopim.com https://affiliate.thesslstore.com *.amazon-adsystem.com https://images-na.ssl-images-amazon.com *.google-analytics.com https://stats.g.doubleclick.net ad.linksynergy.com https://mproxy.banner.linksynergy.com https://impus.tradedoubler.com https://vht.tradedoubler.com https://qsearch-a.akamaihd.net https://c.adyield.co https://c.ad-srv.co https://srvjsr.media.net https://contextual.media.net https://lg1.media.net https://s.mnet-ad.net https://referrer.disqus.com https://c.disquscdn.com https://disqus.com https://links.services.disqus.com https://code.jquery.com https://cdn.viglink.com https://i1.wp.com https://heapanalytics.com https://hn.inspectlet.com https://bcp.crwdcntrl.net https://ps.w.org https://gateway.zscalertwo.net https://www.a4c.com https://microsumo-140a.kxcdn.com https://sync.sharethis.com https://easyid.scansafe.net; style-src 'self' 'unsafe-inline' data: *.cloudinsidr.com *.digitalmastersmag.com https://fonts.googleapis.com https://sumome-140a.kxcdn.com https://sumo.com load.sumome.com https://code.jquery.com https://c.disquscdn.com https://disqus.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://sumome-140a.kxcdn.com https://contextual.media.net https://sxt.cdn.skype.com https://maxcdn.bootstrapcdn.com; form-action 'self'; connect-src 'self' wss://www.digitalmastersmag.com wss://www.cloudinsidr.com https://apis.google.com https://www.google-analytics.com https://sumome.com https://sumo.com https://sumome-140a.kxcdn.com https://clients6.google.com https://code.jquery.com https://hn.inspectlet.com https://yoast.com https://links.services.disqus.com wss://ws.inspectlet.com https://stats.g.doubleclick.net https://cr-input.mxpnl.net; frame-src 'self' https://apis.google.com https://accounts.google.com https://js.stripe.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://impus.tradedoubler.com https://ad.linksynergy.com https://affiliate.thesslstore.com http://affiliate.thesslstore.com https://contextual.media.net https://sumo.com https://c.disquscdn.com https://disqus.com https://fast.wistia.net https://static.media.net; object-src 'self'; report-uri https://f454b82e7d32b8566fe5e2c5adce5e2e.report-uri.com/r/d/csp/enforce 1
default-src https: wss:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.turne.com.ua/api/csp 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/private/csp-report 1
default-src 'self' https://*.yandex.ru; script-src 'self' https://*.google-analytics.com https://*.top100.ru https://*.yandex.ru 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googleapis.com https://*.yadro.ru https://openstat.net; img-src 'self' https://i0.wp.com https://*.rambler.ru https://*.g.doubleclick.net https://*.yandex.ru https://*.google-analytics.com https://front.facetz.net https://*.googleapis.com https://*.gravatar.com https://*.yadro.ru https://openstat.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; child-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
base-uri  'self';report-uri https://csp.tsrs.cloud/r/450115a4efa70302d1031f96f349ea77a583df6f;img-src https://sync.1rx.io/ https://maps.gstatic.com/ 'self' http://production.smedia.lvp.llnw.net/ https://*.doubleclick.net https://analytics.twitter.com/ https://*.webtype.com https://*.adsrvr.org https://*.criteo.com https://d.lemonpi.io/ https://soma.smaato.net/ https://www.googleadservices.com/ https://tag.yieldoptimizer.com/ https://central136.intra.aexp.com/ https://api.adsymptotic.com/ https://bat.bing.com/ https://a.tribalfusion.com/ https://*.americanexpress.com https://d.appsdt.com/ https://www.facebook.com/ https://s.amazon-adsystem.com/ https://*.aexp-static.com https://fairfax.demdex.net/ https://maps.googleapis.com/ https://stags.bluekai.com/ https://cx.atdmt.com/ https://*.akamaihd.net https://p.typekit.net/ https://www.google-analytics.com/ https://*.google.com https://l.betrad.com/ https://dev.visualwebsiteoptimizer.com/ https://pixel.rubiconproject.com/ https://*.advertising.com https://pixel.sojern.com/ https://*.adnxs.com https://*.rfihub.com https://scontent.xx.fbcdn.net/ https://*.linkedin.com https://urldefense.proofpoint.com/ https://t.teads.tv/ https://nexus.ensighten.com/ https://*.brand-display.com https://affleads.latamtracking.com/ https://s3-ap-southeast-1.amazonaws.com/ https://*.eloqua.com https://t.co/ https://www2.tmvtp.com/ https://pixel.quantserve.com/ http://*.webtype.com http://*.americanexpress.com https://*.yahoo.com https://groupmconnect.go2cloud.org/ data: https://rs.gwallet.com/;font-src https://cache.marriott.com/ https://fonts.gstatic.com/ https://use.typekit.net/ 'self' https://*.aexp-static.com http://*.webtype.com https://*.webtype.com data: https://s3-ap-southeast-1.amazonaws.com/;frame-src https://connect.facebook.net/ https://icm.aexp-static.com/ https://cdn.distiltag.com/ https://*.doubleclick.net https://lpcdn.lpsnmedia.net/ https://*.facebook.com https://player.vimeo.com/ https://*.americanexpress.com https://vars.hotjar.com/ https://*.google.com https://versicherungen.amex-services.de/ https://www.youtube.com/ https://aexp.demdex.net/;plugin-types  image/svg+xml;media-src data: http://production.smedia.lvp.llnw.net/;form-action https://connect.facebook.net/ 'self' https://*.eloqua.com https://amex-api.homolog.lqdi.net/ https://amex.voiceradar.com.br/ https://americanexpress-sg.custhelp.com/ https://*.americanexpress.com;frame-ancestors  'self';script-src https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' https://use.typekit.net/ 'self' https://maps.googleapis.com/ https://static.ads-twitter.com/ https://stags.bluekai.com/ https://analytics.twitter.com/ https://maxcdn.bootstrapcdn.com/ https://ds-aksb-a.akamaihd.net/ https://d2qmp7jjpd79k7.cloudfront.net/ https://*.liveperson.net https://googleads.g.doubleclick.net/ https://code.jquery.com/ https://www.google-analytics.com/ https://*.google.com https://www.gstatic.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googleadservices.com/ https://service.maxymiser.net/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://d5phz18u4wuww.cloudfront.net/ https://report1.maritz.com/ https://*.delvenetworks.com https://accdn.lpsnmedia.net/ https://nexus.ensighten.com/ https://bat.bing.com/ https://*.americanexpress.com https://js.maxmind.com/ https://s3-ap-southeast-1.amazonaws.com/ https://n-cdn.areyouahuman.com/ https://s.go-mpulse.net/ https://*.hotjar.com https://*.aexp-static.com https://aeopprodvip.acxiom.com/ https://secure.leadforensics.com/ https://*.en25.com https://browser-update.org/ 'unsafe-eval' https://ajax.googleapis.com/;style-src 'unsafe-inline' 'self' https://*.aexp-static.com https://fonts.googleapis.com/ http://*.webtype.com http://*.americanexpress.com https://*.americanexpress.com https://*.webtype.com https://s3-ap-southeast-1.amazonaws.com/;object-src https://*.aexp-static.com;worker-src  'self' blob:;connect-src wss://iwmap.americanexpress.com https://connect.facebook.net/ https://c.go-mpulse.net/ 'self' https://dpm.demdex.net/ https://performance.typekit.net/ https://amex.voiceradar.com.br/ https://ds-aksb-a.akamaihd.net/ https://americanexpress-sg.custhelp.com/ https://*.americanexpress.com https://*.eloqua.com https://*.aexp-static.com https://amex-api.homolog.lqdi.net/ https://vc.hotjar.io/ https://cached-cors-proxy.consumercentric.eu/ https://americanexpresscards.tt.omtrdc.net/ https://in.hotjar.com/ https://origin.distiltag.com/; 1
default-src https:; report-uri 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-37+6g9wUAydrCDkaLQYcdQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://www.ngospelmedia.net/wp-json/rsssl/v1/csp?rsssl_apitoken=1565822182 1
default-src *; style-src *  data: 'unsafe-inline'; img-src *  data:; font-src *  data:; connect-src *; media-src * ; frame-src *;  script-src * data: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com; 1
default-src 'self'; script-src 'self' *.yandex.ru 1
default-src 'self' https: https://*.hotjar.com:* https://*.hotjar.io 'unsafe-eval'; base-uri 'none'; connect-src 'self' https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://*.hotjar.com; font-src https: data:; frame-src https://bid.g.doubleclick.net https://www.youtube.com https://codepen.io http://codepen.io https://www.facebook.com https://staticxx.facebook.com/ https://platform.twitter.com/ https://www.google.com/recaptcha/ https://intercom-sheets.com https://js.intercomcdn.com https://*.hotjar.com:* https://*.hotjar.io; img-src 'self' https: http: data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' https://*.hotjar.com https://*.hotjar.io 'nonce-MNsPopk2D08zAc69Ss0Xg+0xD2d6rqqEoEhrAdMZB4Q='; style-src 'self' https: 'unsafe-inline'; report-uri https://formkeep.com/f/fda9843107fc 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://cdn.firstpromoter.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com; connect-src https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.google.ca https://stats.g.doubleclick.net https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com; media-src https://js.intercomcdn.com; form-action https://intercom.help; frame-ancestors 'none' 1
default-src https://www.liquidlight.co.uk; script-src https://www.liquidlight.co.uk https://www.google-analytics.com https://js.createsend1.com 'unsafe-inline'; connect-src https://www.liquidlight.co.uk https://search.gelo.co.uk; img-src https://www.liquidlight.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.gravatar.com https://i0.wp.com https://*.createsend1.com; frame-src https://www.liquidlight.co.uk https://www.youtube.com https://a.tiles.mapbox.com; style-src https://www.liquidlight.co.uk 'unsafe-inline'; report-uri https://www.liquidlight.co.uk/?eID=error 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://ampcid.google.com.my https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.com.my https://m.myprotein.com.my https://checkout.myprotein.com.my https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
report-uri /report-violation; default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com; script-src 'self' google-analytics.com *.google-analytics.com personyze.com *.personyze.com connect.facebook.net livechatinc.com *.livechatinc.com *.algolianet.com *.algolia.net googletagmanager.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net 'sha256-U+rrqE53MCzvTDdz71/VXQy1djngj2ExzMoa1fPiQqg=' 'sha256-hfwx1vycHF5eMRHxd8KVOWB4EykA4iqXT24HqLnyLU0=' 'nonce-2b98d98e-cce2-4d31-bff7-00fcaf72d969'; connect-src 'self' services.vordur.is cdn.contentful.com sentry.io google-analytics.com www.google-analytics.com www.facebook.com *.algolianet.com *.algolia.net; frame-src old.vordur.is secure.livechatinc.com www.facebook.com www.youtube.com *.doubleclick.net; img-src 'self' blob: data: www.facebook.com www.google-analytics.com cdn.livechatinc.com secure.livechatinc.com *.doubleclick.net www.google.com www.google.is www.google.es www.gstatic.com; media-src cdn.livechatinc.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://www.sovendus.com/ https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://translate.googleapis.com https://*.adyen.com; frame-src https:; connect-src 'self' https://*.pndsn.com https://www.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.sovendus.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io https://www.paypal.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com; object-src 'none';	 worker-src 'self';	 ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://www.sovendus.com/banner-responsive/; img-src 'self' data: http: https:; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de;frame-ancestors 'self';report-uri /ls/?reportOnly=true 1
default-src 'self';style-src * 'unsafe-inline';script-src 'self' 'unsafe-eval' 'strict-dynamic' https: http: https://mc.yandex.ru https://yastatic.net https://*.googleapis.com https://maps.gstatic.com http://*.googleapis.com http://maps.gstatic.com 'sha256-e/PwIXR5lP33fVTw75aAyOCsYQJZTOhNEx417Oa6Fj0=' 'sha256-2nD5Yg3GpvE1OBB1gSff6rhKy0ZOtd4AyV4nqocdtEw=' 'sha256-0JDGZ7yuPgetF7Bd5I8NMPxVhtZRmLBYcZVGRKoAzAs=' 'sha256-tv7sv42WAXbOH3iP0XQx21AQyXcyWtTs3P6h6lfACxM=' 'sha256-ze05ylXhmz1SWEqruTPQChQfWJz8TnfuQ/VVI325bXQ=' 'sha256-YSFgPYsgfbBbnt+PO0caTD94gM6UOEL+Og0XNSfIIP8=' 'sha256-7OIis6/xu2cdx6JV4lUqlRqK2xz5Adg7EiLCF8jIy6A=' 'sha256-3MBVXurxrXzNYPLCmLTILjmH21XRUuiImu+SVc0a+/k=' 'sha256-m3+3uAu/L2kglWe1S0WocG2SvVx4QsY7uFzoBeG3S8o=' 'sha256-owPx+H82tTZZ6f3ZR1Hy2I5lTe1GmLuV22YoZ7OaaGs=' 'sha256-/eGEnBAjzqsfg2WMSAxR0eFYhxCsiJz1nRJkdcrTdi8=' 'sha256-GJspzLF5P8iUP2ggFUOLIvdx0fi7f9uCnL5h4oPjWiE=' 'sha256-WNqYqbHLA7b9LJJ6gAKkTlcGBbIPHeMabhexHiBQVVM=' 'sha256-HcpHoGZHzFgDNl5s6SvaPnY+fa2lnhFCc4MKsYXEAB0=' 'sha256-LKM8boTSsTsLC0wbh7QnfKs+WY54KMRNemhAkEQrtWA=' 'sha256-aK1T+B/mqlaEJvQ+chQvZMK8Z5mrp4i+GVLkqL57NiI=' 'sha256-RNOyeC00kvM7Xw47P9TSjM4iWlVZL08moyJIjz14js8=' 'sha256-LKM8boTSsTsLC0wbh7QnfKs+WY54KMRNemhAkEQrtWA=' 'sha256-qZqUfpmJumOmxx+AiOHBvnGaQVT24YNvb5AA/GN8BGs=' 'sha256-MCstmiGxgumlXIcPzlRCKATMJhRAfJLDj/kuE8smlxU=' 'sha256-J3+TU7DG5khWOS1Pw+yWVOx+JdosMLR33/XfZBRYEiY=' 'sha256-mD15IugP/MymSF/csGGWY4YuBjEcQf4xrDkrBFq60BY=' 'sha256-sHz1trO04g9i3hBUI/sQcY2udh85euSY1Y0HGpOV46E=' 'sha256-owPx+H82tTZZ6f3ZR1Hy2I5lTe1GmLuV22YoZ7OaaGs=' 'sha256-hL0QIa2reyy+egIfpTF8AK7eYnpWRm3V+Z8Tj473ns0=' 'sha256-LKM8boTSsTsLC0wbh7QnfKs+WY54KMRNemhAkEQrtWA=' 'sha256-GJspzLF5P8iUP2ggFUOLIvdx0fi7f9uCnL5h4oPjWiE=' 'sha256-H92KFdRe1jKn5YEjYxuz9peViEhEsQUBGFDG756RWjY=' 'sha256-hRuAoWNmGuSNCujuLzLVklfPCqN92sC4IqvOIWrOE9c=' 'sha256-Iwx1uaWBNr4lZSCfxglUtf3g2IuoaJK44+Oh/KqVfCI=' 'sha256-g8uhho59yd3os5rI1nv/h11iBiheCIx/RC5EESk3Pdk=' 'sha256-KNkI836G/TsbngTeifh20K4fYNwK0PRMjXsYV/srPqM=' 'sha256-cXsMIvKvH3A9mCSE7dNyTbDiyqN55cfOiQzEg47ES3c=' 'sha256-TXYbZ138gKUaIDuaztw449xk20n71Famnoj5aXOCatQ=' 'sha256-Sqs3Y5XE1jgIOwNCwEwDH9X27kU7HUWUaQXlL7tpTo4=' 'sha256-m3+3uAu/L2kglWe1S0WocG2SvVx4QsY7uFzoBeG3S8o=' 'sha256-gamJYC8CgfcT9J41V8cjuIx0T1VzN8WetajZKQRDU6I=' 'sha256-RNOyeC00kvM7Xw47P9TSjM4iWlVZL08moyJIjz14js8=' 'sha256-aK1T+B/mqlaEJvQ+chQvZMK8Z5mrp4i+GVLkqL57NiI=' 'sha256-I6l5A0iWmnL2irWXKD498vryJg8l9yO97sNN6bnC3uY=' 'sha256-s28yFJozWYIwWvtUOcVYJcJ1AKRZn0a9Ns58LM9SyQY=';img-src 'unsafe-inline' 'self' data: blob: https://mc.yandex.ru;connect-src 'self' https://mc.yandex.ru;object-src 'self'; report-uri /app/csp-report-servlet; 1
default-src                  'self'                  data:                  blob:                  localhost:*                  ws://localhost:*                  https://bam.nr-data.net                 https://play.google.com                  https://*.googleapis.com                 https://*.facebook.net                  https://*.facebook.com                  http://*.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com                  https://*.gstatic.com                  https://mc.yandex.ru                  https://www.google.ru                 https://www.google.by                 https://www.google.kz                 https://www.google.nl                 https://www.google.fr                 https://www.google.es                 https://www.google.com.my                 https://www.google.com                 https://www.google-analytics.com                  https://stats.g.doubleclick.net                  https://www.youtube.com/                 https://use.fontawesome.com                 https://cdnjs.cloudflare.com                 https://educationerp.blob.core.windows.net                 https://cdn.jsdelivr.net                 https://i.ytimg.com                 https://vk.com                 https://pp.userapi.com                 https://travel.fsjunior.com                 https://my.swim-kids.com                 https://my.fsjunior.com                 https://my.schoolballet.com                 https://my.ei-kids.com                 https://education-erp.com                 android-webview-video-poster                 blob;                             script-src                  'unsafe-inline'                  'unsafe-eval'                  'self'                  localhost:*                  https://js-agent.newrelic.com                  https://bam.nr-data.net                 https://*.googleapis.com                  *.facebook.net                  *.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com        https://vk.com/js/api/openapi.js          https://*.gstatic.com                  https://mc.yandex.ru                  https://www.google-analytics.com                  https://www.google.com/                  https://code.jquery.com                 https://cdn.jsdelivr.net                 https://cdnjs.cloudflare.com                 https://travel.fsjunior.com                 https://education-erp.com;             style-src                  'unsafe-inline'                  'self'                  https://bam.nr-data.net                 https://*.googleapis.com                  https://*.gstatic.com                  *.facebook.net                  *.facebook.com                  api.odnoklassniki.ru                  https://*.vk.com                  https://mc.yandex.ru                  https://www.google-analytics.com                 https://use.fontawesome.com                 https://cdnjs.cloudflare.com                 https://cdn.jsdelivr.net                 https://education-erp.com;             report-uri                  https://education-erp.com/Administrator/ReportCsp 1
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/index 1
default-src 'unsafe-eval' 'unsafe-inline' data: https:; report-uri https://sentry.mybook.tech/api/44/csp-report/?sentry_version=5&sentry_key=8600d8ebdcab4cac85a0c19f624a07ac 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
frame-src 'self' https://www.youtube.com https://*.facebook.com https://cdn.unibuddy.co https://unibuddy.co https://e.issuu.com https://www.instagram.com https://platform.twitter.com https://syndication.twitter.com https://sod.superoffice.com https://www.google.com https://intranet.eur.nl https://media.eur.nl https://sso.eur.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net https://siteimproveanalytics.com https://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://cdn.unibuddy.co https://e.issuu.com https://connect.facebook.net https://rlb.nuffic.nl https://*.vo.msecnd.net https://www.instagram.com https://www.springest.nl https://s.ytimg.com https://sjs.bizographics.com https://px.ads.linkedin.com https://www.gstatic.com https://www.linkedin.com https://*.clickdimensions.com https://try.abtasty.com https://dcinfos.abtasty.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://googlemaps.github.io https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'self' https://*.vo.msecnd.net https://widget.onlineafspraken.nl https://platform.twitter.com https://ton.twimg.com https://rlb.nuffic.nl https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; style-src-elem 'self'  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; report-uri https://www.iss.nl/en/report-uri/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google.com/jsapi https://ssl.google-analytics.com https://www.google-analytics.com https://ajax.googleapis.com https://cdn.jsdelivr.net/webshim/ https://www.youtube.com/iframe_api https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/ https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.de https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com http://kendo.cdn.telerik.com https://pbs.twimg.com; media-src 'self' https://*.berenberg.com https://*.berenberg.de https://s3-eu-central-1.amazonaws.com/web-berenberg-storage/; frame-src data: https://berenberg-staging.factsheetslive.com https://www.berenberg.de/my_templates/ https://www.youtube.com; child-src https://www.youtube.com; connect-src 'self' https://karriere.berenberg.de; report-uri https://bego.report-uri.io/r/default/csp/reportOnly 1
script-src 'self' 'unsafe-inline' https://bongacams.com https://cdn.truendo.com https://prod.truendo.com https://promo.awempire.com https://awempt.com https://chaturbate.com https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.5/mobile-detect.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap3-dialog/1.35.4/js/bootstrap-dialog.min.js; style-src 'self' https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css; img-src 'self' data: http://i.bimbolive.com https://*.awemwh.com https://roomimg.stream.highwebmedia.com/ri/ https://spacergif.org/spacer.gif https://*.wlresources.com:* https://www.gstatic.com/images/branding/product/2x/translate_24dp.png; font-src 'self' 'unsafe-inline' data: https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-regular.woff https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-regular.woff2 https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-700.woff https://cdn.truendo.com/pid/assets/fonts/roboto-v18-latin-ext-700.woff2 https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.ttf https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2 https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot? https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/fonts/glyphicons-halflings-regular.svg https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.woff?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.ttf?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.svg?v=4.6.3 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.eot?; connect-src 'self' https://prod.truendo.com https://cdn.truendo.com; object-src 'none'; base-uri 'none'; form-action 'self'; require-sri-for script style; frame-src https://bongacams.com https://chaturbate.com https://*.chaturbate.com https://awempt.com/embed https://www.xlovecam.com http://cradver.livejasmin.com http://pt.protoawe.com; frame-ancestors 'self'; manifest-src 'self'; report-uri http://favicongeneratoronline.com/csp-reports.php 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-eval' 'report-sample' https://www.lifewithmultiplemyeloma.org/logs/ https://www.lifewithmultiplemyeloma.org/sidekiq/ https://www.lifewithmultiplemyeloma.org/mini-profiler-resources/ https://aws1.discourse-cdn.com/standard14/assets/ https://aws1.discourse-cdn.com/standard14/brotli_asset/ https://www.lifewithmultiplemyeloma.org/extra-locales/ https://sjc3.discourse-cdn.com/standard14/highlight-js/ https://sjc3.discourse-cdn.com/standard14/javascripts/ https://sjc3.discourse-cdn.com/standard14/plugins/ https://sjc3.discourse-cdn.com/standard14/theme-javascripts/ https://sjc3.discourse-cdn.com/standard14/svg-sprite/ https://www.google-analytics.com/analytics.js https://secure.quantserve.com/quant.js https://www.google-analytics.com/analytics.js; worker-src 'self' blob: 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com https://*.datatrans.com; img-src 'self' https://* * data:; script-src 'self' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://*.google-analytics.com *.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://cdn.jsdelivr.net https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://*.datatrans.com https://media2.supermagnete.es https://www.supermagnete.es 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://media2.supermagnete.es https://www.supermagnete.es 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; report-to https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/sarahchloe.com; 1
default-src https: wss://paperless.com.ua 'self' wss://channelapi.liqpay.ua; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data: 'self' blob:; font-src https: data: 'self'; report-uri /api/csp 1
script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://use.fontawesome.com; script-src-elem 'self' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https://search.architexturez.in; report-uri https://search.architexturez.in 1
frame-ancestors 'self' login.yebostars.com *.yebostars.com; report-uri /csp-report.php 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' connect.facebook.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com widget.intercom.io js.intercomcdn.com wootric-eligibility.herokuapp.com d27j601g4x0gd5.cloudfront.net cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net googleads.g.doubleclick.net www.google.com www.google.dk www.google.co.uk cdn.headwayapp.co consentcdn.cookiebot.com consent.cookiebot.com static.hotjar.com script.hotjar.com www.redditstatic.com; report-uri https://elmahio.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ng&source%5Bsection%5D=brochure&source%5Buuid%5D=4a442782ea5491b1414811d8d0547234 1
default-src 'self' *.trusted.com; style-src 'self' *.trusted.com 'unsafe-inline' https://spareparts.whoson.com https://widgets.trustedshops.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ui.powerreviews.com/ https://my.nanorep.com ;font-src 'self' *.trusted.com https://www.nectar.com https://static3.avast.com https://widgets.trustedshops.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/ ;script-src 'unsafe-inline' 'unsafe-eval' 'self' *.trusted.com *.google.com https://beacon.krxd.net.x.5e58d6d8038c104c390825d0fafafb7819df.9270fc4c.id.opendns.com https://data1.ralasis.com https://data2.ralasis.com https://proudflex.org https://relatedgamesnet-a.akamaihd.net https://ucads-cdn.ucweb.com https://floatingplayer.com https://data2.gribul.com https://data1.gribul.com https://cdnjs.cloudflare.com https://gateway.zscalertwo.net http://www.gdprcountryrestriction.com https://www.zenaps.com/ https://www.everestjs.net https://maps.googleapis.com https://www.googleadservices.com https://static.powerreviews.com https://widgets.trustedshops.com/ https://mpsnare.iesnare.com/ https://ui.powerreviews.com https://spareparts.whoson.com/ https://vc.hotjar.io https://www.google-analytics.com/ https://fonts.googleapis.com https://static.responsetap.com https://www.dwin1.com https://tracker.marinsm.com/ https://widget.trustpilot.com https://ssl.google-analytics.com/ https://metrics.responsetap.com https://www.ist-track.com/ https://cdn.krxd.net https://seal.verisign.com https://consumer.krxd.net https://beacon.krxd.net https://my.nanorep.com https://eu1-1.nanorep.com https://connectservice.nanorep.co https://www.googletagmanager.com https://ads.heias.com/ https://assets.pinterest.com https://log.pinterest.com https://www.googlecommerce.com;frame-src *;connect-src 'self' *.trusted.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://res.cloudinary.com https://ssl.google-analytics.com https://jslog.krxd.net https://beacon.krxd.net https://ui.powerreviews.com https://writeservices.powerreviews.com/ https://display.powerreviews.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustedshops.com;worker-src blob: 'self' *.trusted.com ;img-src * blob: 'self' *.trusted.com  ;report-uri /csp.pl 1
default-src 'self' *.callbackhunter.com callbackhunter.com ws://callbackhunter.com wss://callbackhunter.com https://mc.yandex.ru https://fonts.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.ru *.facebook.com https://*.facebook.com https://ajax.googleapis.com *.youtube.com https://youtube.com; img-src 'self' data: *.callbackhunter.com callbackhunter.com vk.com https://vk.com t.co https://mc.yandex.ru *.google-analytics.com https://www.google-analytics.com https://analytics.twitter.com *.facebook.com https://*.facebook.com https://*.google.com https://*.google.ru https://*.doubleclick.net *.adroll.com https://*.adroll.com https://pixel.rubiconproject.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net; style-src 'self' 'unsafe-inline' *.callbackhunter.com callbackhunter.com *.googleapis.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.callbackhunter.com callbackhunter.com *.vimeocdn.com vk.com mc.yandex.ru https://mc.yandex.ru *.googleadservices.com *.google-analytics.com https://www.google-analytics.com *.twitter.com https://*.twitter.com *.facebook.net https://connect.facebook.net *.adroll.com https://*.adroll.com https://ajax.googleapis.com *.oneretarget.com https://*.oneretarget.com; child-src 'self' *.callbackhunter.com callbackhunter.com *.vimeo.com *.youtube.com https://youtube.com *.youtube-nocookie.com https://youtube-nocookie.com googleads.g.doubleclick.net *.google.com *.google.ru; report-uri /csp/index 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.hk:*; frame-ancestors *.calypso.net.au *.flightcentre.com.hk; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
script-src 'self' 'unsafe-inline' chrome-extension: https://api-maps.yandex.ru https://mc.yandex.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1
default-src 'self'; connect-src https://*.tawk.to wss://*.tawk.to 'self'; font-src https://*.tawk.to https://*.gstatic.com https://*.googleapis.com data: 'self'; frame-src https://*.tawk.to 'self'; img-src * data:; script-src https://www.google-analytics.com https://*.tawk.to https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdn.jsdelivr.net https://*.googleapis.com 'unsafe-inline' 'self'; report-uri /lift/content-security-policy-report 1
default-src 'none';style-src 'self' https://statics-uhf-ppe.akamaized.net https://uhf.microsoft.com https://blobint.officehome.msocdn.com/ 'unsafe-inline';font-src 'self' https://assets.onestore.ms https://c.s-microsoft.com https://www.microsoft.com data: https://blobint.officehome.msocdn.com/;img-src 'self' https://assets.onestore.ms https://img-prod-cms-rt-microsoft-com.akamaized.net https://c1.microsoft.com https://c.bing.com https://uhf.microsoft.com https://web.vortex.data.microsoft.com data: https://blobint.officehome.msocdn.com/;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net;report-uri /api/csp-report?page=unauth&reportOnly=True;script-src 'self' 'unsafe-inline' https://web.vortex.data.microsoft.com https://statics-uhf-ppe.akamaized.net https://mem.gfx.ms https://uhf.microsoft.com https://blobint.officehome.msocdn.com/ 'nonce-9dHZ6GO27FEdCdqjjZE9ag==' 'unsafe-eval'; 1
default-src https://www.google-analytics.com 'self' https://*.akamaihd.net https://*.wistia.com; media-src https: http: ; script-src https://*.wistia.com https://*.wistia.net https://*.cloudflare.com https://*.twimg.com/ https://*.wistia.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://*.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com; connect-src https://*.akamaihd.net https://*.litix.io https://*.wistia.com https://*.wistia.net https://*.google-analytics.com https://*.doubleclick.net 'self' wss://bitcoingold.org wss://explorer.bitcoingold.org; img-src 'self' https: http: data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.twitter.com https://*.twimg.com; font-src data: https://*.twitter.com 'self' https://themes.googleusercontent.comi https://*.gstatic.com https://*.googleapis.com https://*.w.org; frame-src https://*.wistia.com https://*.wistia.net https://*.twitter.com https://*.doubleclick.net 'self' https://*.facebook.com; object-src 'self' https://*.bitcoingold.org; report-uri https://bitcoingold.org/csp-report/ 1
connect-src mc.yandex.ru capture.trackjs.com 'self' mc.yandex.by ssl.google-analytics.com mc.yandex.ua csi.gstatic.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com adservice.google.de browser-update.org connect.facebook.net apis.google.com googleads.g.doubleclick.net mc.yandex.ru pagead2.googlesyndication.com platform.instagram.com ssl.google-analytics.com usage.trackjs.com vk.com staticxx.facebook.com accounts.google.com adservice.google.ru m.facebook.com platform.twitter.com syndication.twitter.com web.facebook.com www.facebook.com www.googletagservices.com www.instagram.com; font-src 'self' data: ; frame-src accounts.google.com apis.google.com googleads.g.doubleclick.net m.facebook.com platform.twitter.com staticxx.facebook.com vk.com www.facebook.com web.facebook.com www.youtube.com www.instagram.com mc.yandex.ru; img-src 'self' browser-update.org data: mc.yandex.ru ssl.google-analytics.com syndication.twitter.com usage.trackjs.com vk.com pagead2.googlesyndication.com; script-src apis.google.com 'self' mc.yandex.ru browser-update.org www.instagram.com ssl.google-analytics.com pagead2.googlesyndication.com platform.twitter.com www.googletagservices.com adservice.google.com adservice.google.ru vk.com connect.facebook.net platform.instagram.com; child-src accounts.google.com apis.google.com m.facebook.com mc.yandex.ru platform.twitter.com staticxx.facebook.com vk.com web.facebook.com www.facebook.com; style-src 'unsafe-inline' 'self'; script-src-elem 'self' adservice.google.com browser-update.org www.instagram.com platform.instagram.com vk.com platform.twitter.com pagead2.googlesyndication.com adservice.google.ru ssl.google-analytics.com apis.google.com connect.facebook.net mc.yandex.ru www.googletagservices.com; manifest-src 'self'; report-uri https://albe.report-uri.com/r/d/csp/wizard 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-BgRCy8dG5QTYn8jGcGADFg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 1
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data: *.ii.nl blob:; manifest-src 'self'; media-src 'none'; object-src 'none'; report-uri /csp-report; script-src 'self'; style-src 'unsafe-inline' 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://b27bc57f5ac35510ce587d23f4bd7d03.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com;default-src 'self' blob *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net  pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net  *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg http://i.imgur.com i.imgur.com fast.wistia.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com; report-uri https://hbfweb.report-uri.com/r/d/csp/reportOnly 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-6GPuDNUpu9lS3d5EECCX7A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-kXYFEy7IbCWe0Wzp3idnZ92JGU' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'self' ; script-src 'self' https://matthewsetter.disqus.com https://www.reddit.com https://graph.facebook.com https://m.addthis.com https://m.addthisedge.com https://s7.addthis.com https://c.disquscdn.com https://www.linkedin.com https://use.typekit.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.google-analytics.com 'nonce-yImye5zAOhgwYVgliJIw' 'sha256-3W61OjTIOlC5uFQJDRPchhf3XcYg303SI3usuoJD3Gc=' 'sha256-wFzaZ0Gu8YR0CSNF4mhjj/RRE2NqQq2TGnB+XjiQyJg=' 'sha256-EBMAqpj8oNTvzmYiFNFxFiH9KoF5bHKi5Ltht0eKSpA=' 'sha256-nP0EI9B9ad8IoFUti2q7EQBabcE5MS5v0nkvRfUbYnM='; style-src 'self' 'nonce-U81vRf11mXo5npHfw3zsEv6G3nE=' 'nonce-iyImye5zAOhgwYVgliJIw' 'nonce-kjSv2EVgFsWn/4Yd8/CL8IKSkMs=a' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com https://p.typekit.net https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; connect-src 'self' ; media-src 'self' ; object-src 'none' ; child-src 'self' ; frame-src 'self' ; worker-src 'self' ; frame-ancestors 'self' ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://matthewsetter.report-uri.com/r/d/csp/enforce 1
default-src 'self' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.sharethis.com  *.sharethis.mgr.consensu.org; script-src 'self' 'unsafe-inline' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.newrelic.com *.nr-data.net *.aviary.com *.sharethis.com *.googletagmanager.com *.google-analytics.com *.adobedtm.com 'unsafe-eval' *.bizographics.com *.mookie1.com *.licdn.com *.google-analytics.com meetingsimagined.com *.tiqcdn.com *.linkedin.com *.mookie1.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.meetingsimagined.com *.cloudfront.net:* *.adobedtm.com *.typography.com *.aviary.com *.sharethis.com; img-src 'self' *.meetingsimagined.com:* *.marriott.com meetingsimagined.com *.google-analytics.com *.linkedin.com *.sharethis.com; frame-src 'self' *.tiqcdn.com *.sharethis.com; font-src * data:; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; style-src 'self'; connect-src 'self'; script-src 'self' google-analytics.com youtube.com twitter.com google.com; img-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.facebook.com adservice.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com bat.bing.com js.adsrvr.org apac-oceania.netmng.com servedby.flashtalking.com amplifypixel.outbrain.com www.google.ca www.youtube.com oceaniacruise.d2.sc.omtrdc.net s.ytimg.com amplify.outbrain.com resources.xg4ken.com 5488942.fls.doubleclick.net tr.outbrain.com pubads.g.doubleclick.net 4395476.fls.doubleclick.net 6123315.fls.doubleclick.net insight.adsrvr.org 6034582.fls.doubleclick.net secure.adnxs.com www.google.co.uk dpm.demdex.net tags.bluekai.com cm.g.doubleclick.net dsum-sec.casalemedia.com p.adsymptotic.com idsync.rlcdn.com pixel.rubiconproject.com image2.pubmatic.com us-u.openx.net ce.lijit.com universal.iperceptions.com beacon.krxd.net loadm.exelator.com x.bidswitch.net pixel.advertising.com aa.agkn.com st2.dialogtech.com d31y97ze264gaa.cloudfront.net players.brightcove.net manifest.prod.boltdns.net sp.analytics.yahoo.com ads.yahoo.com di.rlcdn.com ib.adnxs.com api.iperceptions.com ds-aksb-a.akamaihd.net js-agent.newrelic.com house-fastly-signed-us-east-1-prod.brightcovecdn.com www.google.co.nz www.google.com.br bam.nr-data.net www.google.com.au st1.dialogtech.com edge.api.brightcove.com vjs.zencdn.net pixel.tapad.com su.addthis.com 6713102.fls.doubleclick.net s.amazon-adsystem.com f1.media.brightcove.com cf-images.us-east-1.prod.boltdns.net secure.brightcove.com www.google.co.in bid.g.doubleclick.net www.google.ru www.google.nl ekr.zdassets.com static.zdassets.com mpp.vindicosuite.com d.agkn.com tag.yieldoptimizer.com www.google.com.ar www.google.com.my assets.zendesk.com www.google.co.jp ad.360yield.com www.google.pl www.google.ie www.google.fr match.sharethrough.com www.google.se az452423.vo.msecnd.net ads.scorecardresearch.com i.liadm.com uipglob.semasio.net s.thebrighttag.com tags.rd.linksynergy.com e.nexac.com simage2.pubmatic.com adadvisor.net cw.addthis.com www.google.com.mx www.google.de ad.yieldlab.net www.google.com.sg www.google.com.hk www.google.com.eg secure.insightexpressai.com oceaniacruises.zendesk.com ips-invite.iperceptions.com v2.zopim.com www.google.es www.google.co.th jp-u.openx.net cs.gssprt.jp stats.g.doubleclick.net ips-img.iperceptions.com sec.yimg.com adservice.google.ca 36fb78d7.akstat.io c.go-mpulse.net s.go-mpulse.net; report-uri /csp-report-only 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ie ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ie *.spreadshirt.ie ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.ie ; font-src 'self' https: *.spreadshirt.ie ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ie ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ie ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'none'; script-src 'self' 'report-sample' https://cdn.innocraft.cloud https://www.youtube.com https://connect.facebook.net https://admin.typeform.com; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://thecorrespondent.innocraft.cloud https://i.ytimg.com; font-src 'self'; connect-src 'self' https://campaign.thecorrespondent.com https://thecorrespondent.innocraft.cloud https://sentry.io; media-src 'self'; child-src https://youtube.com https://www.youtube.com https://player.vimeo.com https://staticxx.facebook.com https://platform.twitter.com https://media.mtvnservices.com https://thecorrespondent.typeform.com; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com https://staticxx.facebook.com https://platform.twitter.com https://media.mtvnservices.com https://thecorrespondent.typeform.com; manifest-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; report-uri https://correspondent.report-uri.com/r/d/csp/reportOnly; block-all-mixed-content 1
report-uri https://csp.archant.co.uk/report; default-src https: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'unsafe-inline'  'self' data: www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org   ; img-src 'self' data: www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org   ; script-src 'unsafe-inline' 'unsafe-eval'  'self' data: www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org   ; frame-src 'self' data: www.google.com  *.googleapis.com  *.gstatic.com   *.cloudfront.net  *.qubit.com *.yepgarage.com *.google-analytics.com *.youtube.com *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com connect.facebook.net www.googletagmanager.com www.w3.org    ; report-uri /admin/public/api/health/report-uri 1
default-src 'self' *.typekit.net *.google.com *.gstatic.com *.googleapis.com *.vimeo.com http://siteimproveanalytics.com https://vimeo.com *.googletagmanager.com 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.nz:*; frame-ancestors *.calypso.net.au *.flightcentre.co.nz; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://www.sovendus.com/ https://*.custhelp.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://translate.googleapis.com https://*.adyen.com; frame-src https:; connect-src 'self' https://*.pndsn.com https://www.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.sovendus.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io https://www.paypal.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com; object-src 'none';	 worker-src 'self';	 ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/; img-src 'self' data: http: https:; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de;frame-ancestors 'self';report-uri /ls/?reportOnly=true 1
default-src 'self'; base-uri; connect-src 'self' wss://* https://* api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com https://www.sitelock.com https://www.google-analytics.com; font-src 'self' data: https:; form-action 'self' https://* braintreepayments.com; frame-ancestors 'none'; frame-src 'self' https://* assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com; img-src 'self' data: blob: https: assets.braintreegateway.com checkout.paypal.com; manifest-src 'self'; media-src 'none'; object-src 'none'; sandbox allow-popups; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://* https://www.google-analytics.com/analytics.js https://apis.google.com/* https://www.google-analytics.com/* js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com https://www.sitelock.com/ https: google-analytics.com apis.google.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com sitelock.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://* cdnjs.com bootstrapcdn.com https:; worker-src 'none'; report-uri https://leadrop.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' client.siteheart.com; connect-src https: wss:;style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://smct.co https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co; form-action 'self' https://www.facebook.com https://www.eyeko.com https://m.eyeko.com https://checkout.eyeko.com https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.smct.co; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com http://nullpoint.owox.com *.intexpool.ua *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.doubleclick.net *.google.com.ua *.facebook.net *.binotel.com; default-src 'self' *.gstatic.com; frame-src vkontakte.ru www.facebook.com vk.com *.intexpool.ua *.youtube.com *.google.com *.doubleclick.net *.google.com.ua *.googleapis.com *.gstatic.com *.addthis.com; img-src *.multichannel.demo.owox.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.intexpool.ua ssl.gstatic.com *.yandex.ru *.doubleclick.net *.google.com *.google.com.ua *.yandex.ua *.googleapis.com *.gstatic.com *.facebook.com; style-src 'unsafe-inline' 'self' *.intexpool.ua *.googleapis.com *.gstatic.com; report-uri https://csp.intexpool.ua; connect-src 'self' *.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 *.intime.ua *.addthis.com *.google.com *.google.com.ua; object-src 'self' www.youtube.com *.googleapis.com *.gstatic.com; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /error/csp-report 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/dasco.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk https://ds-aksb-a.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.ae https://m.lookfantastic.ae https://checkout.lookfantastic.ae https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self'; object-src 'self' ; child-src 'self' https://*.youtube.com; connect-src 'self' wss://*.vhub.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.purdue.edu wss://vhub.org https://www.dropbox.com https://graph.facebook.com ; default-src 'self' https://*.vhub.org https://*.vhub.aws.hubzero.org; font-src 'self' https://fonts.gstatic.com data: safari-extension: chrome-extension: ; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-src 'self' https://*.vhub.org https://*.vhub.aws.hubzero.org  https://*.google.com https://*.youtube.com https://content.googleapis.com https://*.facebook.com https://*.twitter.com ; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://www.linkedin.com https://platform.twitter.com  https://cdn.syndication.twimg.com https://www.gstatic.com https://*.googleapis.com https://platform.linkedin.com data: blob: ; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://*.googleapis.com https://www.google.com ; report-uri https://help.hubzero.org/csp-cms.php; report-to cms 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.id&source%5Bsection%5D=brochure&source%5Buuid%5D=bbe81cafd2308da3a8a669ec31b23a97 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: dolgojit.net *.yandex.ru https://yandex.ru *.docdoc.ru docdoc.ru https://docdoc.ru https://cdn.docdoc.ru https://w.docdoc.ru https://adservice.google.md http://docdoc.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yandex.st *.yandex.st https://yandex.st https://*.yandex.st https://*.yandex.ua yastatic.net https://yastatic.net yandexadexchange.net *.yandexadexchange.net *.google.com https://*.google.ru https://*.google.com https://*.google.com.ua https://*.google.kz https://*.google.az *.liveinternet.ru *.google-analytics.com https://*.google-analytics.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.doubleclick.net https://*.doubleclick.net *.googlezip.net *.yadro.ru https://*.yadro.ru *.youtube.com https://*.youtube.com http://*.mail.ru http://img.imgsmail.ru http://*.cloudflare.com http://r.mradx.net http://*.adriver.ru http://*.adfox.ru *.facebook.net vk.com *.vk.com https://vk.com http://*.buzzoola.com https://*.buzzoola.com http://*.weborama.fr http://*.facetz.net http://*.exe.bid http://*.tns-counter.ru mc.yandex.by google-analytics.com *.facebook.com *.google.fr mc.yandex.kz *.googletagservices.com https://adservice.google.kg/ https://adservice.google.com.lb; report-uri https://dolgojit.net/csp-manager/tracker.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.google-analytics.com *.yandex.ru https://*.yandex.ru *.facebook.net https://*.facebook.net vk.com https://vk.com; img-src * data:; child-src * data: blob:; frame-src * data:; form-action 'self'; report-uri https://wordsfromtext.com/csp;  1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://td9xntasxybzj1cwbnu73cda.httpschecker.net/report 1
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk apps.nestle.com apps.nestle.co.uk *.newrelic.com *.betrad.com bam.nr-data.net https://static.addtoany.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com d22xmn10vbouk4.cloudfront.net https://lb.nestle-watersna.com *.serving-sys.com http://7225833.collect.igodigital.com https://connect.facebook.net *.krxd.net *.cloudfront.net; style-src 'self' 'unsafe-inline' *.nestlepurelife.com *.acsitefactory.com fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com https://lb.nestle-watersna.com http://nplus.nestlewaters.acsitefactory.com *.google.com *.nestlewaters.com www.nestlepurelife.com *.nestlewaters.com www.nestlepurelife.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://lb.nestle-watersna.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlewaters.com http://*.nestlewaters.com *.nestlewaters.com http://*.nestlewaters.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://www.nestle-purelife.us https://nestle-purelife.us https://lb.nestle-watersna.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net *.krxd.net; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://www.nestle-purelife.us https://nestle-purelife.us https://lb.nestle-watersna.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net *.krxd.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com https://lb.nestle-watersna.com https://collect.analyze.ly https://secure-ds.serving-sys.com; report-uri /us/report-csp-violation 1
default-src 'none'; font-src 'self'; img-src * 'self' secure.gravatar.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/webfont/ www.google-analytics.com; connect-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self'; img-src *; style-src 'self' www.warime.com 'unsafe-inline'; script-src 'self' www.warime.com 'unsafe-inline' 'unsafe-eval' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://mc.yandex.ru; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.yandex.ru https://translate.yandex.net https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.ru https://m.lookfantastic.ru https://checkout.lookfantastic.ru https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://mc.yandex.ru https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://*.sayinsurance.com:* https://*.kampyle.com localhost https://*.doubleclick.net https://*.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.entrust.net https://*.googleadservices.com https://*.google-analytics.com *.cloudfront.net https://bat.bing.com https://*.facebook.net *.googletagmanager.com https://*.pinimg.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.facebook.com https://*.sessioncam.com https://*.pinterest.com https://pinterest.adsymptotic.com https://*.kampyle.com https://*.sayinsurance.com localhost https://*.smartystreets.com https://*.googleapis.com https://*.cloudflare.com https://unpkg.com/@say-shared/; style-src 'self' 'unsafe-inline' https://*.kampyle.com https://*.sayinsurance.com localhost https://*.cloudflare.com https://*.googleapis.com; img-src 'self' data: https://*.entrust.net https://*.googleadservices.com https://*.google-analytics.com https://*.cloudfront.net bat.bing.com https://*.facebook.net https://*.googletagmanager.com https://*.pinimg.com https://*.doubleclick.net https://*.gstatic.com https://www.google.com https://www.facebook.com https://*.sessioncam.com https://*.pinterest.com https://pinterest.adsymptotic.com https://*.kampyle.com https://*.sayinsurance.com localhost https://*.quotelab.com https://*.nextinsure.com; report-uri /acquisition/global-form/log-csp; connect-src 'self' https://*.sayinsurance.com:* https://*.kampyle.com https://*.sessioncam.com 1
default-src 'self' https://horizon.stellar.org https://lobstr.zendesk.com/ https://static.lobstr.co https://ekr.zdassets.com/ https://www.google-analytics.com/j/collect;img-src 'self' data: https://chart.googleapis.com https://www.google-analytics.com https://www.gstatic.com/ https://static.lobstr.co https://www.accountkit.com/impressions/ 'nonce-8a3261bf627823887fdcb66437be46abe376d34c401ee5ce0044fb4a6776f3eb';script-src 'self' https://assets.zendesk.com/ https://www.google.com/recaptcha/api.js https://static.lobstr.co https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha https://sdk.accountkit.com https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.20.1/moment.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/stellar-sdk/0.8.2/stellar-sdk.js https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.js https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.2/Chart.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/select2.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://static.zdassets.com/ 'sha384-LMHfJG/ukr2uiCFgAPvbzJxMSpvX9y9N0+7q/moXJEsB8/FGe60N2egv9cN7FZwD' 'sha256-ZOU9Cifcx5CbBqtaHmfTXDOiu98uFSKeaz2sWew9Qdw=' 'sha256-w7i/pu53gTCiQigcsFuNHZm8/cYEqKDOqW6pOXfJsvs=' 'sha256-3VWJlawzWi90JSy0kBobG+oIAI6yDwut4CR2EObiWJ0=' 'sha256-k8Kx+oSRaLZ+X7/r67j0Mow6bzS2pemyX++9YAOg3BU=' 'nonce-8a3261bf627823887fdcb66437be46abe376d34c401ee5ce0044fb4a6776f3eb';style-src 'unsafe-inline' https://static.lobstr.co https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jqueryui/1/themes/flick/jquery-ui.css https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/css/select2.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css;frame-src 'self' https://www.google.com 'nonce-8a3261bf627823887fdcb66437be46abe376d34c401ee5ce0044fb4a6776f3eb';font-src 'self' https://static.lobstr.co https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'nonce-8a3261bf627823887fdcb66437be46abe376d34c401ee5ce0044fb4a6776f3eb';base-uri 'self';object-src 'none';report-uri /csp-manager/report/ 1
default-src 'self' muxoboika.ru http://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' muxoboika.ru advapi.ru *.ytimg.com https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://google-analytics.com https://*.google-analytics.com http://*.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.doubleclick.net; object-src 'self' http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com https://*.googleapis.com *.google-analytics.com http://www.youtube.com https://www.youtube.com *.gstatic.com;frame-src 'self' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://*.googlesyndication.com *.doubleclick.net https://*.google-analytics.com https://*.doubleclick.net https://*.google.com http://*.google.com; 1
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
script-src 'self' 'unsafe-inline' https://www.dnc.org.nz 'unsafe-eval' https://www.dnc.org.nz; object-src 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://ampcid.google.co.th https://*.sciencebehindecommerce.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.co.th https://m.myprotein.co.th https://checkout.myprotein.co.th; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src http:; 
            script-src http: 'unsafe-eval' 'unsafe-inline'; 
            style-src http: 'unsafe-inline'; 
            img-src http: data:; 
            font-src http: data:; 
            report-uri /csp-report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=58b9ee0596ab22af05a666c2768bc4f0 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.maps.google.com/ *.sharethis.com/ *.twitter.com/ *.twimg.com/ *.googleapis.com/ *.gravatar.com/ *.wpengine.com/ *.netdna-ssl.com/ *.lenderlawwatch.com/ *.enforcementwatch.com/ *.siteimprove.com/ *.addthis.com/ *.google-analytics.com/ *.simplecast.com  *.brightcove.net/ data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.siteimprove.com/ *.google.com/ *.sharethis.com/ *.twitter.com/ *.twimg.com/ *.googleapis.com/ *.twitter.com/ *.gravatar.com/ *.staging.wpengine.com/ *.googletagmanager.com/ *.cloudflare.com/ *.addthis.com/ *.gstatic.com/ *.google-analytics.com/ *.googletagmanager.com/ *.addthisedge.com/; style-src 'self' 'unsafe-inline' *.google.com/ *.sharethis.com/ *.twitter.com/ *.twimg.com/ *.googleapis.com/ *.gravatar.com/ *.wpengine.com/; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly; frame-src 'self' *.goodwinlaw.com/ *.goodwinfoundersworkbench.com/ *.google.com/ *.sharethis.com/ *.twitter.com/ *.sharethis.com/ *.twimg.com/ *.googleapis.com/ *.gravatar.com/ *.staging.wpengine.com *.addthis.com/ *.simplecast.com  *.brightcove.net/ 1
report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_fb41a89def3141cbaf78889fd26200be; default-src 'self'; frame-src https://intercom-sheets.com https://*.intercom.io data: https://*.g.doubleclick.net 'self' wss://*.intercom.io https://*.akamaihd.net https://*.wistia.com https://*.tradingview.com https://*.google.com; connect-src https://*.intercom.io https://*.g.doubleclick.net https://*.muut.com https://*.intercomcdn.com https://*.s3.amazonaws.com https://*.mixpanel.com 'self' wss://*.intercom.io https://*.getsentry.com wss://tradebench.com https://*.akamaihd.net https://*.wistia.com http://tradebench.com https://*.googleapis.com blob:; child-src 'self'; object-src 'self' https://*.wistia.com https://*.akamaihd.net; style-src https://*.muut.com 'self' 'unsafe-inline' https://*.googleapis.com; script-src https://*.amazonaws.com https://*.google-analytics.com https://*.intercom.io https://*.mxpnl.com data: https://*.googleapis.com https://*.muut.com https://*.intercomcdn.com 'self' wss://*.intercom.io https://*.facebook.net https://*.akamaihd.net https://*.google.com https://*.wistia.com 'unsafe-inline' https://*.googleadservices.com 'unsafe-eval' https://*.tradingview.com http://*.google-analytics.com blob:; font-src http://*.gstatic.com https://*.gstatic.com data: https://*.muut.com https://*.intercomcdn.com 'self'; media-src 'self' https://*.akamaihd.net; manifest-src 'self'; img-src https://*.google-analytics.com https://*.gstatic.com http://*.gstatic.com https://*.xx.fbcdn.net https://*.g.doubleclick.net https://*.googleapis.com https://*.s3.amazonaws.com data: 'self' https://*.akamaihd.net https://*.google.com https://*.wistia.com https://*.tradingview.com https://*.facebook.com http://*.google-analytics.com blob:; worker-src 'self' 1
default-src 'self' http://creatingawebstore.com; font-src 'self' http://creatingawebstore.com; frame-ancestors 'self' http://creatingawebstore.com; img-src 'self' http://ssl.gstatic.com http://creatingawebstore.com; object-src 'self' http://creatingawebstore.com; script-src 'self' 'unsafe-inline' https://adservice.google.com https://apis.google.com http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.googletagmanager.com http://www.youtube.com http://creatingawebstore.com; style-src 'self' 'unsafe-inline' http://ajax.googleapis.com https://fonts.googleapis.com http://creatingawebstore.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.youtube.com http://us1.siteimprove.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com http://us1.siteimprove.com/ https://s.ytimg.com https://cdn.yoshki.com; object-src 'self'; img-src 'self' http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com http://us1.siteimprove.com/ https://cdn.yoshki.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self';frame-ancestors 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://d347b8264a61d229bec175972d08ae24.report-uri.io/r/default/csp/enforce 1
report-uri /algemeen/report_CSP_error.php; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com *.jivosite.com; frame-src 'self' https://www.google.com https://www.youtube.com www.google-analytics.com ajax.googleapis.com; style-src 'self' 'unsafe-inline' *.jivosite.com; img-src 'self' counter.yadro.ru *.jivosite.com *.amazonaws.com  https://yastatic.net data: *.gravatar.com; media-src *.jivosite.com; connect-src 'self' wss://*.jivosite.com; report-uri /csp-report.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src *; img-src *; frame-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; report-uri https://www.tyan.com 1
script-src 'self' https://apis.google.com https://pagead2.googlesyndication.com https://platform.twitter.com; frame-src https://plusone.google.com https://facebook.com https://platform.twitter.com http://rcm.amazon.com; object-src 'self' 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-ATpO7uhhb2ZObievp4ARVg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.co.uk ; font-src 'self' https: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.no ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.no *.spreadshirt.no ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.no ; font-src 'self' https: *.spreadshirt.no ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.no ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.no ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
report-uri http://izzhoga.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=8a03977388 1
block-all-mixed-content; upgrade-insecure-requests; report-uri /_/csp-reports 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://alamdar24.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1561158235  1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://www.civimaghale.ir/wp-json/rsssl/v1/csp?rsssl_apitoken=1565988641  1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.es ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.es *.spreadshirt.es ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.es ; font-src 'self' https: *.spreadshirt.es ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.es ; object-src 'none' ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.es ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
report-uri / 1
default-src 'self' *.zakazu-mnogo.ru zakazu-mnogo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zakazu-mnogo.ru zakazu-mnogo.ru *.mail.ru mail.ru *.imgsmail.ru imgsmail.ru *.google.ru google.ru *.google-analytics.com google-analytics.com *.vk.com vk.com *.facebook.net facebook.net *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net *.google.com google.com *.twitter.com twitter.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://api-maps.yandex.ru https://*.google.com https://*.google-analytics.com https://google-analytics.com https://*.yandex.ru feather.aviary.com; frame-src 'self' *.zakazu-mnogo.ru zakazu-mnogo.ru *.mail.ru mail.ru https://*.google.com *.twitter.com twitter.com https://*.twitter.com *.facebook.com facebook.com *.vk.com vk.com https://*.facebook.com https://vk.com *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com feather.aviary.com; connect-src 'self' *.zakazu-mnogo.ru zakazu-mnogo.ru mc.yandex.ru https://translate.googleapis.com https://pipe.skype.com *.google-analytics.com google-analytics.com https://*.google-analytics.com https://google-analytics.com https://*.yandex.ru feather.aviary.com; style-src 'self' 'unsafe-inline' 'unsafe-eval *.zakazu-mnogo.ru zakazu-mnogo.ru *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru feather.aviary.com data:; font-src 'self' *.zakazu-mnogo.ru zakazu-mnogo.ru *.googleapis.com *.gstatic.com *.yandex.ru https://*.googleapis.com https://*.gstatic.com https://*.yandex.ru feather.aviary.com data:; img-src 'self' *.zakazu-mnogo.ru zakazu-mnogo.ru *.vk.me vk.me *.yastatic.net yastatic.net *.cackle.me cackle.me *.addthis.com addthis.com *.vk.com vk.com *.google.ru google.ru *.yandex.net *.yandex.ru yandex.ru yandex.st *.googlesyndication.com *.doubleclick.net *.googleapis.com *.gstatic.com https://*.yandex.net https://*.yandex.ru https://*.googlesyndication.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com data: *.google-analytics.com google-analytics.com https://*.google-analytics.com https://google-analytics.com feather.aviary.com; object-src 'self' *.gstatic.com *.googlevideo.com googlevideo.com *.youtube.com youtube.com an.yandex.ru https://*.gstatic.com https://an.yandex.ru feather.aviary.com; report-uri /csp-report/report.php 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://9e49880b0992168725768dd6545bc97a.report-uri.com/r/d/csp/reportOnly 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.sg https://m.lookfantastic.com.sg https://checkout.lookfantastic.com.sg https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-I7mDcVJKSM0DRynSI9T77bDx8ww' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self'; child-src https://*.hotjar.com https://*.tawk.to/ https://*.facebook.com https://*.braintreegateway.com https://www.google.com https://www.mcafeesecure.com; connect-src 'self' https://*.hotjar.com https://*.tawk.to wss://*.tawk.to wss://ws1.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://*.tawk.to data:; img-src 'self' https://cdn.ywxi.net https://s3.amazonaws.com/braintree-badges/ https://www.google-analytics.com https://*.tawk.to https://*.facebook.com https://stats.g.doubleclick.net https://*.gstatic.com https://maps.googleapis.com https://*.amazonaws.com data: https://www.wogi.sg; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://cdn.ywxi.net https://www.mcafeesecure.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://cdn.rawgit.com/mahnunchik https://cdn.rawgit.com/printercu https://s3.amazonaws.com/subscription-cdn/0.2/widget.min.js https://*.tawk.to https://connect.facebook.net https://js-agent.newrelic.com https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://bam.nr-data.net https://cdn.rawgit.com/mahnunchik/markerclustererplus/master/dist/markerclusterer.min.js https://cdn.rawgit.com/printercu/google-maps-utility-library-v3-read-only/master/infobox/src/infobox_packed.js https://*.braintreegateway.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/wogi.sg/client.js https://www.wogi.sg; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://s3.amazonaws.com/subscription-cdn/0.2/widget.min.css https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://stackpath.bootstrapcdn.com https://www.wogi.sg 1
default-src https:;
    script-src https: 'unsafe-eval' 'unsafe-inline';
    style-src https: 'unsafe-inline';
    img-src https: data:;
    font-src https: data:;
    report-uri /csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.jwpcdn.com https://*.jwpcdn.com *.google-analytics.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' *.jwpcdn.com https://*.jwpcdn.com; img-src 'self' data: *.jwpcdn.com https://*.jwpcdn.com jwpltx.com https://jwpltx.com *.google-analytics.com https://*.google-analytics.com; font-src 'self' *.jwpcdn.com https://*.jwpcdn.com; media-src 'self' https://586d4e69c4da4.streamlock.net:4443 rtmps://586d4e69c4da4.streamlock.net:4443; form-action 'self'; report-uri https://bkstudents.ru/csp;  1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self'; report-uri /csp-violation-report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://eufyvrmseexvefe2t11vv81d.httpschecker.net/report 1
default-src https://www.google.com https://maps.google.com  https://stats.g.doubleclick.net  https://www.google-analytics.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; font-src data: https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'; script-src https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' http://fonts.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; object-src https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223; img-src https://www.google.com https://www.google.pl https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://www.google-analytics.com data:; upgrade-insecure-requests; 1
default-src 'self';
        img-src 'self'
            data: *
            blob: *
            https://insights.hotjar.com https://static.hotjar.com
            https://www.googletagmanager.com
            https://*.odigeoconnect.com
            https://www.google-analytics.com;
        font-src 'self'
            data: *
            https://static.hotjar.com
            https://www.google-analytics.com
            https://maxcdn.bootstrapcdn.com/
            https://fonts.gstatic.com;
        style-src 'self' 'unsafe-inline'
            https://cdnjs.cloudflare.com
            https://opensource.keycdn.com
            https://maxcdn.bootstrapcdn.com
            https://fonts.googleapis.com;
        frame-src 'self'
            https://www.googletagmanager.com
            https://vars.hotjar.com;
        script-src 'self' 'unsafe-inline' 'unsafe-eval'
            https://static.hotjar.com
            https://script.hotjar.com
            https://cdnjs.cloudflare.com
            https://maxcdn.bootstrapcdn.com
            https://www.google-analytics.com/
            https://tagmanager.google.com/
            https://www.googletagmanager.com/;
        connect-src 'self'
            https://*.hotjar.com:*
            https://vc.hotjar.io:*
            wss://*.hotjar.com
            https://www.google-analytics.com
            https://*.odigeoconnect.com;
        report-uri https://csp.odigeoconnect.com/csp; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src * 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com storage.googleapis.com api-maps.yandex.ru; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.google-analytics.com api-maps.yandex.ru *.maps.yandex.net; font-src 'self' data:; connect-src 'self' www.google-analytics.com; media-src 'self'; object-src 'self' www.youtube.com; frame-src 'self' www.youtube.com api-maps.yandex.ru; frame-ancestors 'self'; worker-src 'self'; block-all-mixed-content; manifest-src 'self' 'self'; report-uri https://vzotch.report-uri.com/r/d/csp/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; worker-src https: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: 'self' data:; font-src https://fonts.gstatic.com 'self'; report-uri /csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://www.yourguide.biz/csp.php 1
default-src 'self'; script-src 'self' 'nonce-8c21e578-ac58-49cc-90d7-7d82e11bbd57' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; media-src 'self' blob: https://videodelivery.net https://cloudflarestream.com; object-src 'self' https://embed.cloudflarestream.com; connect-src 'self' https://videodelivery.net https://cloudflarestream.com https://*.mktoresp.com https://www.google-analytics.com https://stats.g.doubleclick.net https://licensing.bitmovin.com https://*.is-cf.cloudflareresolve.com https://*.is-doh.cloudflareresolve.com https://*.is-dot.cloudflareresolve.com https://*.brokendnssec.net https://stats.videodelivery.net https://s.adroll.com https://cf-eth.com; frame-src 'self' https://*.fls.doubleclick.net https://player.vimeo.com https://www.youtube.com https://*.cloudfront.net https://*.cloudflare.com https://*.marketo.com/; font-src 'self' data: https://bid.g.doubleclick.net; report-uri https://sentry.io/api/229513/security/?sentry_key=78606bb97fa04c0db6db5b68e5bfbf58&sentry_environment=production 1
report-uri https://www.netigate.net/wp-json/reporting-api/v1/reporting; report-to default 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.trentino.com css.trentino.com www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://huftlsujrk13ya0salnjt17k.httpschecker.net/report 1
default-src 'self' https://cdn.transporters.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: https://maps.googleapis.com https://js.intercomcdn.com/ https://cdn.transporters.io; style-src * 'unsafe-inline' ; img-src * 'self' data: blob:; font-src * 'self' data: ; connect-src * 'self' https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://www.youtube.com https://player.vimeo.com https://fast.wistia.net http://api.mixpanel.com wss://ws-eu.pusher.com wss://api.appcues.net wss://chunderw-vpc-gll.twilio.com wss://visitors.live wss://in.visitors.live settings.luckyorange.net api.appcues.net js.intercomcdn.com; media-src * ; child-src 'self' https://share.intercom.io https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' https://syndication.twitter.com https://staticxx.facebook.com https://apis.google.com https://platform.twitter.com https://accounts.google.com headway-widget.net https://my.appcues.com https://www.facebook.com https://www.youtube.com https://js.stripe.com https://transporters.io; report-uri https://transportersio.report-uri.com/r/d/csp/reportOnly; 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-Zfz7h48oypyd08M/TlFL5w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
default-src 'none'; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com data: *.nlm.nih.gov; connect-src google-analytics.com siteintercept.qualtrics.com stats.g.doubleclick.net *.nlm.nih.gov; frame-src platform.twitter.com www.google.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net co1.qualtrics.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' *.nlm.nih.gov ajax.googleapis.com siteintercept.qualtrics.com www.google-analytics.com dap.digitalgov.gov www.googletagmanager.com code.jquery.com *.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.nlm.nih.gov code.jquery.com cdn.datatables.net; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1
default-src 'self' http://ohotnik-kolomna.ru ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ssl.google-analytics.com https://ssl.google-analytics.com http://*.googleapis.com https://*.googleapis.com http://vk.com https://vk.com https://login.vk.com http://login.vk.com http://www.google-analytics.com https://www.google-analytics.com http://top-fwz1.mail.ru https://top-fwz1.mail.ru http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com http://*.addthis.com https://*.addthis.com http://*.ok.ru https://*.ok.ru http://st.top100.ru https://st.top100.ru http://*.delicious.com https://*.delicious.com https://*.google.com http://*.google.com https://*.pinterest.com http://*.pinterest.com http://*.twitter.com https://*.twitter.com http://www.odnoklassniki.ru https://www.odnoklassniki.ru http://www.reddit.com https://www.reddit.com https://www.linkedin.com http://www.linkedin.com http://counter.rambler.ru https://counter.rambler.ru http://m.addthisedge.com https://m.addthisedge.com http://yandex.ru; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com; img-src 'self' data: http://yandex.ru http://*.yadro.ru https://vk.com http://vk.com http://top-fwz1.mail.ru http://www.google-analytics.com https://www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net https://*.facebook.com http://*.facebook.com http://counter.rambler.ru https://counter.rambler.ru http://kraken.rambler.ru http://top-fwz1.mail.ru https://top-fwz1.mail.ru http://*.addthis.com https://*.addthis.com http://*.gstatic.com https://*.gstatic.com https://*.pinterest.com http://*.pinterest.com http://*.twitter.com https://*.twitter.com http://*.googleapis.com https://*.googleapis.com http://www.adobe.com https://www.adobe.com http://m.addthisedge.com https://m.addthisedge.com https://apis.google.com http://apis.google.com ; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com ; media-src 'self'; child-src 'self' http://vk.com https://vk.com http://login.vk.com https://login.vk.com http://*.facebook.com https://*.facebook.com https://*.ok.ru http://*.ok.ru http://*.addthis.com https://*.addthis.com https://*.google.com http://*.google.com https://*.pinterest.com http://*.pinterest.com http://*.twitter.com https://*.twitter.com http://www.youtube.com https://www.youtube.com ; connect-src 'self' http://www.google-analytics.com https://www.google-analytics.com http://*.addthis.com https://*.addthis.com https://m.addthisedge.com http://m.addthisedge.com https://sba.yandex.net https://yandex.ru; object-src 'self';report-uri   https://902149f45b2c02508d9587ab45c98de3.report-uri.io/r/default/csp/enforce   ; 1
object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://tags.srv.stackadapt.com https://connect.facebook.net https://s.ytimg.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval'  1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://d1dpob6jfpke0c.cloudfront.net https://formsmarts.s3.amazonaws.com https://ajax.googleapis.com https://*.bootstrapcdn.com https://oss.maxcdn.com https://ssl.google-analytics.com https://*.google.com https://cdnjs.cloudflare.com https://feeds.feedburner.com;object-src 'none';frame-ancestors 'self';base-uri 'none';report-uri https://syronex.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' exeter.edu *.cincopa.com  www.google-analytics.com cdn.ckeditor.com www.google.com cse.google.com www.googleapis.com www.googletagmanager.com support.ebscohost.com ajax.googleapis.com maxcdn.bootstrapcdn.com bam.nr-data.net js-agent.newrelic.com code.jquery.com www.youtube.com s.ytimg.com platform.instagram.com static.tagboard.com platform.twitter.com cdn.syndication.twimg.com calendar.exeter.edu connect.facebook.net  siteimproveanalytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' exeter.edu *.cincopa.com cdn.ckeditor.com www.google.com platform.twitter.com; img-src 'self' data: *.cincopa.com cdn.ckeditor.com www.google.com cse.google.com www.google-analytics.com www.googleapis.com clients1.google.com syndication.twitter.com pbs.twimg.com www.facebook.com stats.g.doubleclick.net *.siteimprove.com; media-src 'self' ; frame-src www.google.com www.youtube.com player.vimeo.com *.exeter.edu cse.google.com www.googletagmanager.com www.instagram.com embeds.tagboard.com platform.twitter.com syndication.twitter.com youtube.com; font-src 'self' data: cincopa.com; connect-src 'self' *.cincopa.com www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
Content-Security-Policy-Report-Only: default-src 'self' data: https:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ https://ajax.aspnetcdn.com/ https://ajax.aspnetcdn.com/ https://ajax.aspnetcdn.com/ https://www.googletagmanager.com/ https://www.gstatic.com https://www.gstatic.com/ https://www.google-analytics.com/ https://api.flickr.com/; style-src 'self' data: 'unsafe-inline' https://services.postcodeanywhere.co.uk https://fonts.googleapis.com/; img-src * ; upgrade-insecure-requests; report-uri https://3chillies.report-uri.io/r/default/csp/reportonly; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri https://ht.kiev.ua/csp-report/; 1
default-src https:; style-src 'self' 'unsafe-inline' *.liveperson.net *.addressy.com *.freshchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.liveperson.net *.googleapis.com bat.bing.com connect.facebook.com *.freshchat.com *.google-analytics.com schwaab.oro-cloud.com *.doubleclick.net *.bootstrapcdn.com *.googlecommerce.com *.addressy.com; font-src fonts.gstatic.com; report-uri https://www.stampxpress.com/report.aspx 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-p+8hNskPkho5FC+4pxa5Pw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=ID&lang=id-ID&device=desktop&yrid=305o729elvbdn&partner=; 1
default-src wss://* 'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/;base-uri  'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/;font-src data: 'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/;form-action 'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/;img-src data: 'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/;script-src 'unsafe-inline' 'unsafe-eval' 'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/;style-src 'unsafe-inline' 'unsafe-eval' 'self' http://climat-pm.ru/ https://climat-pm.ru/ http://*.climat-pm.ru/ https://*.climat-pm.ru/; report-uri /csp/ 1
default-src 'self'; report-uri /admin/settings/seckit/csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src wss://*.pipercat.ru https:; 1
default-src 'none'; style-src 'unsafe-inline' *.hl-inside.ru platform.twitter.com ton.twimg.com; img-src data: *.hl-inside.ru pbs.twimg.com abs.twimg.com syndication.twitter.com platform.twitter.com ton.twimg.com mc.yandex.ru img.youtube.com site.yandex.net i.ytimg.com i1.ytimg.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com vk.com steamcdn-a.akamaihd.net mc.webvisor.com mc.webvisor.org ymetrica.com mc.yandex.ua mc.yandex.ru ymetrica1.com googletagmanager.com; script-src 'nonce-MzVqyp/rhdSt3wcAZgsnuQ==' *.hl-inside.ru platform.twitter.com cdn.syndication.twimg.com mc.yandex.ru graph.facebook.com vk.com login.vk.com site.yandex.net c-cdn.coub.com yastatic.net sitesearch-suggest.yandex.ru www.google-analytics.com d31j93rd8oukbv.cloudfront.net mc.webvisor.com mc.webvisor.org cdn.jsdelivr.net; frame-src syndication.twitter.com platform.twitter.com store.steampowered.com w.soundcloud.com orphus.ru archive.org coub.com www.youtube.com vk.com docs.google.com gfycat.com; frame-ancestors 'self'; connect-src *.hl-inside.ru mc.yandex.ru mc.yandex.by passport.yandex.fr www.googleapis.com ssl.google-analytics.com mc.webvisor.com mc.webvisor.org ymetrica.com report.appmetrica.webvisor.com passport.yandex.ua lalablah.com syndication.twitter.com www.google-analytics.com; media-src *.hl-inside.ru; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' data: blob: http: https:; object-src 'none'; report-uri https://sentry.itgalaxy.company/api/85/csp-report/?sentry_key=1fbf25e90f114a3d83a19aa4fa432dcf 1
default-src https:; frame-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
default-src https:; child-src blob: https: ; report-uri /csp-report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline' *.yandex.ru; style-src https: 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src https: data: fonts.googleapis.com; child-src https: www.youtube.com; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net *.jquery.com https://*.jquery.com https://jquery.com *.addthis.com https://*.addthis.com https://addthis.com *.google-analytics.com https://*.google-analytics.com https://google-analytics.com *.publisherconsole.appspot.com https://*.publisherconsole.appspot.com https://publisherconsole.appspot.com *.mc.yandex.ru https://*.mc.yandex.ru https://mc.yandex.ru *.softobase.com https://*.softobase.com https://softobase.com *.google.com https://*.google.com https://google.com *.youtube.com https://*.youtube.com https://youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com *.gstatic.com https://*.gstatic.com https://gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net https://* *.disquscdn.com *.softobase.com softobase.com fonts.googleapis.com *.addthis.com *.softobase.com https://*.softobase.com https://softobase.com *.youtube.com https://*.youtube.com https://youtube.com *.www.youtube-nocookie.com https://*.www.youtube-nocookie.com https://www.youtube-nocookie.com *.gstatic.com https://*.gstatic.com https://gstatic.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net data: * img.youtube.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' androidman.net *.androidman.net mediastream: *; report-uri /csp 1
default-src https: 'self'; connect-src https: wss: 'self'; font-src https: data: 'self'; frame-src https:; img-src https: data: 'self'; manifest-src https: 'self'; media-src https: 'self'; object-src none; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'self'; upgrade-insecure-requests; report-uri https://csp.condenet.co.uk/r/ta/prod 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
base-uri 'self';object-src 'none';report-uri /v/cspreport;script-src 'report-sample' 'nonce-UZxPqYrXtpSWxxCQCSrOOQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://data.corp.google.com https://google-admin.corp.google.com/ 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'self' https:; script-src 'self' https: 'nonce-eb2bd159' 'nonce-gtm-eb2bd159' 'strict-dynamic' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: wss://ebaymag.com/ wss://ebaymag.com:443/; font-src 'self' https: data:; object-src 'none'; base-uri 'none'; img-src 'self' https: data:; report-uri https://ebaymag.com/csp/report 1
default-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.nr-data.net https://fast.fonts.net; style-src 'self' 'unsafe-inline' https://cdn.jpmusicalinstruments.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.nr-data.net https://fast.fonts.net; img-src 'self' data: *.newrelic.com https://cdn.jpmusicalinstruments.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.nr-data.net https://www.facebook.com *.google-analytics.com *.doubleclick.net *.google.com www.google.co.uk https://fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com d1ros97qkrwjf5.cloudfront.net https://d1ros97qkrwjf5.cloudfront.net https://cdn.jpmusicalinstruments.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.nr-data.net https://www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://fast.fonts.net; font-src 'self' data: https://cdn.jpmusicalinstruments.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.nr-data.net https://fast.fonts.net; connect-src 'self' https://www.facebook.com;  report-uri https://ses-failure.evopreview.co.uk/csp-rejection.php; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://www.zenaps.com https://isitetv.com; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://services.postcodeanywhere.co.uk https://ds-aksb-a.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.lookfantastic.de https://checkout.lookfantastic.de https://www.lookfantastic.de https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://ds-aksb-a.akamaihd.net https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src https:; connect-src https: wss: *.beesender.com 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=249f758bc33a8e942186a885a585396a 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.akamaihd.net; connect-src 'self' https://*.thcdn.com https://col.eum-appdynamics.com https://rum-collector-2.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://ct.pinterest.com https://ampcid.google.ro https://*.akamaihd.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.ro https://m.myprotein.ro https://checkout.myprotein.ro https://connect.facebook.net; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://col.eum-appdynamics.com https://*.lpsnmedia.net https://cdn.appdynamics.com https://*.doubleclick.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.roulette-on-line.it;     script-src https://connect.facebook.net http://stat.svere.com http://www.googletagmanager.com http://www.google-analytics.com https://secure.statcounter.com http://www.statcounter.com http://connect.facebook.net 'unsafe-eval' 'unsafe-inline' 'self';     style-src 'self' 'unsafe-inline';     frame-src https://www.youtube.com http://www.youtube.com http://cache.download.casino.titanbet.it https://cachedownload-casino.titanbet.it https://staticxx.facebook.com http://staticxx.facebook.com http://static.ak.facebook.com https://s-static.ak.facebook.com http://www.facebook.com https://www.facebook.com 'self';     img-src https://stats.g.doubleclick.net https://www.facebook.com http://stat.svere.com http://www.google-analytics.com http://www.adobe.com http://wwwimages.adobe.com http://c.statcounter.com 'self' ;     object-src 'self';     report-uri //csplogic.appspot.com/report?src=roulette-on-line.it; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' unsafe-inline; report-uri https://www.drakstadenbilvard.se/wp-json/rsssl/v1/csp?rsssl_apitoken=1565614396 1